mptcp/openmptcprouter-vps
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00
Code Issues Releases Wiki Activity

Merge develop in master

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2022-08-22 06:34:31 +00:00
commit cf8aa1dc03
15 changed files with 382 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

1
debian11-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

203
debian9-x86_64.sh
View file

@ -6,6 +6,7 @@
# See /LICENSE for more information. # See /LICENSE for more information.
# #
UPSTREAM=${UPSTREAM:-no}
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@ -29,40 +30,53 @@ OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes} DSVPN=${DSVPN:-yes}
WIREGUARD=${WIREGUARD:-yes} WIREGUARD=${WIREGUARD:-yes}
SOURCES=${SOURCES:-no} SOURCES=${SOURCES:-no}
if [ "$UPSTREAM" = "yes" ]; then
SOURCES="yes"
fi
NOINTERNET=${NOINTERNET:-no} NOINTERNET=${NOINTERNET:-no}
REINSTALL=${REINSTALL:-yes} REINSTALL=${REINSTALL:-yes}
SPEEDTEST=${SPEEDTEST:-yes} SPEEDTEST=${SPEEDTEST:-yes}
LOCALFILES=${LOCALFILES:-no} LOCALFILES=${LOCALFILES:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="5.4.100" KERNEL_VERSION="5.4.207"
KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_PACKAGE_VERSION="1.22"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
if [ "$UPSTREAM" = "yes" ]; then
KERNEL_VERSION="5.15.57"
KERNEL_PACKAGE_VERSION="1.6"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
fi
GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OBFS_BINARY_VERSION="0.0.5-1" OBFS_BINARY_VERSION="0.0.5-1"
OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024"
OMR_ADMIN_BINARY_VERSION="0.3+20210508" OMR_ADMIN_BINARY_VERSION="0.3+20220715"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
DSVPN_BINARY_VERSION="0.1.4-2" DSVPN_BINARY_VERSION="0.1.4-2"
V2RAY_VERSION="4.35.1" V2RAY_VERSION="4.43.0"
V2RAY_PLUGIN_VERSION="4.35.1" V2RAY_PLUGIN_VERSION="4.43.0"
EASYRSA_VERSION="3.0.6" EASYRSA_VERSION="3.0.6"
SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
SHADOWSOCKS_BINARY_VERSION="3.3.5-2" if [ "$UPSTREAM" = "yes" ]; then
SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
fi
IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
DEFAULT_USER="openmptcprouter" DEFAULT_USER="openmptcprouter"
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
VPSPATH="server" VPSPATH="server"
VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
VPSURL="https://www.openmptcprouter.com/" VPSURL="https://www.openmptcprouter.com/"
REPO="repo.openmptcprouter.com" REPO="repo.openmptcprouter.com"
CHINA=${CHINA:-no} CHINA=${CHINA:-no}
OMR_VERSION="0.1026" OMR_VERSION="0.1027"
DIR=$( pwd ) DIR=$( pwd )
#" #"
@ -82,14 +96,16 @@ if test -f /etc/os-release ; then
else else
. /usr/lib/os-release . /usr/lib/os-release
fi fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
exit 1 exit 1
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
echo "Use debian when possible"
exit 1 exit 1
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
echo "Use Debian when possible"
exit 1 exit 1
fi fi
@ -166,7 +182,11 @@ echo "Remove lock and update packages list..."
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock rm -f /var/cache/apt/archives/lock
apt-get update --allow-releaseinfo-change if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
apt-get update
else
apt-get update --allow-releaseinfo-change
fi
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock rm -f /var/cache/apt/archives/lock
@ -235,6 +255,17 @@ else
Pin: origin ${REPO} Pin: origin ${REPO}
Pin-Priority: 1001 Pin-Priority: 1001
EOF EOF
if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
Package: *
Pin: origin ${REPO}
Pin-Priority: 1002
EOF
else
rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
fi
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
fi fi
@ -249,12 +280,28 @@ if [ "$ID" = "debian" ]; then
elif [ "$ID" = "ubuntu" ]; then elif [ "$ID" = "ubuntu" ]; then
echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
[ "$VERSION_ID" = "22.04" ] && {
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list
}
fi fi
# Install mptcp kernel and shadowsocks # Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..." echo "Install mptcp kernel and shadowsocks..."
apt-get update --allow-releaseinfo-change apt-get update --allow-releaseinfo-change
sleep 2 sleep 2
apt-get -y install dirmngr patch rename curl libcurl4 unzip apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
