1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Update omr-service to 0.1026

This commit is contained in:
Ycarus (Yannick Chabanois) 2021-06-14 05:52:59 +00:00
commit bfe7d972b9
38 changed files with 723 additions and 163 deletions

11
debian/changelog vendored Normal file
View file

@ -0,0 +1,11 @@
omr-server (0.1026) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 14 Jun 2021 07:43:42 +0200
omr-server (0.1025-test) unstable; urgency=medium
* Wireguard support and fixed
-- OpenMPTCProuter <contact@openmptcprouter.com> Thu, 04 Mar 2021 14:36:12 +0200

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
10

37
debian/control vendored Normal file
View file

@ -0,0 +1,37 @@
Source: omr-server
Section: net
Priority: optional
Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
Build-Depends: debhelper (>= 10)
X-Python-Version: >= 3.2
Standards-Version: 0.0.1
Homepage: https://github.com/ysurac/openmptcprouter-vps
Package: omr-server
Architecture: all
Multi-Arch: foreign
Depends:
curl,
rename,
libcurl4,
unzip,
tracebox,
omr-iperf3,
omr-shadowsocks-libev (= 3.3.5-2),
omr-vps-admin (= 0.3+20210508),
omr-simple-obfs,
omr-mlvpn (= 3.0.0+20201216.git.2263bab),
omr-glorytun (= 0.3.4-4),
omr-glorytun-tcp (= 0.0.35-3),
omr-dsvpn (= 0.1.4-2),
shorewall,
shorewall6,
iptables,
v2ray-plugin (= 4.35.1),
v2ray (=4.35.1),
linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
${misc:Depends}
Provides: omr-server
Conflicts: omr-server
Replaces: omr-server
Description: OpenMPTCProuter Server script

16
debian/postinst vendored Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x
# use debconf
. /usr/share/debconf/confmodule
sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
systemctl daemon-reload
systemctl restart omr-update
db_stop
#DEBHELPER#
exit 0
# vim:set ai et sts=2 sw=2 tw=0:

18
debian/rules vendored Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/make -f
#export DH_VERBOSE = 1
# Security Hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@
override_dh_auto_install:
mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin

