mirror of
https://github.com/Ysurac/openmptcprouter-vps.git
synced 2025-03-09 15:50:00 +00:00
Merge develop in master
This commit is contained in:
commit
cf8aa1dc03
15 changed files with 382 additions and 94 deletions
1
debian11-x86_64.sh
Symbolic link
1
debian11-x86_64.sh
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
debian9-x86_64.sh
|
|
@ -6,6 +6,7 @@
|
||||||
# See /LICENSE for more information.
|
# See /LICENSE for more information.
|
||||||
#
|
#
|
||||||
|
|
||||||
|
UPSTREAM=${UPSTREAM:-no}
|
||||||
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
|
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
|
||||||
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
||||||
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
||||||
|
@ -29,40 +30,53 @@ OPENVPN=${OPENVPN:-yes}
|
||||||
DSVPN=${DSVPN:-yes}
|
DSVPN=${DSVPN:-yes}
|
||||||
WIREGUARD=${WIREGUARD:-yes}
|
WIREGUARD=${WIREGUARD:-yes}
|
||||||
SOURCES=${SOURCES:-no}
|
SOURCES=${SOURCES:-no}
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
SOURCES="yes"
|
||||||
|
fi
|
||||||
NOINTERNET=${NOINTERNET:-no}
|
NOINTERNET=${NOINTERNET:-no}
|
||||||
REINSTALL=${REINSTALL:-yes}
|
REINSTALL=${REINSTALL:-yes}
|
||||||
SPEEDTEST=${SPEEDTEST:-yes}
|
SPEEDTEST=${SPEEDTEST:-yes}
|
||||||
LOCALFILES=${LOCALFILES:-no}
|
LOCALFILES=${LOCALFILES:-no}
|
||||||
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
|
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
|
||||||
KERNEL_VERSION="5.4.100"
|
KERNEL_VERSION="5.4.207"
|
||||||
KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
|
KERNEL_PACKAGE_VERSION="1.22"
|
||||||
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
|
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
KERNEL_VERSION="5.15.57"
|
||||||
|
KERNEL_PACKAGE_VERSION="1.6"
|
||||||
|
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
|
||||||
|
fi
|
||||||
GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
|
GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
|
||||||
GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
|
GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
|
||||||
GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
|
GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
|
||||||
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
|
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
|
||||||
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
|
MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
|
||||||
MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
|
MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
|
||||||
UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
|
UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
|
||||||
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
|
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
|
||||||
OBFS_BINARY_VERSION="0.0.5-1"
|
OBFS_BINARY_VERSION="0.0.5-1"
|
||||||
OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
|
OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024"
|
||||||
OMR_ADMIN_BINARY_VERSION="0.3+20210508"
|
OMR_ADMIN_BINARY_VERSION="0.3+20220715"
|
||||||
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
|
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
|
||||||
DSVPN_BINARY_VERSION="0.1.4-2"
|
DSVPN_BINARY_VERSION="0.1.4-2"
|
||||||
V2RAY_VERSION="4.35.1"
|
V2RAY_VERSION="4.43.0"
|
||||||
V2RAY_PLUGIN_VERSION="4.35.1"
|
V2RAY_PLUGIN_VERSION="4.43.0"
|
||||||
EASYRSA_VERSION="3.0.6"
|
EASYRSA_VERSION="3.0.6"
|
||||||
SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
|
SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
|
||||||
SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
|
||||||
|
fi
|
||||||
|
IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
|
||||||
|
SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
|
||||||
DEFAULT_USER="openmptcprouter"
|
DEFAULT_USER="openmptcprouter"
|
||||||
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
|
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
|
||||||
VPSPATH="server"
|
VPSPATH="server"
|
||||||
|
VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
|
||||||
VPSURL="https://www.openmptcprouter.com/"
|
VPSURL="https://www.openmptcprouter.com/"
|
||||||
REPO="repo.openmptcprouter.com"
|
REPO="repo.openmptcprouter.com"
|
||||||
CHINA=${CHINA:-no}
|
CHINA=${CHINA:-no}
|
||||||
|
|
||||||
OMR_VERSION="0.1026"
|
OMR_VERSION="0.1027"
|
||||||
|
|
||||||
DIR=$( pwd )
|
DIR=$( pwd )
|
||||||
#"
|
#"
|
||||||
|
@ -82,14 +96,16 @@ if test -f /etc/os-release ; then
|
||||||
else
|
else
|
||||||
. /usr/lib/os-release
|
. /usr/lib/os-release
|
||||||
fi
|
fi
|
||||||
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
|
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
|
||||||
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
|
echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
|
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
|
||||||
echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
|
echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
|
||||||
|
echo "Use debian when possible"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
|
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
|
||||||
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)"
|
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
|
||||||
|
echo "Use Debian when possible"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -166,7 +182,11 @@ echo "Remove lock and update packages list..."