if [ -z "$(dpkg-query -l | grep grub)" ]; then
if [ -d /boot/grub2 ]; then
apt-get -y install grub2
elif [ -d /boot/grub ]; then
apt-get -y install grub-legacy
fi
[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
}
fi
if [ -z "$(dpkg-query -l | grep grub)" ]; then if [ -z "$(dpkg-query -l | grep grub)" ]; then
if [ -d /boot/grub2 ]; then if [ -d /boot/grub2 ]; then
@ -277,7 +324,7 @@ if [ "$SOURCES" = "yes" ]; then
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
@ -300,7 +347,7 @@ if [ "$LOCALFILES" = "no" ]; then
else else
cd ${DIR} cd ${DIR}
fi fi
[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg [ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
rm -f /etc/grub.d/30_os-prober rm -f /etc/grub.d/30_os-prober
bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_VERSION}-mptcp
bash update-grub.sh ${KERNEL_RELEASE} bash update-grub.sh ${KERNEL_RELEASE}
@ -311,6 +358,32 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
echo "Install iperf3 OpenMPTCProuter edition" echo "Install iperf3 OpenMPTCProuter edition"
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
if [ "$UPSTREAM" = "yes" ]; then
echo "Compile and install mptcpize..."
apt-get -y install --no-install-recommends build-essential
cd /tmp
git clone https://github.com/Ysurac/mptcpize.git
cd mptcpize
make
make install
cd /tmp
rm -rf /tmp/mptcpize
echo "Compile and install iproute2..."
apt-get -y install --no-install-recommends bison libbison-dev flex
#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
#tar xzf iproute2-5.16.0.tar.gz
#cd iproute2-5.16.0
git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git
cd iproute2
git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
make
make install
cd /tmp
rm -rf iproute2
echo "MPTCPize iperf3..."
mptcpize enable iperf3
fi
apt-get -y remove shadowsocks-libev apt-get -y remove shadowsocks-libev
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
@ -358,6 +431,7 @@ if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
sleep 1 sleep 1
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
@ -387,7 +461,7 @@ if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
cd /tmp cd /tmp
#dpkg -i shadowsocks-libev_*.deb #dpkg -i shadowsocks-libev_*.deb
dpkg -i omr-shadowsocks-libev_*.deb dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
#mkdir -p /usr/lib/shadowsocks-libev #mkdir -p /usr/lib/shadowsocks-libev
#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
@ -480,10 +554,16 @@ if [ "$OMR_ADMIN" = "yes" ]; then
apt-get -y remove python3-jwt apt-get -y remove python3-jwt
pip3 -q install pyjwt pip3 -q install pyjwt
else else
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then
apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
pip3 -q install uvloop
else
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
fi
fi fi
apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
echo '-- pip3 install needed python modules' echo '-- pip3 install needed python modules'
echo "If you see any error here, I really don't care: it's about a not used module for home users"
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
@ -545,6 +625,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
systemctl enable omr-admin-ipv6.service systemctl enable omr-admin-ipv6.service
} }
systemctl enable omr-admin.service systemctl enable omr-admin.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable omr-admin.service
[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
fi
fi fi
# Get shadowsocks optimization # Get shadowsocks optimization
@ -702,14 +786,17 @@ if [ "$V2RAY" = "yes" ]; then
if [ ! -f /etc/v2ray/v2ray-server.json ]; then if [ ! -f /etc/v2ray/v2ray-server.json ]; then
wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
rm /etc/v2ray/config.json
ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
fi fi
rm -f /etc/v2ray/config.json
ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
fi fi
systemctl daemon-reload systemctl daemon-reload
systemctl enable v2ray.service systemctl enable v2ray.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable v2ray
fi
fi fi
if systemctl -q is-active mlvpn@mlvpn0.service; then if systemctl -q is-active mlvpn@mlvpn0.service; then
@ -732,7 +819,8 @@ if [ "$MLVPN" = "yes" ]; then
rm -rf /tmp/mlvpn rm -rf /tmp/mlvpn
cd /tmp cd /tmp
#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn
#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
cd /tmp/mlvpn cd /tmp/mlvpn
git checkout ${MLVPN_VERSION} git checkout ${MLVPN_VERSION}