431
debian9-x86_64.sh Normal file → Executable file
View file

@ -1,6 +1,6 @@
#!/bin/sh #!/bin/sh
# #
# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter # Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# #
# This is free software, licensed under the GNU General Public License v3 or later. # This is free software, licensed under the GNU General Public License v3 or later.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -27,31 +27,42 @@ UBOND=${UBOND:-no}
UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
OPENVPN=${OPENVPN:-yes} OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes} DSVPN=${DSVPN:-yes}
SOURCES=${SOURCES:-yes} WIREGUARD=${WIREGUARD:-yes}
SOURCES=${SOURCES:-no}
NOINTERNET=${NOINTERNET:-no} NOINTERNET=${NOINTERNET:-no}
SPEEDTEST=${SPEEDTEST:-no} REINSTALL=${REINSTALL:-yes}
SPEEDTEST=${SPEEDTEST:-yes}
LOCALFILES=${LOCALFILES:-no} LOCALFILES=${LOCALFILES:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="5.4.86" KERNEL_VERSION="5.4.100"
KERNEL_PACKAGE_VERSION="1.16+9d3f35b" KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" OBFS_BINARY_VERSION="0.0.5-1"
OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
OMR_ADMIN_BINARY_VERSION="0.3+20210508"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
V2RAY_VERSION="4.31.0" DSVPN_BINARY_VERSION="0.1.4-2"
V2RAY_PLUGIN_VERSION="v1.4.3" V2RAY_VERSION="4.35.1"
V2RAY_PLUGIN_VERSION="4.35.1"
EASYRSA_VERSION="3.0.6" EASYRSA_VERSION="3.0.6"
SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
DEFAULT_USER="openmptcprouter" DEFAULT_USER="openmptcprouter"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
VPSPATH="server" VPSPATH="server-test"
VPSURL="https://www.openmptcprouter.com/" VPSURL="https://www.openmptcprouter.com/"
REPO="repo.openmptcprouter.com"
CHINA=${CHINA:-no}
OMR_VERSION="0.1024" OMR_VERSION="0.1026"
DIR=$( pwd ) DIR=$( pwd )
#" #"
@ -78,7 +89,7 @@ elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" !=
echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
exit 1 exit 1
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)"
exit 1 exit 1
fi fi
@ -89,6 +100,13 @@ if [ "$ARCH" != "amd64" ]; then
exit 1 exit 1
fi fi
echo "Check virtualized environment"
VIRT="$(systemd-detect-virt 2>/dev/null || true)"
if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
echo "Container are not supported: kernel can't be modified."
exit 1
fi
# Check if DPKG is locked and for broken packages # Check if DPKG is locked and for broken packages
#dpkg -i /dev/zero 2>/dev/null #dpkg -i /dev/zero 2>/dev/null
#if [ "$?" -eq 2 ]; then #if [ "$?" -eq 2 ]; then
@ -129,6 +147,21 @@ fi
wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
} }
CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
exit 1
fi
[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
echo "Update ${REPO} key"
if [ "$CHINA" = "yes" ]; then
#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
else
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
fi
}
echo "Remove lock and update packages list..." echo "Remove lock and update packages list..."
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
@ -161,48 +194,92 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
VERSION_ID="20.04" VERSION_ID="20.04"
fi fi
# Add OpenMPTCProuter repo # Add OpenMPTCProuter repo
echo "Add OpenMPTCProuter repo..." echo "Add OpenMPTCProuter repo..."
echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list if [ "$CHINA" = "yes" ]; then
cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref echo "Install git..."
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones apt-get -y install git
Package: * if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
Pin: origin repo.openmptcprouter.com #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
Pin-Priority: 1001 git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
EOF fi
wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - cd /var/lib/openmptcprouter-vps-debian
git pull
# if [ "$VPSPATH" = "server-test" ]; then
# git checkout develop
# else
# git checkout main
# fi
echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
if [ ! -d /usr/share/omr-server-git ]; then
#git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
fi
cd /usr/share/omr-server-git
git pull
if [ "$VPSPATH" = "server-test" ]; then
git checkout develop
else
git checkout master
fi
LOCALFILES="yes"
TLS="no"
DIR="/usr/share/omr-server-git"
else
echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
Package: *
Pin: origin ${REPO}
Pin-Priority: 1001
EOF
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
fi
# Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..."
apt-get update
sleep 2
apt-get -y install dirmngr patch
#apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
if [ "$ID" = "debian" ]; then if [ "$ID" = "debian" ]; then
if [ "$VERSION_ID" = "9" ]; then if [ "$VERSION_ID" = "9" ]; then
#echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list #echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list
echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
fi fi
# Add buster-backports repo
echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
elif [ "$ID" = "ubuntu" ]; then elif [ "$ID" = "ubuntu" ]; then
echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
fi fi
# Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..."
apt-get update apt-get update
sleep 2 sleep 2
wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb apt-get -y install dirmngr patch rename curl libcurl4 unzip
wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
# Rename bzImage to vmlinuz, needed when custom kernel was used if [ "$SOURCES" = "yes" ]; then
cd /boot wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
apt-get -y install rename curl libcurl4 unzip git wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 # Rename bzImage to vmlinuz, needed when custom kernel was used
#apt-get -y install linux-mptcp cd /boot
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp apt-get -y install git
#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then #apt-get -y install linux-mptcp
echo "Install kernel linux-image-${KERNEL_RELEASE}" #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb echo "Install kernel linux-image-${KERNEL_RELEASE}"
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
fi
else
cd /boot
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
echo "Install kernel linux-image-${KERNEL_RELEASE}"
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
fi
fi fi
# Check if mptcp kernel is grub default kernel # Check if mptcp kernel is grub default kernel
@ -305,7 +382,7 @@ if [ "$SOURCES" = "yes" ]; then
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
rm -rf /tmp/shadowsocks-libev rm -rf /tmp/shadowsocks-libev
else else
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
fi fi
# Load OLIA Congestion module at boot time # Load OLIA Congestion module at boot time
@ -405,6 +482,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
mkdir -p /var/opt/openmptcprouter mkdir -p /var/opt/openmptcprouter
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
cd /tmp cd /tmp
unzip -q -o openmptcprouter-vps-admin.zip unzip -q -o openmptcprouter-vps-admin.zip
@ -423,23 +501,39 @@ if [ "$OMR_ADMIN" = "yes" ]; then
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
cd /etc/openmptcprouter-vps-admin cd /etc/openmptcprouter-vps-admin
sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
fi fi
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
[ "$NOINTERNET" = "yes" ] && {
sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
}
chmod u+x /usr/local/bin/omr-admin.py
systemctl enable omr-admin.service
rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
chmod u+x /usr/local/bin/omr-admin.py
else else
apt-get -y install omr-vps-admin if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n")
OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
[ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
fi
apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
fi
#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
fi fi
if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
cd /etc/openmptcprouter-vps-admin
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
fi
sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
[ "$NOINTERNET" = "yes" ] && {
sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
}
#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
[ "$(ip -6 a)" != "" ] && {
systemctl enable omr-admin-ipv6.service
}
systemctl enable omr-admin.service
fi fi
# Get shadowsocks optimization # Get shadowsocks optimization
@ -504,6 +598,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then
systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
fi fi
if [ "$LOCALFILES" = "no" ]; then
wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
else
cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
fi
# Install simple-obfs # Install simple-obfs
if [ "$OBFS" = "yes" ]; then if [ "$OBFS" = "yes" ]; then
echo "Install OBFS" echo "Install OBFS"
@ -529,7 +629,7 @@ if [ "$OBFS" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/simple-obfs rm -rf /tmp/simple-obfs
else else
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
fi fi
#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
fi fi
@ -537,29 +637,33 @@ fi
# Install v2ray-plugin # Install v2ray-plugin
if [ "$V2RAY_PLUGIN" = "yes" ]; then if [ "$V2RAY_PLUGIN" = "yes" ]; then
echo "Install v2ray plugin" echo "Install v2ray plugin"
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz if [ "$SOURCES" = "yes" ]; then
#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
cd /tmp wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp
cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
cd /tmp cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
rm -rf /tmp/v2ray-plugin_linux_amd64 cd /tmp
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz rm -rf /tmp/v2ray-plugin_linux_amd64
rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
#rm -rf /tmp/v2ray-plugin #rm -rf /tmp/v2ray-plugin
#cd /tmp #cd /tmp
#rm -f /var/lib/dpkg/lock #rm -f /var/lib/dpkg/lock
#apt-get install -y --no-install-recommends git ca-certificates golang-go #apt-get install -y --no-install-recommends git ca-certificates golang-go
#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
#cd /tmp/v2ray-plugin #cd /tmp/v2ray-plugin