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
rm -f /var/cache/apt/archives/lock
|
rm -f /var/cache/apt/archives/lock
|
||||||
apt-get update --allow-releaseinfo-change
|
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
|
||||||
|
apt-get update
|
||||||
|
else
|
||||||
|
apt-get update --allow-releaseinfo-change
|
||||||
|
fi
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
rm -f /var/cache/apt/archives/lock
|
rm -f /var/cache/apt/archives/lock
|
||||||
|
@ -235,6 +255,17 @@ else
|
||||||
Pin: origin ${REPO}
|
Pin: origin ${REPO}
|
||||||
Pin-Priority: 1001
|
Pin-Priority: 1001
|
||||||
EOF
|
EOF
|
||||||
|
if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
|
||||||
|
echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
|
||||||
|
cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
|
||||||
|
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
|
||||||
|
Package: *
|
||||||
|
Pin: origin ${REPO}
|
||||||
|
Pin-Priority: 1002
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
|
||||||
|
fi
|
||||||
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
|
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -249,12 +280,28 @@ if [ "$ID" = "debian" ]; then
|
||||||
elif [ "$ID" = "ubuntu" ]; then
|
elif [ "$ID" = "ubuntu" ]; then
|
||||||
echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
|
echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
|
||||||
echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
|
echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
|
||||||
|
[ "$VERSION_ID" = "22.04" ] && {
|
||||||
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
|
||||||
|
echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
# Install mptcp kernel and shadowsocks
|
# Install mptcp kernel and shadowsocks
|
||||||
echo "Install mptcp kernel and shadowsocks..."
|
echo "Install mptcp kernel and shadowsocks..."
|
||||||
apt-get update --allow-releaseinfo-change
|
apt-get update --allow-releaseinfo-change
|
||||||
sleep 2
|
sleep 2
|
||||||
apt-get -y install dirmngr patch rename curl libcurl4 unzip
|
apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
|
||||||
|
|
||||||
|
if [ -z "$(dpkg-query -l | grep grub)" ]; then
|
||||||
|
if [ -d /boot/grub2 ]; then
|
||||||
|
apt-get -y install grub2
|
||||||
|
elif [ -d /boot/grub ]; then
|
||||||
|
apt-get -y install grub-legacy
|
||||||
|
fi
|
||||||
|
[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
|
||||||
|
echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ -z "$(dpkg-query -l | grep grub)" ]; then
|
if [ -z "$(dpkg-query -l | grep grub)" ]; then
|
||||||
if [ -d /boot/grub2 ]; then
|
if [ -d /boot/grub2 ]; then
|
||||||
|
@ -277,7 +324,7 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
|
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
|
||||||
#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
|
#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
|
||||||
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
|
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
|
||||||
echo "Install kernel linux-image-${KERNEL_RELEASE}"
|
echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
|
||||||
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
|
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
|
||||||
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
|
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
|
||||||
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
|
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
|
||||||
|
@ -300,7 +347,7 @@ if [ "$LOCALFILES" = "no" ]; then
|
||||||
else
|
else
|
||||||
cd ${DIR}
|
cd ${DIR}
|
||||||
fi
|
fi
|
||||||
[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
|
[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
|
||||||
rm -f /etc/grub.d/30_os-prober
|
rm -f /etc/grub.d/30_os-prober
|
||||||
bash update-grub.sh ${KERNEL_VERSION}-mptcp
|
bash update-grub.sh ${KERNEL_VERSION}-mptcp
|
||||||
bash update-grub.sh ${KERNEL_RELEASE}
|
bash update-grub.sh ${KERNEL_RELEASE}
|
||||||
|
@ -311,6 +358,32 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
|
||||||
echo "Install iperf3 OpenMPTCProuter edition"
|
echo "Install iperf3 OpenMPTCProuter edition"
|
||||||
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
|
||||||
|
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
echo "Compile and install mptcpize..."
