From e0fbb8faa9ba936cbd1b8b2c19a8c333bf236019 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 16 Dec 2020 15:44:13 +0000
Subject: [PATCH] Update API, kernel and add OpenVPN Bonding support

---
 debian9-x86_64.sh                |  47 +++++++++++++++++++++++++------
 omr-6in4-run                     |   2 +-
 omr-service                      |  18 ++++++++++--
 openmptcprouter-shorewall.tar.gz | Bin 4056 -> 4076 bytes
 shorewall4/interfaces            |   2 +-
 5 files changed, 57 insertions(+), 12 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 085a360..34dc176 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -15,7 +15,7 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
-UPDATE_OS=${UPDATE_OS:-yes}
+UPDATE_O7S=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
@@ -32,17 +32,17 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.74"
-KERNEL_PACKAGE_VERSION="1.14+9d3f35b"
+KERNEL_VERSION="5.4.81"
+KERNEL_PACKAGE_VERSION="1.15+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03"
+OMR_ADMIN_VERSION="595b55f7309b8b940b6599bb49c824376750860e"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
-#V2RAY_VERSION="v1.1.0"
+V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
@@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1018-test"
+OMR_VERSION="0.1023-test"
 
 DIR=$( pwd )
 #"
@@ -389,7 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
-	pip3 -q install fastapi netjsonconfig python-multipart -U
+	pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
@@ -563,7 +563,10 @@ if systemctl -q is-active v2ray.service; then
 fi
 
 if [ "$V2RAY" = "yes" ]; then
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
+	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
+	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
@@ -765,13 +768,37 @@ if [ "$OPENVPN" = "yes" ]; then
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 		wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
+		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
+		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
+		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
+		wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
+		wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
+		wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
+		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
+		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
 	else
 		cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
 		cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
+		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
+		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
+		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
+		cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
+		cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
+		cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
+		cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
+		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
+	systemctl enable openvpn@bonding1.service
+	systemctl enable openvpn@bonding2.service
+	systemctl enable openvpn@bonding3.service
+	systemctl enable openvpn@bonding4.service
+	systemctl enable openvpn@bonding5.service
+	systemctl enable openvpn@bonding6.service