@ -849,6 +937,34 @@ if [ "$WIREGUARD" = "yes" ]; then
EOF EOF
fi fi
systemctl enable wg-quick@wg0 systemctl enable wg-quick@wg0
if [ ! -f /etc/wireguard/client-wg0.conf ]; then
cd /etc/wireguard
umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key
cat > /etc/wireguard/client-wg0.conf <<-EOF
[Interface]
PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
ListenPort = 65312
Address = 10.255.246.1/24
SaveConfig = true
[Peer]
PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n")
AllowedIPs = 10.255.246.2/32
EOF
fi
if [ ! -f /root/wireguard-client.conf ]; then
cat > /root/wireguard-client.conf <<-EOF
[Interface]
Address = 10.255.246.2/24
PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n")
[Peer]
PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n")
Endpoint = ${VPS_PUBLIC_IP}:65312
AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24
EOF
fi
systemctl enable wg-quick@client-wg0
echo "Install wireguard done" echo "Install wireguard done"
fi fi
@ -951,6 +1067,9 @@ if [ "$OPENVPN" = "yes" ]; then
mkdir -p /etc/openvpn/ccd mkdir -p /etc/openvpn/ccd
systemctl enable openvpn@tun0.service systemctl enable openvpn@tun0.service
systemctl enable openvpn@tun1.service systemctl enable openvpn@tun1.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable openvpn@tun0
fi
systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding1.service
systemctl enable openvpn@bonding2.service systemctl enable openvpn@bonding2.service
systemctl enable openvpn@bonding3.service systemctl enable openvpn@bonding3.service
@ -969,6 +1088,7 @@ fi
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /usr/bin/glorytun
apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
rm -rf /tmp/glorytun-udp rm -rf /tmp/glorytun-udp
cd /tmp cd /tmp
@ -1013,7 +1133,8 @@ if [ "$SOURCES" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/glorytun-udp rm -rf /tmp/glorytun-udp
else else
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} rm -f /usr/local/bin/glorytun
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
fi fi
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
@ -1062,6 +1183,9 @@ if [ "$DSVPN" = "yes" ]; then
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
fi fi
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable dsvpn-server@dsvpn0
fi
fi fi
# Install Glorytun TCP # Install Glorytun TCP
@ -1080,11 +1204,19 @@ if [ "$SOURCES" = "yes" ]; then
fi fi
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /usr/bin/glorytun-tcp
apt-get -y install build-essential pkg-config autoconf automake apt-get -y install build-essential pkg-config autoconf automake
rm -rf /tmp/glorytun-0.0.35 rm -rf /tmp/glorytun-0.0.35
cd /tmp cd /tmp
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz if [ "$UPSTREAM" = "yes" ]; then
wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
else
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
fi
tar xzf glorytun-0.0.35.tar.gz tar xzf glorytun-0.0.35.tar.gz
if [ "$UPSTREAM" = "yes" ]; then
mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
fi
cd glorytun-0.0.35 cd glorytun-0.0.35
./autogen.sh ./autogen.sh
./configure ./configure
@ -1107,7 +1239,8 @@ if [ "$SOURCES" = "yes" ]; then
cd /tmp cd /tmp
rm -rf /tmp/glorytun-0.0.35 rm -rf /tmp/glorytun-0.0.35
else else
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} rm -f /usr/local/bin/glorytun-tcp
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
fi fi
[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
@ -1203,6 +1336,7 @@ else
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
cp ${DIR}/shorewall4/policy /etc/shorewall/policy cp ${DIR}/shorewall4/policy /etc/shorewall/policy
cp ${DIR}/shorewall4/params /etc/shorewall/params cp ${DIR}/shorewall4/params /etc/shorewall/params
cp ${DIR}/shorewall4/zones /etc/shorewall/zones
#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
cp ${DIR}/shorewall6/params /etc/shorewall6/params cp ${DIR}/shorewall6/params /etc/shorewall6/params
@ -1215,7 +1349,14 @@ else
sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
if [ "$LOCALFILES" = "no" ]; then
rm -rf ${DIR}/shorewall4
rm -rf ${DIR}/shorewall6
rm -f ${DIR}/openmptcprouter-shorewall.tar.gz
rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz
fi
fi fi
[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
apt-get -y install iptables apt-get -y install iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set iptables /usr/sbin/iptables-legacy