|
||||||
|
apt-get -y install --no-install-recommends build-essential
|
||||||
|
cd /tmp
|
||||||
|
git clone https://github.com/Ysurac/mptcpize.git
|
||||||
|
cd mptcpize
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
cd /tmp
|
||||||
|
rm -rf /tmp/mptcpize
|
||||||
|
echo "Compile and install iproute2..."
|
||||||
|
apt-get -y install --no-install-recommends bison libbison-dev flex
|
||||||
|
#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
|
||||||
|
#tar xzf iproute2-5.16.0.tar.gz
|
||||||
|
#cd iproute2-5.16.0
|
||||||
|
git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git
|
||||||
|
cd iproute2
|
||||||
|
git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
|
||||||
|
make
|
||||||
|
make install
|
||||||
|
cd /tmp
|
||||||
|
rm -rf iproute2
|
||||||
|
echo "MPTCPize iperf3..."
|
||||||
|
mptcpize enable iperf3
|
||||||
|
fi
|
||||||
|
|
||||||
apt-get -y remove shadowsocks-libev
|
apt-get -y remove shadowsocks-libev
|
||||||
|
|
||||||
if [ "$SOURCES" = "yes" ]; then
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
|
@ -358,6 +431,7 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
|
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
|
||||||
|
apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
|
||||||
sleep 1
|
sleep 1
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
|
@ -387,7 +461,7 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
cd /tmp
|
cd /tmp
|
||||||
#dpkg -i shadowsocks-libev_*.deb
|
#dpkg -i shadowsocks-libev_*.deb
|
||||||
dpkg -i omr-shadowsocks-libev_*.deb
|
dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
|
||||||
#mkdir -p /usr/lib/shadowsocks-libev
|
#mkdir -p /usr/lib/shadowsocks-libev
|
||||||
#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
|
#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
|
||||||
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
||||||
|
@ -480,10 +554,16 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
apt-get -y remove python3-jwt
|
apt-get -y remove python3-jwt
|
||||||
pip3 -q install pyjwt
|
pip3 -q install pyjwt
|
||||||
else
|
else
|
||||||
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
|
if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then
|
||||||
|
apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
|
||||||
|
pip3 -q install uvloop
|
||||||
|
else
|
||||||
|
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
|
apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
|
||||||
echo '-- pip3 install needed python modules'
|
echo '-- pip3 install needed python modules'
|
||||||
|
echo "If you see any error here, I really don't care: it's about a not used module for home users"
|
||||||
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
|
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
|
||||||
#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
|
#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
|
||||||
pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
|
pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
|
||||||
|
@ -545,6 +625,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
systemctl enable omr-admin-ipv6.service
|
systemctl enable omr-admin-ipv6.service
|
||||||
}
|
}
|
||||||
systemctl enable omr-admin.service
|
systemctl enable omr-admin.service
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
mptcpize enable omr-admin.service
|
||||||
|
[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get shadowsocks optimization
|
# Get shadowsocks optimization
|
||||||
|
@ -702,14 +786,17 @@ if [ "$V2RAY" = "yes" ]; then
|
||||||
if [ ! -f /etc/v2ray/v2ray-server.json ]; then
|
if [ ! -f /etc/v2ray/v2ray-server.json ]; then
|
||||||
wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
|
wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
|
||||||
sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
|
sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
|
||||||
rm /etc/v2ray/config.json
|
|
||||||
ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
|
|
||||||
fi
|
fi
|
||||||
|
rm -f /etc/v2ray/config.json
|
||||||
|
ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
|
||||||
if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
|
if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
|
||||||
mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
|
mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
|
||||||
fi
|
fi
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
systemctl enable v2ray.service
|
systemctl enable v2ray.service
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
mptcpize enable v2ray
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if systemctl -q is-active mlvpn@mlvpn0.service; then
|
if systemctl -q is-active mlvpn@mlvpn0.service; then
|
||||||
|
@ -732,7 +819,8 @@ if [ "$MLVPN" = "yes" ]; then
|
||||||
rm -rf /tmp/mlvpn
|
rm -rf /tmp/mlvpn
|
||||||
cd /tmp
|
cd /tmp
|
||||||
#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
|