#git checkout ${V2RAY_PLUGIN_VERSION} #git checkout ${V2RAY_PLUGIN_VERSION}
#git submodule update --init --recursive #git submodule update --init --recursive
#CGO_ENABLED=0 go build -o v2ray-plugin #CGO_ENABLED=0 go build -o v2ray-plugin
#cp v2ray-plugin /usr/local/bin/v2ray-plugin #cp v2ray-plugin /usr/local/bin/v2ray-plugin
#cd /tmp #cd /tmp
#rm -rf /tmp/simple-obfs #rm -rf /tmp/simple-obfs
else
apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
fi
fi fi
if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then
@ -573,12 +677,13 @@ fi
if [ "$V2RAY" = "yes" ]; then if [ "$V2RAY" = "yes" ]; then
#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb if [ "$SOURCES" = "yes" ]; then
if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
else
apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
fi fi
dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
if [ ! -f /etc/v2ray/v2ray-server.json ]; then if [ ! -f /etc/v2ray/v2ray-server.json ]; then
wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
@ -604,6 +709,7 @@ if [ "$MLVPN" = "yes" ]; then
if [ -f /etc/mlvpn/mlvpn0.conf ]; then if [ -f /etc/mlvpn/mlvpn0.conf ]; then
mlvpnupdate="1" mlvpnupdate="1"
fi fi
mkdir -p /etc/mlvpn
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
@ -621,23 +727,24 @@ if [ "$MLVPN" = "yes" ]; then
make install make install
cd /tmp cd /tmp
rm -rf /tmp/mlvpn rm -rf /tmp/mlvpn
else
apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn
fi
if [ "$LOCALFILES" = "no" ]; then
wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
else
cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
fi
mkdir -p /etc/mlvpn
if [ "$mlvpnupdate" = "0" ]; then
if [ "$LOCALFILES" = "no" ]; then if [ "$LOCALFILES" = "no" ]; then
wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
else else
cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
fi fi
if [ "$mlvpnupdate" = "0" ]; then
if [ "$LOCALFILES" = "no" ]; then
wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
else
cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
fi
fi
else
apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
fi
if [ "$mlvpnupdate" = "0" ]; then
sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
fi fi
chmod 0600 /etc/mlvpn/mlvpn0.conf chmod 0600 /etc/mlvpn/mlvpn0.conf
@ -649,10 +756,6 @@ if [ "$MLVPN" = "yes" ]; then
systemctl enable systemd-networkd.service systemctl enable systemd-networkd.service
echo "install mlvpn done" echo "install mlvpn done"
fi fi
if systemctl -q is-active openvpn-server@tun0.service; then
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
fi
if systemctl -q is-active ubond@ubond0.service; then if systemctl -q is-active ubond@ubond0.service; then
systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q stop ubond@ubond0 > /dev/null 2>&1
systemctl -q disable ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1
@ -708,6 +811,32 @@ if [ "$UBOND" = "yes" ]; then
systemctl enable systemd-networkd.service systemctl enable systemd-networkd.service
echo "install ubond done" echo "install ubond done"
fi fi
if systemctl -q is-active wg-quick@wg0.service; then
systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
fi
if [ "$WIREGUARD" = "yes" ]; then
echo "Install WireGuard"
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
apt-get -y install wireguard-tools --no-install-recommends
if [ ! -f /etc/wireguard/wg0.conf ]; then
cd /etc/wireguard
umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
cat > /etc/wireguard/wg0.conf <<-EOF
[Interface]
PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
ListenPort = 65311
Address = 10.255.247.1/24
SaveConfig = true
EOF
fi
systemctl enable wg-quick@wg0
echo "Install wireguard done"
fi
if systemctl -q is-active openvpn-server@tun0.service; then if systemctl -q is-active openvpn-server@tun0.service; then
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@ -869,9 +998,11 @@ if [ "$SOURCES" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/glorytun-udp rm -rf /tmp/glorytun-udp
else else
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
fi fi
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
# Add chrony for time sync # Add chrony for time sync
apt-get install -y chrony apt-get install -y chrony
@ -913,7 +1044,7 @@ if [ "$DSVPN" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/dsvpn rm -rf /tmp/dsvpn
else else
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
fi fi
fi fi
@ -961,9 +1092,9 @@ if [ "$SOURCES" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/glorytun-0.0.35 rm -rf /tmp/glorytun-0.0.35
else else
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
fi fi
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
# Load tun module at boot time # Load tun module at boot time
@ -979,6 +1110,14 @@ else
fi fi
chmod 755 /usr/local/bin/multipath chmod 755 /usr/local/bin/multipath
# Add omr-test-speed utility
if [ "$LOCALFILES" = "no" ]; then
wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed
else
cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed
fi
chmod 755 /usr/local/bin/omr-test-speed
# Add OpenMPTCProuter service # Add OpenMPTCProuter service
if [ "$LOCALFILES" = "no" ]; then if [ "$LOCALFILES" = "no" ]; then
wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
@ -1034,38 +1173,29 @@ if [ "$update" = "0" ]; then
else else
# Update only needed firewall files # Update only needed firewall files
if [ "$LOCALFILES" = "no" ]; then if [ "$LOCALFILES" = "no" ]; then
wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces mkdir -p ${DIR}
wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces mkdir -p ${DIR}/shorewall4
wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4
wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy mkdir -p ${DIR}/shorewall6
wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6
wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn
wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net
wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params
wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net
wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn
wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces
wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules
wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat
else
cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
cp ${DIR}/shorewall4/snat /etc/shorewall/snat
cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
cp ${DIR}/shorewall4/params /etc/shorewall/params
cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
cp ${DIR}/shorewall6/params /etc/shorewall6/params
cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
fi fi
cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
cp ${DIR}/shorewall4/snat /etc/shorewall/snat
cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
cp ${DIR}/shorewall4/params /etc/shorewall/params
cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
cp ${DIR}/shorewall6/params /etc/shorewall6/params
cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
@ -1099,6 +1229,12 @@ if [ "$TLS" = "yes" ]; then
systemctl -q restart shorewall systemctl -q restart shorewall
~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
set -e set -e
if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
rm -f /etc/openmptcprouter-vps-admin/cert.pem
ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem
rm -f /etc/openmptcprouter-vps-admin/key.pem
ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem
fi
# mkdir -p /etc/ssl/v2ray # mkdir -p /etc/ssl/v2ray
# ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key
# ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer
@ -1111,9 +1247,9 @@ if [ "$TLS" = "yes" ]; then
fi fi
if [ "$SPEEDTEST" = "yes" ]; then if [ "$SPEEDTEST" = "yes" ]; then
if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then mkdir -p /usr/share/omr-server/speedtest
if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then
echo "Generate speedtest image..." echo "Generate speedtest image..."
mkdir -p /usr/share/omr-server/speedtest
dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
echo "Done" echo "Done"
fi fi
@ -1138,6 +1274,11 @@ else
echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd
fi fi
if [ "$SOURCES" != "yes" ]; then
apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
rm -f /etc/openmtpcprouter-vps-admin/update-bin
fi
if [ "$update" = "0" ]; then if [ "$update" = "0" ]; then
# Display important info # Display important info
echo '====================================================================================' echo '===================================================================================='
@ -1282,6 +1423,11 @@ else
systemctl -q restart openvpn@tun1 systemctl -q restart openvpn@tun1
echo 'done' echo 'done'
fi fi
if [ "$WIREGUARD" = "yes" ]; then
echo 'Restarting WireGuard'
systemctl -q restart wg-quick@wg0
echo 'done'
fi
if [ "$OMR_ADMIN" = "yes" ]; then if [ "$OMR_ADMIN" = "yes" ]; then
echo 'Restarting OpenMPTCProuter VPS admin' echo 'Restarting OpenMPTCProuter VPS admin'
systemctl -q restart omr-admin systemctl -q restart omr-admin
@ -1299,16 +1445,14 @@ else
echo 'openmptcprouter' echo 'openmptcprouter'
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
echo '====================================================================================' echo '===================================================================================='
else
echo '!!! Keys are in /root/openmptcprouter_config.txt !!!'
fi fi
fi fi
if [ "$VPS_CERT" = "0" ]; then if [ "$VPS_CERT" = "0" ]; then
echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'No working domain detected, not able to generate certificate for v2ray.'
echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
fi fi
echo 'Restarting shorewall...'
systemctl -q restart shorewall
systemctl -q restart shorewall6
echo 'done'
echo 'Apply latest sysctl...' echo 'Apply latest sysctl...'
sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
echo 'done' echo 'done'
@ -1323,4 +1467,11 @@ else
# done # done
# fi # fi
echo 'done' echo 'done'
echo 'Restarting shorewall...'
systemctl -q restart shorewall
systemctl -q restart shorewall6
echo 'done'
echo '===================================================================================='
echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
echo '===================================================================================='
fi fi