123
multipath Normal file → Executable file
View file

@ -6,9 +6,8 @@
# Released under GPL 3 or later # Released under GPL 3 or later
if [ -d "/proc/sys/net/mptcp" ]; then if [ -d "/proc/sys/net/mptcp" ]; then
if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
echo "MPTCP is disabled!" echo "MPTCP is disabled!"
echo "Please set net.mptcp.mptcp_enabled = 1"
exit 1 exit 1
fi fi
else else
@ -26,7 +25,7 @@ case $1 in
echo " multipath device {on | off | backup | handover}" echo " multipath device {on | off | backup | handover}"
echo echo
echo "show established conections: -c" echo "show established conections: -c"
echo "show mullmesh info: -f" echo "show fullmesh info: -f"
echo "show kernel config: -k" echo "show kernel config: -k"
echo echo
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
@ -43,12 +42,28 @@ case $1 in
cat /proc/net/mptcp_fullmesh cat /proc/net/mptcp_fullmesh
exit 0;; exit 0;;
"-k") "-k")
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` elif [ -f /proc/sys/net/mptcp/enabled ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` echo Enabled: `cat /proc/sys/net/mptcp/enabled`
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` fi
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
fi
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
else
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
fi
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo echo
echo See http://multipath-tcp.org/ for details echo See http://multipath-tcp.org/ for details
exit 0 ;; exit 0 ;;
@ -65,38 +80,74 @@ TYPE="$2"
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
[ -d "/sys/class/net/$DEVICE/" ] || { [ -d "/sys/class/net/$DEVICE/" ] || {
echo "Device '$DEVICE' can't found!" #echo "Device '$DEVICE' can't found!"
echo "Use the hardware name like in ifconfig" #echo "Use the hardware name like in ifconfig"
exit 1 exit 1
} }
FLAG_PATH="/sys/class/net/$DEVICE/flags" if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
IFF=`cat $FLAG_PATH` FLAG_PATH="/sys/class/net/$DEVICE/flags"
IFF=`cat $FLAG_PATH`
IFF_OFF="0x80000" IFF_OFF="0x80000"
IFF_ON="0x00" IFF_ON="0x00"
IFF_BACKUP="0x100000" IFF_BACKUP="0x100000"
IFF_HANDOVER="0x200000" IFF_HANDOVER="0x200000"
IFF_MASK="0x380000" IFF_MASK="0x380000"
case $TYPE in case $TYPE in
"off") FLAG=$IFF_OFF;; "off") FLAG=$IFF_OFF;;
"on") FLAG=$IFF_ON;; "on") FLAG=$IFF_ON;;
"backup") FLAG=$IFF_BACKUP;; "backup") FLAG=$IFF_BACKUP;;
"handover") FLAG=$IFF_HANDOVER;; "handover") FLAG=$IFF_HANDOVER;;
"") "")
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
case "$IFF" in case "$IFF" in
$IFF_OFF) echo $DEVICE is deactivated;; $IFF_OFF) echo $DEVICE is deactivated;;
$IFF_ON) echo $DEVICE is in default mode;; $IFF_ON) echo $DEVICE is in default mode;;
$IFF_BACKUP) echo $DEVICE is in backup mode;; $IFF_BACKUP) echo $DEVICE is in backup mode;;
$IFF_HANDOVER) echo $DEVICE is in handover mode;; $IFF_HANDOVER) echo $DEVICE is in handover mode;;
*) echo "Unkown state!" && exit 1;; *) echo "Unkown state!" && exit 1;;
esac esac
exit 0;; exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac esac
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
else
ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in
"off")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
exit 0;;
"on")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
exit 0;;
"signal")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
exit 0;;
"backup")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
exit 0;;
"")
case "$IFF" in
"") echo $DEVICE is deactivated;;
"subflow") echo $DEVICE is in default mode;;
"backup") echo $DEVICE is in backup mode;;
"signal") echo $DEVICE is in signal mode;;
"fullmesh") echo $DEVICE is in fullmesh mode;;
*) echo "$DEVICE Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
fi

1
omr-pihole.sh
View file

@ -38,6 +38,7 @@ cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0 PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16 IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fe80::aff:ff01/64 IPV6_ADDRESS=fe80::aff:ff01/64
RATE_LIMIT=0/0
EOF EOF
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf

55
omr-service
View file

@ -7,7 +7,11 @@ _multipath() {
for intf in `ls -1 /sys/class/net`; do for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then if [ "$intf" != "bonding_masters" ]; then
if [ "$intf" = "$NET_IFACE" ]; then if [ "$intf" = "$NET_IFACE" ]; then
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
multipath $intf signal
ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
}
else else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
fi fi
@ -16,26 +20,32 @@ _multipath() {
} }
_glorytun_udp() { _glorytun_udp() {
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
logger -t "OMR-Service" "Restart Glorytun-UDP" [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
systemctl -q restart 'glorytun-udp@*' logger -t "OMR-Service" "Restart Glorytun-UDP"
} systemctl -q restart 'glorytun-udp@*'
for intf in /etc/glorytun-udp/tun*; do sleep 10
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} }
done for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
fi
} }
_glorytun_tcp() { _glorytun_tcp() {
for intf in /etc/glorytun-tcp/tun*; do if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} for intf in /etc/glorytun-tcp/tun*; do
done [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then done
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
[ -z "$localip" ] && localip="10.255.255.1" localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
remoteip="$(echo $localip | sed 's/\.1/\.2/')" [ -z "$localip" ] && localip="10.255.255.1"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then remoteip="$(echo $localip | sed 's/\.1/\.2/')"
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
systemctl restart glorytun-tcp@tun0 logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
sleep 10
fi
fi fi
fi fi
} }
@ -54,19 +64,22 @@ _dsvpn() {
} }
_shadowsocks() { _shadowsocks() {
[ -z "$(pgrep ss-server)" ] && { [ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks" logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
systemctl restart shadowsocks-libev-manager@manager systemctl restart shadowsocks-libev-manager@manager
} }
} }
_wireguard() { _wireguard() {
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null if [ -n "$(systemctl -a | grep 'wg')" ]; then
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null
fi
} }
_omr_api() { _omr_api() {
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin" logger -t "OMR-Service" "Restart OMR-Admin"
systemctl -q restart omr-admin systemctl -q restart omr-admin
} }