#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
|
||||||
git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
|
#git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
|
||||||
|
git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn
|
||||||
#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
|
#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
|
||||||
cd /tmp/mlvpn
|
cd /tmp/mlvpn
|
||||||
git checkout ${MLVPN_VERSION}
|
git checkout ${MLVPN_VERSION}
|
||||||
|
@ -849,6 +937,34 @@ if [ "$WIREGUARD" = "yes" ]; then
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
systemctl enable wg-quick@wg0
|
systemctl enable wg-quick@wg0
|
||||||
|
if [ ! -f /etc/wireguard/client-wg0.conf ]; then
|
||||||
|
cd /etc/wireguard
|
||||||
|
umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key
|
||||||
|
cat > /etc/wireguard/client-wg0.conf <<-EOF
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
|
||||||
|
ListenPort = 65312
|
||||||
|
Address = 10.255.246.1/24
|
||||||
|
SaveConfig = true
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n")
|
||||||
|
AllowedIPs = 10.255.246.2/32
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
if [ ! -f /root/wireguard-client.conf ]; then
|
||||||
|
cat > /root/wireguard-client.conf <<-EOF
|
||||||
|
[Interface]
|
||||||
|
Address = 10.255.246.2/24
|
||||||
|
PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n")
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n")
|
||||||
|
Endpoint = ${VPS_PUBLIC_IP}:65312
|
||||||
|
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
systemctl enable wg-quick@client-wg0
|
||||||
echo "Install wireguard done"
|
echo "Install wireguard done"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -951,6 +1067,9 @@ if [ "$OPENVPN" = "yes" ]; then
|
||||||
mkdir -p /etc/openvpn/ccd
|
mkdir -p /etc/openvpn/ccd
|
||||||
systemctl enable openvpn@tun0.service
|
systemctl enable openvpn@tun0.service
|
||||||
systemctl enable openvpn@tun1.service
|
systemctl enable openvpn@tun1.service
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
mptcpize enable openvpn@tun0
|
||||||
|
fi
|
||||||
systemctl enable openvpn@bonding1.service
|
systemctl enable openvpn@bonding1.service
|
||||||
systemctl enable openvpn@bonding2.service
|
systemctl enable openvpn@bonding2.service
|
||||||
systemctl enable openvpn@bonding3.service
|
systemctl enable openvpn@bonding3.service
|
||||||
|
@ -969,6 +1088,7 @@ fi
|
||||||
if [ "$SOURCES" = "yes" ]; then
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
|
rm -f /usr/bin/glorytun
|
||||||
apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
|
apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
|
||||||
rm -rf /tmp/glorytun-udp
|
rm -rf /tmp/glorytun-udp
|
||||||
cd /tmp
|
cd /tmp
|
||||||
|
@ -1013,7 +1133,8 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/glorytun-udp
|
rm -rf /tmp/glorytun-udp
|
||||||
else
|
else
|
||||||
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
|
rm -f /usr/local/bin/glorytun
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
|
||||||
GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
|
GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
|
||||||
fi
|
fi
|
||||||
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
|
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
|
||||||
|
@ -1062,6 +1183,9 @@ if [ "$DSVPN" = "yes" ]; then
|
||||||
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
|
||||||
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
|
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
|
||||||
fi
|
fi
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
mptcpize enable dsvpn-server@dsvpn0
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install Glorytun TCP
|
# Install Glorytun TCP
|
||||||
|
@ -1080,11 +1204,19 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
fi
|
fi
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
|
rm -f /usr/bin/glorytun-tcp
|
||||||
apt-get -y install build-essential pkg-config autoconf automake
|
apt-get -y install build-essential pkg-config autoconf automake
|
||||||
rm -rf /tmp/glorytun-0.0.35
|
rm -rf /tmp/glorytun-0.0.35
|
||||||
cd /tmp
|
cd /tmp
|
||||||
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
|
||||||
|
else
|
||||||
|
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
|
||||||
|
fi
|
||||||
tar xzf glorytun-0.0.35.tar.gz
|
tar xzf glorytun-0.0.35.tar.gz
|
||||||
|
if [ "$UPSTREAM" = "yes" ]; then
|
||||||
|
mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
|
||||||
|
fi
|
||||||
cd glorytun-0.0.35
|
cd glorytun-0.0.35
|
||||||
./autogen.sh
|
./autogen.sh
|
||||||
./configure
|
./configure
|
||||||
|
@ -1107,7 +1239,8 @@ if [ "$SOURCES" = "yes" ]; then
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/glorytun-0.0.35
|
rm -rf /tmp/glorytun-0.0.35
|
||||||
else
|
else
|
||||||
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
|
rm -f /usr/local/bin/glorytun-tcp
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
|
||||||
fi
|
fi