View file

@ -12,7 +12,7 @@ fi
exec dsvpn \ exec dsvpn \
${MODE} \ ${MODE} \
"$1".key \ "$1".key \
auto \ ${HOST:-auto} \
${PORT} \ ${PORT} \
${DEV} \ ${DEV} \
${LOCALTUNIP} \ ${LOCALTUNIP} \

View file

@ -1,4 +1,5 @@
PORT=65401 PORT=65401
HOST=0.0.0.0
DEV=dsvpn0 DEV=dsvpn0
MODE=server MODE=server
LOCALTUNIP=10.255.251.1 LOCALTUNIP=10.255.251.1

View file

@ -9,7 +9,7 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt${HOST:+c}-$(basename "$1")" DEV="gt-$(basename "$1")"
exec glorytun-tcp \ exec glorytun-tcp \
${SERVER:+listener} \ ${SERVER:+listener} \

View file

@ -9,11 +9,10 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt${HOST:+c}-udp-$(basename "$1")" DEV="gt-udp-$(basename "$1")"
exec glorytun \ exec glorytun \
bind from addr $BIND port $BIND_PORT \ bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
keyfile "$1".key \ keyfile "$1".key \
${DEV:+dev "$DEV"} \ ${DEV:+dev "$DEV"} \
${HOST:+to addr "$HOST" port "$PORT"} \
${OPTIONS:+$OPTIONS} ${OPTIONS:+$OPTIONS}

12
omr-admin-ipv6.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-Admin IPv6
After=network.target network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-admin.py --host="::"
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install]
WantedBy=multi-user.target

View file

@ -6,7 +6,7 @@ After=network.target network-online.target
Type=simple Type=simple
Restart=always Restart=always
ExecStart=/usr/local/bin/omr-admin.py ExecStart=/usr/local/bin/omr-admin.py
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -30,13 +30,32 @@ _glorytun_tcp() {
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
done done
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.255.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0 systemctl restart glorytun-tcp@tun0
fi fi
fi fi
} }
_dsvpn() {
[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
}
_shadowsocks() {
[ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
systemctl restart shadowsocks-libev-manager@manager
}
}
_wireguard() {
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
}
_omr_api() { _omr_api() {
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin" logger -t "OMR-Service" "Restart OMR-Admin"
@ -49,7 +68,7 @@ _lan_route() {
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
echo "$c" | jq -c '.lanips //empty' | echo "$c" | jq -c -r '.lanips[] //empty' |
while IFS=$"\n" read -r d; do while IFS=$"\n" read -r d; do
network=$(ipcalc -n $d | grep Network | awk '{print $2}') network=$(ipcalc -n $d | grep Network | awk '{print $2}')
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
@ -79,23 +98,23 @@ _gre_tunnels() {
_openvpn_bonding() { _openvpn_bonding() {
if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
echo 0 > /sys/class/net/omr-bonding/bonding/mode echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null
ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding1 up ip link set ovpnbonding1 up 2>&1 >/dev/null
ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding2 up ip link set ovpnbonding2 up 2>&1 >/dev/null
ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding3 up ip link set ovpnbonding3 up 2>&1 >/dev/null
ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding4 up ip link set ovpnbonding4 up 2>&1 >/dev/null
ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding5 up ip link set ovpnbonding5 up 2>&1 >/dev/null
ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding6 up ip link set ovpnbonding6 up 2>&1 >/dev/null
ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding7 up ip link set ovpnbonding7 up 2>&1 >/dev/null
ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding8 up ip link set ovpnbonding8 up 2>&1 >/dev/null
ip link set omr-bonding up mtu 1440 2>&1 >/dev/null ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
@ -103,11 +122,15 @@ _openvpn_bonding() {
fi fi
} }
sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
modprobe bonding 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null
ip link add omr-bonding type bond 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null
while true; do while true; do
_glorytun_udp _glorytun_udp
_glorytun_tcp _glorytun_tcp
_shadowsocks
_dsvpn
_wireguard
_multipath _multipath
_omr_api _omr_api
_lan_route _lan_route

55
omr-test-speed Normal file
View file

@ -0,0 +1,55 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
OVH=false
if [ "$1" = "ovh" ]; then
OVH=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$OVH" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -4 -o /dev/null $HOST || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
fi
curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
fi
fi

56
omr-test-speedv6 Normal file
View file

@ -0,0 +1,56 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
OVH=false
if [ "$1" = "ovh" ]; then
OVH=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$OVH" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -6 $HOST >/dev/null || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

11
omr-update Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
if [ -f /etc/openmptcprouter-vps-admin/update ]; then
wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
rm -f /etc/openmptcprouter-vps-admin/update
reboot
fi
if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
rm -f /etc/openmptcprouter-vps-admin/update-bin
#reboot
fi

15
omr-update.service.in Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=OMR Update
After=network.target network-online.target
[Service]
Type=simple
Restart=never
ExecStart=/usr/bin/omr-update
#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
AmbientCapabilities=
StandardOutput=file:/var/log/omr-update.log
StandardError=file:/var/log/omr-update.log
[Install]
WantedBy=multi-user.target

Binary file not shown.

