diff --git a/debian/changelog b/debian/changelog index 1e55a02..33cf21b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -omr-server (0.1025) unstable; urgency=medium +omr-server (0.1025-test) unstable; urgency=medium * Wireguard support and fixed diff --git a/debian/control b/debian/control index fccd12e..0da3629 100644 --- a/debian/control +++ b/debian/control @@ -27,6 +27,9 @@ Depends: shorewall, shorewall6, iptables, + v2ray-plugin (= 4.35.1), + v2ray (=4.35.1), + linux-image-5.4.100-mptcp (= 1.18+9d3f35b), ${misc:Depends} Provides: omr-server Conflicts: omr-server diff --git a/debian/postinst b/debian/postinst index 66b1e91..bd08d7f 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,8 +5,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x # use debconf . /usr/share/debconf/confmodule -cd /usr/share/omr-server -LOCALFILES=no SOURCES=no sh debian9-x86_64.sh +sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh +systemctl enable omr-update db_stop diff --git a/debian/rules b/debian/rules index 10d24ab..d411dc4 100755 --- a/debian/rules +++ b/debian/rules @@ -9,8 +9,10 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all override_dh_auto_install: mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server - find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' + find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ + mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system + cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh old mode 100644 new mode 100755 diff --git a/old-v2ray.service b/old-v2ray.service new file mode 100644 index 0000000..9ed715a --- /dev/null +++ b/old-v2ray.service @@ -0,0 +1,25 @@ +[Unit] +Description=V2Ray - A unified platform for anti-censorship +Documentation=https://v2ray.com https://guide.v2fly.org +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple +#Type=exec +Type=simple +# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. +# This service runs as root. You may consider to run it as another user for security concerns. +# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. +# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 +User=root +#User=v2ray +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=yes +ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json +Restart=on-failure +# Don't restart in the case of configuration error +RestartPreventExitStatus=23 + +[Install] +WantedBy=multi-user.target diff --git a/omr-service b/omr-service index 4b8e54d..6fe97bf 100755 --- a/omr-service +++ b/omr-service @@ -52,7 +52,7 @@ _lan_route() { while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c '.lanips //empty' | + echo "$c" | jq -c -r '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null diff --git a/omr-test-speed b/omr-test-speed new file mode 100755 index 0000000..fa95ff2 --- /dev/null +++ b/omr-test-speed @@ -0,0 +1,42 @@ +#!/bin/sh +# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : +INTERFACE="$1" + +echo "Select best test server..." +HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" +bestping="999" +for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi +done + +[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" + +echo "Best server is $HOST, running test:" +trap : HUP INT TERM +if [ -z "$INTERFACE" ]; then + curl -4 $HOST >/dev/null || echo +else + domain=$(echo $HOST | awk -F/ '{print $3}') + hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset add ss_rules_dst_bypass_all $ip + done + fi + curl -4 --interface $INTERFACE $HOST >/dev/null || echo + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset del ss_rules_dst_bypass_all $ip + done + fi +fi diff --git a/omr-update.service.in b/omr-update.service.in new file mode 100644 index 0000000..1a21135 --- /dev/null +++ b/omr-update.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=OMR Update +After=network.target network-online.target + +[Service] +Type=simple +Restart=no +Environment="SOURCES=no" +Environment="REINSTALL=no" +Environment="LOCALFILES=yes" +ExecStart=/usr/share/omr-server/debian9-x86_64.sh +StandardOutput=file:/var/log/omr-update.log +StandardError=file:/var/log/omr-update.log + +[Install] +WantedBy=multi-user.target