|
||||||
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
|
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
|
||||||
|
|
||||||
|
@ -1203,6 +1336,7 @@ else
|
||||||
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
|
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
|
||||||
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
|
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
|
||||||
cp ${DIR}/shorewall4/params /etc/shorewall/params
|
cp ${DIR}/shorewall4/params /etc/shorewall/params
|
||||||
|
cp ${DIR}/shorewall4/zones /etc/shorewall/zones
|
||||||
#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
|
#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
|
||||||
#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
|
#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
|
||||||
cp ${DIR}/shorewall6/params /etc/shorewall6/params
|
cp ${DIR}/shorewall6/params /etc/shorewall6/params
|
||||||
|
@ -1215,7 +1349,14 @@ else
|
||||||
sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
|
sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
|
||||||
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
|
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
|
||||||
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
|
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
|
||||||
|
if [ "$LOCALFILES" = "no" ]; then
|
||||||
|
rm -rf ${DIR}/shorewall4
|
||||||
|
rm -rf ${DIR}/shorewall6
|
||||||
|
rm -f ${DIR}/openmptcprouter-shorewall.tar.gz
|
||||||
|
rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf
|
||||||
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
|
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
|
||||||
apt-get -y install iptables
|
apt-get -y install iptables
|
||||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
|
|
123
multipath
Normal file → Executable file
123
multipath
Normal file → Executable file
|
@ -6,9 +6,8 @@
|
||||||
# Released under GPL 3 or later
|
# Released under GPL 3 or later
|
||||||
|
|
||||||
if [ -d "/proc/sys/net/mptcp" ]; then
|
if [ -d "/proc/sys/net/mptcp" ]; then
|
||||||
if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then
|
if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
|
||||||
echo "MPTCP is disabled!"
|
echo "MPTCP is disabled!"
|
||||||
echo "Please set net.mptcp.mptcp_enabled = 1"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -26,7 +25,7 @@ case $1 in
|
||||||
echo " multipath device {on | off | backup | handover}"
|
echo " multipath device {on | off | backup | handover}"
|
||||||
echo
|
echo
|
||||||
echo "show established conections: -c"
|
echo "show established conections: -c"
|
||||||
echo "show mullmesh info: -f"
|
echo "show fullmesh info: -f"
|
||||||
echo "show kernel config: -k"
|
echo "show kernel config: -k"
|
||||||
echo
|
echo
|
||||||
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
|
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
|
||||||
|
@ -43,12 +42,28 @@ case $1 in
|
||||||
cat /proc/net/mptcp_fullmesh
|
cat /proc/net/mptcp_fullmesh
|
||||||
exit 0;;
|
exit 0;;
|
||||||
"-k")
|
"-k")
|
||||||
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
|
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
|
||||||
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
|
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
|
||||||
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
|
elif [ -f /proc/sys/net/mptcp/enabled ]; then
|
||||||
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
|
echo Enabled: `cat /proc/sys/net/mptcp/enabled`
|
||||||
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
|
fi
|
||||||
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
|
if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
|
||||||
|
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
|
||||||
|
fi
|
||||||
|
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
|
||||||
|
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
|
||||||
|
else
|
||||||
|
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
|
||||||
|
fi
|
||||||
|
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
|
||||||
|
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
|
||||||
|
fi
|
||||||
|
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
|
||||||
|
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
|
||||||
|
fi
|
||||||
|
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
|
||||||
|
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
|
||||||
|
fi
|
||||||
echo
|
echo
|
||||||
echo See http://multipath-tcp.org/ for details
|
echo See http://multipath-tcp.org/ for details
|
||||||
exit 0 ;;
|
exit 0 ;;
|
||||||
|
@ -65,38 +80,74 @@ TYPE="$2"
|
||||||
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
|
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
|
||||||
|
|
||||||
[ -d "/sys/class/net/$DEVICE/" ] || {
|
[ -d "/sys/class/net/$DEVICE/" ] || {
|
||||||
echo "Device '$DEVICE' can't found!"
|
#echo "Device '$DEVICE' can't found!"