+	systemctl enable openvpn@bonding7.service
+	systemctl enable openvpn@bonding8.service
 fi
 
 echo 'Glorytun UDP'
@@ -1039,6 +1066,10 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] &
 	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 fi
+if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ]; then
+	sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat
+fi
+
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
diff --git a/omr-6in4-run b/omr-6in4-run
index ea5faad..ae91dce 100755
--- a/omr-6in4-run
+++ b/omr-6in4-run
@@ -3,7 +3,7 @@
 set -e
 
 if [ ! -f "$2" ]; then
-        echo "usage: $(basename "$0") FILE"
+        echo "usage: $(basename "$0") start FILE"
         exit 1
 fi
 
diff --git a/omr-service b/omr-service
index a235ad0..d3c098f 100755
--- a/omr-service
+++ b/omr-service
@@ -62,9 +62,9 @@ _gre_tunnels() {
 		if [ -f "$intf" ]; then
 			. "$(readlink -f "$intf")"
 			iface="$(basename $intf)"
-			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then
+			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP
+				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
 				ip link set $iface up
 				ip addr add $LOCALIP dev $iface
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
@@ -73,7 +73,20 @@ _gre_tunnels() {
 	done
 }
 
+_openvpn_bonding() {
+	if [ "$(ip link show ovpnbonding1)" != "" ] && [ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ]; then
+		ip link set opvpnbonding1 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding2 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding3 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding4 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding5 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding6 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding7 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding8 master omr-bonding 2>&1 >/dev/null
+	fi
+}
 
+ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
@@ -81,5 +94,6 @@ while true; do
 	_omr_api
 	_lan_route
 	_gre_tunnels
+	_openvpn_bonding
 	sleep 10
 done
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 5a984469460479c249eee19de9ccf473c2daf5e9..dbbaefbae4907faea3d9be6dd77f680a5a4cbb83 100644
GIT binary patch
delta 3895
zcmV-756JM?AM76;ABzY804v&G00ZqD?Q)~Y@&2Nxn6jO_-HP>TNs%2Qe|uTUn_Ot`
z3h3$So}TIH?ty_x;QMjtOn&+1aL@qgw%hawP&_uz;k<cv-fXwpjqcg`H;rbq-R*uu
z8V77s2FoaRLPEX?gCPDC-LCTgQ8=y~6Z0tu-DhVuBh@OYyYZwRrI`98wT}u?_Jfdk
z{zDMXo!AR};@k(zn7BaUf4LEqkod`q$b&a?Pf7f;aLLi!@kz$5nsGY<c0cqrW5iqJ
ztaAJ&P&wuWOV(75<4kRA2olGMl4)_AZfKUqiMnRMg-H)%Q!+U7R<?v;rSgOKKu-9v
zr41!Tmkg79`z^6;!Llvh7)TZ)ux)<Ct0HeRqKaT$KDo1n8(uole+N_NQrEaDhyRw-
z1=nmezHd~1aQ&(Gkk;>8`ex;ac(JM(PZnIOS*SKVYn^S@GkCKg@w|DFEB~=}an@Yt
z+&pg;n<N{;CTlO8tXJ%IyXS?9s$^ZsnrW-%W_{m{@4X<Z`ca{UXGJc$zO73Zi(;QZ
z%g+i`O<t8Yt45CRe-_%_>2`}%<t;)ZZ?WFmPNQ4wEmIwBtLe`RRh!-77+PD$K3*Gq
ztl7O-Rb<C6o&TO6yWxW~aie{BlkKp>|F;_FXXyXC?ek`<(`ljq@3tGI|9=Zu_x~T<
zFhalHt~E%Nn9h7LbBUap2<d}oC*b}`{2Wv>(;?v2AH2t9e@KHu4LAzH;wAJRpJMV(
zcu!g|{MA;Y*(Ucd5Fy;0K+ARJG_qJ2IA-2`=!7o>V@T+_BnlqlXD4+3LSBL;nLsEB
z-KiHrw7Fl#F7aXlp0yr?P=6l4Y<NM`(x18^6$8ziM<jTl7Xx)n6gP^XY~cEC=*)<|
zyq|d!sH}Jsf7g#(;zVSDxai59rfuzGL(HTh5CDNaRr4>z^`IPOr@hvyHB)H`$5R4*
z_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m97(nK*O>PA!!kr+Wa`F_H;bS`