BIN
openmptcprouter-shorewall.tar.gz
View file

Binary file not shown.

1
shorewall4/interfaces
View file

@ -20,6 +20,7 @@ vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags
vpn wg+ nosmurfs,tcpflags vpn wg+ nosmurfs,tcpflags
vpncl client-wg+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags
vpn omr-bonding nosmurfs,tcpflags vpn omr-bonding nosmurfs,tcpflags

2
shorewall4/policy
View file

@ -19,6 +19,8 @@ fw vpn ACCEPT
fw net ACCEPT fw net ACCEPT
net all DROP net all DROP
vpn vpn DROP vpn vpn DROP
vpncl vpn ACCEPT
vpn vpncl ACCEPT
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT all all REJECT

10
shorewall4/shorewall.conf
View file

@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
AUTOCOMMENT=Yes AUTOCOMMENT=Yes
AUTOHELPERS=Yes AUTOHELPERS=No
AUTOMAKE=No AUTOMAKE=No
@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No CLAMPMSS=No
CLEAR_TC=Yes CLEAR_TC=No
COMPLETE=No COMPLETE=No
DEFER_DNS_RESOLUTION=Yes DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=No
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No
@ -163,7 +163,7 @@ DISABLE_IPV6=No
DOCKER=No DOCKER=No
DONT_LOAD= DONT_LOAD=nf_conntrack_sip
DYNAMIC_BLACKLIST=Yes DYNAMIC_BLACKLIST=Yes
@ -233,7 +233,7 @@ SAVE_ARPTABLES=No
SAVE_IPSETS=No SAVE_IPSETS=No
TC_ENABLED=Simple TC_ENABLED=No
TC_EXPERT=No TC_EXPERT=No

2
shorewall4/stoppedrules
View file

@ -25,4 +25,6 @@ ACCEPT tun+ -
ACCEPT - tun+ ACCEPT - tun+
ACCEPT wg+ - ACCEPT wg+ -
ACCEPT - wg+ ACCEPT - wg+
ACCEPT client-wg+ -
ACCEPT - client-wg+

2
shorewall4/tcinterfaces
View file

@ -1,3 +1,3 @@
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
$NET_IFACE External $NET_IFACE External
$VPS_IFACE Internal #$VPS_IFACE Internal

1
shorewall4/zones
View file

@ -16,4 +16,5 @@
fw firewall fw firewall
net ipv4 net ipv4
vpn ipv4 vpn ipv4
vpncl ipv4

17
ubond.network Normal file
View file

@ -0,0 +1,17 @@
[Match]
Name=ubond*
[Network]
Description=UBOND tunnel
Address=10.255.248.1/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h

42
ubond0.conf Normal file
View file

@ -0,0 +1,42 @@
[general]
tuntap = "tun"
mode = "server"
interface_name = "ubond0"
timeout = 30
password = "UBOND_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
loss_tolerence = 50
[wan1]
bindport = 65251
bindhost = "0.0.0.0"
[wan2]
bindport = 65252
bindhost = "0.0.0.0"
[wan3]
bindport = 65253
bindhost = "0.0.0.0"
[wan4]
bindport = 65254
bindhost = "0.0.0.0"
[wan5]
bindport = 65255
bindhost = "0.0.0.0"
[wan6]
bindport = 65256
bindhost = "0.0.0.0"
[wan7]
bindport = 65257
bindhost = "0.0.0.0"
[wan8]
bindport = 65258
bindhost = "0.0.0.0"

16
ubond@.service.in Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=UBOND connection to %i
PartOf=ubond.service
ReloadPropagatedFrom=ubond.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/ubond
Restart=always
[Install]
WantedBy=multi-user.target