|
||||||
echo "Use the hardware name like in ifconfig"
|
#echo "Use the hardware name like in ifconfig"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
FLAG_PATH="/sys/class/net/$DEVICE/flags"
|
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
|
||||||
IFF=`cat $FLAG_PATH`
|
FLAG_PATH="/sys/class/net/$DEVICE/flags"
|
||||||
|
IFF=`cat $FLAG_PATH`
|
||||||
|
|
||||||
IFF_OFF="0x80000"
|
IFF_OFF="0x80000"
|
||||||
IFF_ON="0x00"
|
IFF_ON="0x00"
|
||||||
IFF_BACKUP="0x100000"
|
IFF_BACKUP="0x100000"
|
||||||
IFF_HANDOVER="0x200000"
|
IFF_HANDOVER="0x200000"
|
||||||
IFF_MASK="0x380000"
|
IFF_MASK="0x380000"
|
||||||
|
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
"off") FLAG=$IFF_OFF;;
|
"off") FLAG=$IFF_OFF;;
|
||||||
"on") FLAG=$IFF_ON;;
|
"on") FLAG=$IFF_ON;;
|
||||||
"backup") FLAG=$IFF_BACKUP;;
|
"backup") FLAG=$IFF_BACKUP;;
|
||||||
"handover") FLAG=$IFF_HANDOVER;;
|
"handover") FLAG=$IFF_HANDOVER;;
|
||||||
"")
|
"")
|
||||||
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
|
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
|
||||||
case "$IFF" in
|
case "$IFF" in
|
||||||
$IFF_OFF) echo $DEVICE is deactivated;;
|
$IFF_OFF) echo $DEVICE is deactivated;;
|
||||||
$IFF_ON) echo $DEVICE is in default mode;;
|
$IFF_ON) echo $DEVICE is in default mode;;
|
||||||
$IFF_BACKUP) echo $DEVICE is in backup mode;;
|
$IFF_BACKUP) echo $DEVICE is in backup mode;;
|
||||||
$IFF_HANDOVER) echo $DEVICE is in handover mode;;
|
$IFF_HANDOVER) echo $DEVICE is in handover mode;;
|
||||||
*) echo "Unkown state!" && exit 1;;
|
*) echo "Unkown state!" && exit 1;;
|
||||||
esac
|
esac
|
||||||
exit 0;;
|
exit 0;;
|
||||||
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
|
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
|
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
|
||||||
|
else
|
||||||
|
ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
|
||||||
|
IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
|
||||||
|
IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
|
||||||
|
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
|
||||||
|
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
|
||||||
|
case $TYPE in
|
||||||
|
"off")
|
||||||
|
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
|
||||||
|
exit 0;;
|
||||||
|
"on")
|
||||||
|
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
|
||||||
|
ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
|
||||||
|
exit 0;;
|
||||||
|
"signal")
|
||||||
|
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
|
||||||
|
ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
|
||||||
|
exit 0;;
|
||||||
|
"backup")
|
||||||
|
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
|
||||||
|
ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
|
||||||
|
exit 0;;
|
||||||
|
"")
|
||||||
|
case "$IFF" in
|
||||||
|
"") echo $DEVICE is deactivated;;
|
||||||
|
"subflow") echo $DEVICE is in default mode;;
|
||||||
|
"backup") echo $DEVICE is in backup mode;;
|
||||||
|
"signal") echo $DEVICE is in signal mode;;
|
||||||
|
"fullmesh") echo $DEVICE is in fullmesh mode;;
|
||||||
|
*) echo "$DEVICE Unkown state!" && exit 1;;
|
||||||
|
esac
|
||||||
|
exit 0;;
|
||||||
|
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,7 @@ cat >> /etc/pihole/setupVars.conf <<-EOF
|
||||||
PIHOLE_INTERFACE=gt-tun0
|
PIHOLE_INTERFACE=gt-tun0
|
||||||
IPV4_ADDRESS=10.255.0.0/16
|
IPV4_ADDRESS=10.255.0.0/16
|
||||||
IPV6_ADDRESS=fe80::aff:ff01/64
|
IPV6_ADDRESS=fe80::aff:ff01/64
|
||||||
|
RATE_LIMIT=0/0
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf
|
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf
|
||||||
|
|
55
omr-service
55
omr-service
|
@ -7,7 +7,11 @@ _multipath() {
|
||||||
for intf in `ls -1 /sys/class/net`; do
|
for intf in `ls -1 /sys/class/net`; do
|
||||||
if [ "$intf" != "bonding_masters" ]; then
|
if [ "$intf" != "bonding_masters" ]; then
|
||||||
if [ "$intf" = "$NET_IFACE" ]; then
|
if [ "$intf" = "$NET_IFACE" ]; then
|
||||||
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
|
[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