zb+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zGe*{g(RKcu3u;NZ2n%OcIa?_{D
z;uPY>!_0Y%PDAJ+7kUH~KlOuXz6>9t(+Gxo;?kmCqw-<lbB}Q~UiyFLxQr&{kQRe)
zXC&Jx<}>(xwf?7gPoq!Od<@;{5@y6}a)WtTy$>MH_>WsCzP9TsVGpoyLT7%!*pIMl
z{nu)>e+%os#`$>}|K9|5t^b&P(D=khk@x7+==H$~J?DM~aUp(U(T(^n#7qcLE(>OI
zj8QyVK0dlp3?-B<twwxj4t4L{M+hs=5JrJ1SuP;wg&+@cc;?12jjVA%Fy4dzSwc|8
z=s1VWAeiSG0RC%AXzcN!y)Tp<4OZ@&W{WU*f6O$Iex;esC0=mMx%b@osgYb=3A}0b
znrDq#s{=8;fyYi#mc)hLy6X=gCe4fH_j%^zU7;se@e#6^Nf1uoGx@m)!?6=8pPi;*
zh^0s_)Qpz17?cE+?peAJL0@9#;<3zw@g`3WWH7D^-5Yw)nSLe;_2jsMa@?!x>^a=Z
zf2yF2MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#&PxCP7LcX3)B%3&)|Bwp
z@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<(lTGcR<w<B3HUz`i(uwW
zUJff`=l$Qt#{6$I%J}~#@EP}ib!sBzf4$%G-tVjTewi29|9#(M_Mn!efX{154s=bC
zg}c?Yq78^5-AGD$EstdD@@j0DRt4{9=Iatz^Q>L-f*|SE2HC^&HmU-a6l=Xg_KM6R
z8mC7dL_^c_*Em-64lPH2uo&mjP$GRzQM6lG9i)9T8bg;|NkrkH4}dSn(H}$lf4d}D
z97j2oas2-l!sYCckA5lai2v<&ySV=c$XjLne+&4G_-~+zd};VUg|qWA2lxZ$0MwK0
zJq7qmknR=BB5olO*~~<64_OXhq}L32Agg?um=J@vq<nqca8`%oh&QhBTF_LLW-m#(
zC6CtVhhQJL6)kHY-K&-_r<;k6f60FaxCt&jzBAuv_@dhRCL#<BZLC**FeTP|yrQfw
zpelc*$mUQIS4cxrpeJ$&S-s&EIfodlmca|xc^Xx^tz@c+f&X2M8B_3#-pF?+)O;7-
z<d@}wJuSjng^wDJE3*H=nR(N9m@%PNyArQ>vY>O50Y90zi<pS2nUfT)e`Gv(iCc?<
zROWLK;?_y1@{Z+ttS?Xcw`+1(>oPf18Qt?ADerp1?nYOE2+?_7#mo~}Z_pIQL7msd
z?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9T5}czQ+HaU4w4E^
z2X1rdw&}f%1|Nha1DP`ye=2klgfaOm>2@G1p>8*Na;Cv^6ij}JXj>m=LHH6ceG>R<
zy#!2|)U|FXiY{6fJyK!SZl`nB`Q1F0(@h?qP|q}n>2U6);jLDSiW7%|j@<<ja!OXV
zx@k-}5rFpLd72Iq2i)l*hB7iBx`)tWIt}SyP!>&O+HGH4T;#b=N@gCKO@4wW7J4kI
zJS=VSX(zJ2JV|e7vdyAZ%IXtTbdP32^|kY}Lqit7YnaI$M#iV}|7NS%?O^`j?wofz
z%@*eWt#+r}|M4c1=m#TzM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z
z(MN^G)t=({Z2xz+I4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{
zZd5shc1*n+P{IIZG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6FY``1C|2a?e{VDtOX
z`v$cA7IaXEvVRTwvLW3<%6~{DV95c7G=M)D=Ez|GN?a+h*nm}vWh>girZ<y8pJY|C
zhQsqKT$!k1as`VwOXgLxrv?nMvdb1lK<B{Pg;DoqMe5Z*IAI-<-um2)B6K{gi0*do
z9c6y>@=p=|JEEn37C+Eb<t`OMmteqh#0!OHvwOSA3Tv(Dh7Qs#$=Dz^U&D{aMt>8V
z_z}RbG|BG>_u?9$Diur6?Y_bf%ncUV>Ta!l`ySO}4y{H2!?(b0G@^nrX{68Llt3Sg
z>u4VANra=AOcMcUH8_*8eE)XF8#*qBB@@(z#eQEN*g9{24SPo?zu~1Q8y{C)d3o}i
zIphs#9Si0#kTh8bY_GnILMU-UxBhEvKe~aps4Ef}?n;WR(;ri^r~wMs)B?e9G;s_R
z$fZ(I`;eI<0c%V>y7&CcI{l#%va{@D7EGL3@e=8vdAejMy_CGZaKjneqiJb|M1_ZL
z6oWEgNkff)`3~D0O5i~#ee?tc<16#d#MbtXj?j<}<6J}-<UW|d7|g+<#vr7o0>)7%
zBZ@IFh8@5Z=vv4Yr9MAatey{R<D45x(MMNd;7lh@6thL}>1a8Nz1;N_7TjtOn=i1I
z$tDxUCU-sZXk49(su{YA9QLS!oIYFP5m?KQV`(f2tv7uOial-m9g~g<CJraRVbU6X
zgcDp&eEi$Vlfnvre|H2C{WQrBPP1@^CM*njS+z~U04JPq6%>A?k4(lxP$b^4!KJYx
zZKNxb#RS4kfhY_U)CPB{DPz3t$;d<riEL{qsd%>{MOt)zq5iUtH!+w55p`E2z}<8i
z0vsu1ne0@>WP!)zMZ8n_5ooy5in5h{(!u_0`XpJF%nYd+e^wGS7^=@hCP1AS<qYY|
zEpLc6(+}@xgNU?qAp{LnaQ0*MTGei$+YFfnD6A<%7l0@WOdp4R%sS&(Rux&5fRiN*
zQ%a0uHi%KdI+A99MI@rpf;7KUxt1i|HZ0p(i8w};lXq=Rn<i4Ua+*G^8(N076q;hG
z1L)25Wz&d<fBq5K;{qlEHMU{ovwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN
z$;X!Tla06jwXxOfHXuBYAw(K*CD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV
z{Wyk%-Ok>8OQ>j4M<cTn##y*deK!-%R8Na23Y9iff4qf;pPz`V$!r2KB9p&?CT2+x
z5>XT#Saxj*Sy!7LK8j?hpJ3#ylt4FRn5KH~s721`A0C_V*INI>+yQ4MRM2i@F`dQ?