Binary file not shown.

17
openvpn-bonding1.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding1
dev-type tap
cipher AES-256-CBC
proto udp
port 65351
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding2.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding2
dev-type tap
cipher AES-256-CBC
proto udp
port 65352
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding3.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding3
dev-type tap
cipher AES-256-CBC
proto udp
port 65353
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding4.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding4
dev-type tap
cipher AES-256-CBC
proto udp
port 65354
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding5.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding5
dev-type tap
cipher AES-256-CBC
proto udp
port 65355
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding6.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding6
dev-type tap
cipher AES-256-CBC
proto udp
port 65356
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding7.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding7
dev-type tap
cipher AES-256-CBC
proto udp
port 65357
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

17
openvpn-bonding8.conf Normal file
View file

@ -0,0 +1,17 @@
dev ovpnbonding8
dev-type tap
cipher AES-256-CBC
proto udp
port 65358
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1
#net.ipv4.tcp_tw_recycle = 0 #net.ipv4.tcp_tw_recycle = 0
# short FIN timeout # short FIN timeout
net.ipv4.tcp_fin_timeout = 80 net.ipv4.tcp_fin_timeout = 80
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time # short keepalive time
net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_time = 7200
# outbound port range # outbound port range
@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic
net.core.default_qdisc = fq net.core.default_qdisc = fq
# Default conntrack is too small # Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072 net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.log_martians = 0

View file

@ -19,6 +19,7 @@ vpn gt-tun+ nosmurfs,tcpflags
vpn gt-udp-tun+ nosmurfs,tcpflags vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags
vpn wg+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags
vpn omr-bonding nosmurfs,tcpflags vpn omr-bonding nosmurfs,tcpflags

View file

@ -17,8 +17,8 @@ vpn net ACCEPT
vpn fw ACCEPT vpn fw ACCEPT
fw vpn ACCEPT fw vpn ACCEPT
fw net ACCEPT fw net ACCEPT
net all DROP info net all DROP
vpn vpn DROP vpn vpn DROP
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT info all all REJECT

View file

@ -15,7 +15,14 @@
########################################################################################################################################### ###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
# #
MASQUERADE 10.255.0.0/16,\ MASQUERADE 10.255.247.0/24,\
10.255.248.0/24,\
10.255.250.0/24,\
10.255.251.0/24,\
10.255.252.0/24,\
10.255.253.0/24,\
10.255.254.0/24,\
10.255.255.0/24,\
169.254.0.0/16,\ 169.254.0.0/16,\
172.16.0.0/12,\ 172.16.0.0/12,\
192.168.0.0/16 $NET_IFACE 192.168.0.0/16 $NET_IFACE

View file

@ -23,4 +23,6 @@ ACCEPT dsvpn+ -
ACCEPT - dsvpn+ ACCEPT - dsvpn+
ACCEPT tun+ - ACCEPT tun+ -
ACCEPT - tun+ ACCEPT - tun+
ACCEPT wg+ -
ACCEPT - wg+

View file

@ -15,7 +15,7 @@
vpn all ACCEPT vpn all ACCEPT
fw all ACCEPT fw all ACCEPT
net all DROP info net all DROP
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT info all all REJECT

View file

@ -1,4 +1,5 @@
PORT=65001 PORT=65001
HOST=0.0.0.0
DEV=tun0 DEV=tun0
SERVER=true SERVER=true
MPTCP=true MPTCP=true

View file

@ -1,4 +1,6 @@
BIND=0.0.0.0 BIND=0.0.0.0
BIND_PORT=65001 BIND_PORT=65001
HOST=0.0.0.0
PORT=5000
DEV=tun0 DEV=tun0
OPTIONS="chacha persist" OPTIONS="chacha persist"

1
ubuntu19.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
ubuntu20.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

View file

@ -1,6 +1,6 @@
{ {
"log": { "log": {
"loglevel": "debug", "loglevel": "warning",
"error": "/tmp/v2rayError.log" "error": "/tmp/v2rayError.log"
}, },
"transport": { "transport": {