|
||||||
|
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
|
||||||
|
multipath $intf signal
|
||||||
|
ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
|
||||||
|
}
|
||||||
else
|
else
|
||||||
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
|
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
|
||||||
fi
|
fi
|
||||||
|
@ -16,26 +20,32 @@ _multipath() {
|
||||||
}
|
}
|
||||||
|
|
||||||
_glorytun_udp() {
|
_glorytun_udp() {
|
||||||
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
|
if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
|
||||||
logger -t "OMR-Service" "Restart Glorytun-UDP"
|
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
|
||||||
systemctl -q restart 'glorytun-udp@*'
|
logger -t "OMR-Service" "Restart Glorytun-UDP"
|
||||||
}
|
systemctl -q restart 'glorytun-udp@*'
|
||||||
for intf in /etc/glorytun-udp/tun*; do
|
sleep 10
|
||||||
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
|
}
|
||||||
done
|
for intf in /etc/glorytun-udp/tun*; do
|
||||||
|
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
|
||||||
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_glorytun_tcp() {
|
_glorytun_tcp() {
|
||||||
for intf in /etc/glorytun-tcp/tun*; do
|
if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
|
||||||
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
|
for intf in /etc/glorytun-tcp/tun*; do
|
||||||
done
|
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
|
||||||
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
|
done
|
||||||
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
|
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
|
||||||
[ -z "$localip" ] && localip="10.255.255.1"
|
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
|
||||||
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
|
[ -z "$localip" ] && localip="10.255.255.1"
|
||||||
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
|
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
|
||||||
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
|
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
|
||||||
systemctl restart glorytun-tcp@tun0
|
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
|
||||||
|
systemctl restart glorytun-tcp@tun0
|
||||||
|
sleep 10
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -54,19 +64,22 @@ _dsvpn() {
|
||||||
}
|
}
|
||||||
|
|
||||||
_shadowsocks() {
|
_shadowsocks() {
|
||||||
[ -z "$(pgrep ss-server)" ] && {
|
[ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
|
||||||
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
|
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
|
||||||
systemctl restart shadowsocks-libev-manager@manager
|
systemctl restart shadowsocks-libev-manager@manager
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
_wireguard() {
|
_wireguard() {
|
||||||
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
|
if [ -n "$(systemctl -a | grep 'wg')" ]; then
|
||||||
|
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
|
||||||
|
[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
_omr_api() {
|
_omr_api() {
|
||||||
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
|
[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
|
||||||
logger -t "OMR-Service" "Restart OMR-Admin"
|
logger -t "OMR-Service" "Restart OMR-Admin"
|
||||||
systemctl -q restart omr-admin
|
systemctl -q restart omr-admin
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -20,6 +20,7 @@ vpn gt-udp-tun+ nosmurfs,tcpflags
|
||||||
vpn mlvpn+ nosmurfs,tcpflags
|
vpn mlvpn+ nosmurfs,tcpflags
|
||||||
vpn tun+ nosmurfs,tcpflags
|
vpn tun+ nosmurfs,tcpflags
|
||||||
vpn wg+ nosmurfs,tcpflags
|
vpn wg+ nosmurfs,tcpflags
|
||||||
|
vpncl client-wg+ nosmurfs,tcpflags
|
||||||
vpn dsvpn+ nosmurfs,tcpflags
|
vpn dsvpn+ nosmurfs,tcpflags
|
||||||
vpn gre-user+ nosmurfs,tcpflags
|
vpn gre-user+ nosmurfs,tcpflags
|
||||||
vpn omr-bonding nosmurfs,tcpflags
|
vpn omr-bonding nosmurfs,tcpflags
|
||||||
|
|
|
@ -19,6 +19,8 @@ fw vpn ACCEPT
|
||||||
fw net ACCEPT
|
fw net ACCEPT
|
||||||
net all DROP
|
net all DROP
|