zXN=P(jLn>;$t*yeKD+}Dz$-S)lN>3S)(XLreK1qWG+`~5bOxFz*oVODP;O?^_*OHn
zdFT~Ye`J+^mJH2ieMm1gRchf+uX-5YuG56(8oaxe<h&;M_H>C(J^UfpR^XU)To_@0
z(A_K93M*fddV$qE%$G8QUM+C)Wy!vp)k0@eAY0OG!M|E#wTjs+TdiZZE3oIj+%kwG
zdI#wm7sx!hg8>{9YyV<#&RxkC`tfuoZCq>pe?D7ejCk`pEk$Ey=jFEH|00MW<2<yC
zo%?^;{r~*_pLVC*|NkaXc>goq^MjdmedI*{T)Lq%b=@!A{?jdY{``S={-6&z$`nbS
zt?YWPLTl0IDpbump!1FRZ`wz+<-<|j*8M*m{dN>)umXp<T>djs9PR+3-<tx`EB;DW
ze`M<pIt^mvk7LQ;Mc|seZPTbV>do%yKPn)n*}VW<dmVQU_SR*nR)V@f)b|M)m-}P|
zjtWd>_M9A_o5MT+<D;EUpU`EG(xb{TQocJ$-wArpag7@Nt2cmU_WDm5zyCN8#ld3X
zP7k^bcvt*yofW_T&}x<6e|j5uZU1j4f0qm7Oyob#1DdTe1^6SU067~uz-vHXxEXi7
z-WP3(&2NTHt~YkjCEt6>uB#gq)dJ_F#x_prr=dQdQ(9w#HvNp$ZZ3>+gDm};)NTfh
za)XS0s%m$2+Wa!jcms$hhyMcPuJ`|&-QxQ{t!AfF#{ai~<Kl<!7+80D4k4@6e=A-U
zZ)MTSUNO+d)(Tn4eIk#Oeq|qHs;pKF949AVX!_dvmaq=E5&tW{|JUqne*dl8F7N-n
z34F%;e?Oy%l&}An+5fBAKXoDpNc)p-v!=l)`4}E4f~;<!(h&98x&CXs(+}{aFY;%v
zvZSxcc#9A1?3)4fqRd-MD4~QBAxbErgc3?9p@b4jD4~QBN+_X(5=!{$@Nb?dmh=F4
F002~+qw@d&

delta 3875
zcmV+;58UwVAJ`uqABzY8Cp>>&00ZqD?Q)~Y@&2Nxn3A2l-HP>TOOYKSf19l2&0T2k
z3h3$So}TIH?ty_x;QMjtOn&+1aL@$ko}JMnK=If*hx69ydF!lw*6g01f75KW&br-i
zNb`Vg%3vAAPDsc%VGzWhqT5yeJB6dl5iy^F(0z7hGg7OOh8s^BQHp6yQv0YNWj_ds
z=RXAD+=;!wC(eDajEM^rf1Vpb35lP)h&*^R_k_eR3zt;qj!!afwTxR8*!|Ggj1g~<
z)5_7CK;?)RELl@Ijx)8fAxIo2N~Xnex}jMbC+eC37bZQ7P08TQTiFtZmC6s^13Bi$
zmNt|WT{2Aa?YG3X1<SU0V<1_Kz_$4juZq0Qh$@10`Q*+PZg}ZHe;-VpOI_n?9R6EQ
z7hJ2^{JvTF!S$!!Lt4LY>6?`w;>D_FJXvt<R-xMPw0*i+&*061#PilguKdUP#c6Au
zbL+faY?5pUo2<QXvR<*<?VcAZs*-gjYo@K5oArG+zW0Kt=0}AVo))?2`nE1vEQ);s
zEk7+(HF;IqtQtAKe_LpKr`s)7mA43uyv2HJJI!vfw@h`kt)@RORBd&OV`yz1`*>~e
zv1a#TRgoRPbpCsO?1m4{#EtghO}4`h|KDz&wu}D1+b;e8o4~sN|KNrZ`t`GVlhlam