||||||
vpn vpn DROP
|
vpn vpn DROP
|
||||||
|
vpncl vpn ACCEPT
|
||||||
|
vpn vpncl ACCEPT
|
||||||
# THE FOLLOWING POLICY MUST BE LAST
|
# THE FOLLOWING POLICY MUST BE LAST
|
||||||
all all REJECT
|
all all REJECT
|
||||||
|
|
||||||
|
|
|
@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
|
||||||
|
|
||||||
AUTOCOMMENT=Yes
|
AUTOCOMMENT=Yes
|
||||||
|
|
||||||
AUTOHELPERS=Yes
|
AUTOHELPERS=No
|
||||||
|
|
||||||
AUTOMAKE=No
|
AUTOMAKE=No
|
||||||
|
|
||||||
|
@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
|
||||||
|
|
||||||
CLAMPMSS=No
|
CLAMPMSS=No
|
||||||
|
|
||||||
CLEAR_TC=Yes
|
CLEAR_TC=No
|
||||||
|
|
||||||
COMPLETE=No
|
COMPLETE=No
|
||||||
|
|
||||||
DEFER_DNS_RESOLUTION=Yes
|
DEFER_DNS_RESOLUTION=Yes
|
||||||
|
|
||||||
DELETE_THEN_ADD=Yes
|
DELETE_THEN_ADD=No
|
||||||
|
|
||||||
DETECT_DNAT_IPADDRS=No
|
DETECT_DNAT_IPADDRS=No
|
||||||
|
|
||||||
|
@ -163,7 +163,7 @@ DISABLE_IPV6=No
|
||||||
|
|
||||||
DOCKER=No
|
DOCKER=No
|
||||||
|
|
||||||
DONT_LOAD=
|
DONT_LOAD=nf_conntrack_sip
|
||||||
|
|
||||||
DYNAMIC_BLACKLIST=Yes
|
DYNAMIC_BLACKLIST=Yes
|
||||||
|
|
||||||
|
@ -233,7 +233,7 @@ SAVE_ARPTABLES=No
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
SAVE_IPSETS=No
|
||||||
|
|
||||||
TC_ENABLED=Simple
|
TC_ENABLED=No
|
||||||
|
|
||||||
TC_EXPERT=No
|
TC_EXPERT=No
|
||||||
|
|
||||||
|
|
|
@ -25,4 +25,6 @@ ACCEPT tun+ -
|
||||||
ACCEPT - tun+
|
ACCEPT - tun+
|
||||||
ACCEPT wg+ -
|
ACCEPT wg+ -
|
||||||
ACCEPT - wg+
|
ACCEPT - wg+
|
||||||
|
ACCEPT client-wg+ -
|
||||||
|
ACCEPT - client-wg+
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
|
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
|
||||||
$NET_IFACE External
|
$NET_IFACE External
|
||||||
$VPS_IFACE Internal
|
#$VPS_IFACE Internal
|
|
@ -16,4 +16,5 @@
|
||||||
fw firewall
|
fw firewall
|
||||||
net ipv4
|
net ipv4
|
||||||
vpn ipv4
|
vpn ipv4
|
||||||
|
vpncl ipv4
|
||||||
|
|
||||||
|
|
17
ubond.network
Normal file
17
ubond.network
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
[Match]
|
||||||
|
Name=ubond*
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
Description=UBOND tunnel
|
||||||
|
Address=10.255.248.1/24
|
||||||
|
DHCPServer=yes
|
||||||
|
IPMasquerade=yes
|
||||||
|
|
||||||
|
[DHCPServer]
|
||||||
|
PoolOffset=2
|
||||||
|
PoolSize=50
|
||||||
|
EmitDNS=no
|
||||||
|
EmitNTP=no
|
||||||
|
DNS=9.9.9.9
|
||||||
|
DefaultLeaseTimeSec=12h
|
||||||
|
MaxLeaseTimeSec=24h
|
42
ubond0.conf
Normal file
42
ubond0.conf
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
[general]
|
||||||
|
tuntap = "tun"
|
||||||
|
mode = "server"
|
||||||
|
interface_name = "ubond0"
|
||||||
|
timeout = 30
|
||||||
|
password = "UBOND_PASS"
|
||||||
|
reorder_buffer = yes
|
||||||
|
reorder_buffer_size = 64
|
||||||
|
loss_tolerence = 50
|
||||||
|
|
||||||
|
[wan1]
|
||||||
|
bindport = 65251
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan2]
|
||||||
|
bindport = 65252
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan3]
|
||||||
|
bindport = 65253
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan4]
|
||||||
|
bindport = 65254
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan5]
|
||||||
|
bindport = 65255
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan6]
|
||||||
|
bindport = 65256
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan7]
|
||||||
|
bindport = 65257
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
||||||
|
[wan8]
|
||||||
|
bindport = 65258
|
||||||
|
bindhost = "0.0.0.0"
|
||||||
|
|
16
ubond@.service.in
Normal file
16
ubond@.service.in
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
[Unit]
|
||||||
|
Description=UBOND connection to %i
|
||||||
|
PartOf=ubond.service
|
||||||
|
ReloadPropagatedFrom=ubond.service
|
||||||
|
After=network.target network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=main
|
||||||
|
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
|
||||||
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
|
WorkingDirectory=/etc/ubond
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Add table
Add a link
Reference in a new issue