z%oj74$eD?dK6rKl?w`cZK`k>K0&e}mdt8PzDAa+Y5G-CofA8@rChvszqz%JgYd2eG
z<o*RBgqss+xz3zM77GK%%)1Yr@P%Lu30;>&!9)D)gzjI+ORyvp2qmFA^&*Hi_siHN
zUQEEVHi8i9&jXkZFNj+DQ#Yhypn3C%1P}CLppJ>+MiG<^T;C0y8PS*bGj9Tw6>sAD
zkxQJ2ED#qxf4S4Nt$l2WnKT3fAh4%u{)M<6l%wpl*V^?~DlOr7LZGkSIWe|BB*6kJ
zzK2G?keLImOKa9?7nmRj>tgsMhQx~_sUH6t)Bb)~hA50o-PrMF5mcz{74{I@SDvK0
z?|`1A3hljfKKfZxB|?a-T9VP{1w2R4bW9b@3Ir?ee;A^fEn^`!eVQyzAZ|R&oX6-S
zgdTFCM?motKZxeb@F6;hV5lc9E$THZ9~M6M7}w&Z|7VWNXi^SoG5B^yvYlc+gWp%{
ze~R}s`c%!w(5)?DMr@P&#gV0i-vcb1(3u}F_9N_C|Fzp^h4|k*KW~=t|1DtG`j6QM
zjZb_Oe|e8Sjb0y|&~xr*5EtSn7Tt*NLd=8^<+5NV#~8(<<>R9p#ZW@&(rUza=1}+E
zeT1;`3}F<QlH~$&UI_9Khi7ga)5sbJ1mnHuKQ19CV|1KDW)RGC4FLZ&B{cT<(B2oy
zjs`1tO|wN9JZ73mztYU+5-&LB+<R{P)J(3fe+1sNdacuDz1@MB-o#@kDNEu)Z{78W
z50lnK>-#)&@~+U6tM~|6%p?e>@0t8ugyGl;mCsJoFvL<M7ivb!Sqw^oO7|>Xh@dYq
zbMaW_!FZD=2QnDfh3*YK=uAHog?e&aK{@VKb@m)?WmQndqC}Wk)uBN}6vU;kJtzL3
ze_%Bbhm*0x|3d`m7T15B&S~lY-vYAKmO8+%-I@~K8s5U|?wtSUoAdv?y#MniaHE?x
zFN#L5MH2z~zg5vj#s;=sL0aZ3*owAUt`UFtun1<}<mIq3cHaMOZp{B?vyA_50-tgJ
zSEnXY-uo@@{l0qdmwA!>-}gOY4{AvYfB3wX<UrRHS-4wWE82i4(v75~*YZfVF0aOh
zX;tu!XTC0hHP6~LF9?!uZIC@YZ=)(;NwL-|WUt69qH%iUK{PZye~n{B@8ELu2a9nY
z4JFdo6h*t0)j`@fqcL>Zl|&RC`T+QH9Q`q*ze|F}ag<XT$Nz63T+R;p=$FEdfB1iP
zc2?Z~1LW;8{=Wr$M*KI>M7}iqpTOC9nFIWRa{%f|_MQTKB}n&*Wf8ZKh-_vexQ8r<
zFVbs<JdjmBO-zWvTT;G0Za8beal{+fcr9qEO0$=w+>%FY^h2-@+=`a9kM32=m($He
zN94Z)+ys{%-<j_-d{OOu6A=c6e>T=DKbR8hJzh~(7f_YIQe<-|i7TWbDbN!+gsk51
zikw4?Rm<Ro>pYDr-BvQy#K8Y9#*8U=MsMW16KcK-Z}Q7>!JZc3tinePM-|!s;LN<~
zJIt6+t6hm#JXz4W$$+0s+(k@8)yzqXRx%#E#I40aD)TuAaqA>hdB<`+f7X}B{o6G;
ztaX_js*LXWkCb;KVRxgeK!oT#uVUs2tT$+i;-Jp!;&!OAi+8Gu7zT?1)9Sr5t<paK
zSKzz#I=XMN2;C3hWtfYc1qu1ROKZ-8VCqim)In0g>A-Cc-8Q|q(cpuyWFT|qLWM4Z
zFeZN`-40|W)a^!3&NO(Ae}c&`5pC<^EC^rXrB4EXt(Sl)le*RoMbSmeqDLyM*6nmo
zJO43{<#dzBC)6{|VLF_9X?VNcrsBk*pksGIgq)I<t!^3<P6VKRc%G(%!~u7@h@p%O
zi0&b@m`+1F7?ec|nRd@EE-v!iCo>PtCO^Rw3q2B59+o!vv=dohI3B0BGudX*8fEnf
zD!NBAq59hS*`Xne-*wF74kP2!`G2e3>UJ>yKRxfBcFwy%*J_`2I%WR<7L)o1BY#!K
zZ{+w3=MggdSrmZNo_Ri;$K)xF7nhC3^Ye3kRSi5rW6tQKLgVUB@qD)byIUNW_*9cv
zgeM04jtSoAkqG2Y<ccV8ChlEs1rjmC8tb;CLP92qy*oFm96~#$-VG>WfHE4WDT9i4
z`&Z~jGOjdJw(feZ11bWb!>|lcpMU-9pz{OC=pC^6edv7y+I|Z<C`8%627TF(ZXxAA
zq!O^?07DwUpA2(kuzw}46j*G)D#fxDZD7-z$)HcNDp|wf`4z5AR57`N#hWGbs@YQm
zhFIBUn<AidVC}-F`?4bS8Xugn0ZDIT?nV(h9#%wmJNK%YAHDojg#W6v)PLd!nyTET
zLg*3<SdMt1&}?>ZH(6n=HQmrbx+NJK#O7=G(b(v3ViP|C_?0I49pPSF2UMkE3A)`^
z_<^~>B3s?9wQt{}dc>jC2w?aY*o{V1FeZ)kIh+#cV{skLgFT6G6q9Kp0IddRGM4Y(
z&Uiz|<*;Oey0F;q%L7~It$$&!di)z+in8%>)s>gWznMeckk+wa4g*P(b-?x-%P52r
zCv+RX#`dEdc#DQ2f#I&C$U6NoC5sxMa7`@`3`Y~kK!IE;6}1nUITEnOG@^UYziiMS
zDj_?|PG-TxnH4XQ4w|P+hSE#P8w)p_p*@<GW=K?c=teOp1C}(@n1AoE&7lMygwjV(
zP%yqS?@VlMuUbVzI*fA>VUYV^0%I@-iyDKFnhF?4gN!J~z!-J_Q=n@hTa^0zSh0FO
ztc`PSC`DJV!oZnMoG50C;FHmE7JIqtDJ;0vAU0oMEt5?qicRi%<k7e~7gaNK7ddRT
zf}B2EVim0A$FVe))(D%v1;w5={Rfkw3MLN6zhTlEeS{NSPJH~^@srgGe}7knh<=jf
z2PauLLlYK;ysX-$V1N@&xC#nC(nluaAt(}W*x=Gwkv7s5$zlRwra%;i32KA8)RZya
z_GDzDghaMAlvKQ1ks>WRzfgZ!$D0^Tf{3~+65wvS3;~W5vP^cWVzR(v@*>`;{0KB$
zX+_yeKj~n9Hhq#TOJ;`D41X&L8VuFvArqiZjB<wb<(4-@o9Tylv_VALxe$T|DmeSG
zdaY`=&~1jy0u<Jip$kBi1*VU~K4zV9B&&+7O2EkyhAAb+F&o6FU>!*_z#<aSXhE7^
zsa#8vZX1?utwbE5%E`O7rcDzmS~*Rh)(tJgS_)0E)B*J7`m$-nLx2B>>~R4Tfg0N|
z@>xHi9k3Fx#<8yIB5MlkMB5zq`|?k{UyuOYqfB2vpyXpq`pL#y|JvB<b(;{L#}Fb7
zxRPw6FW@G9N{FusjO3rCUUPMB=Vp^i^FZo@Swk@glztpT!ft18z9m#NsiTqE3F9nW
zr@osBXR4<~6opEgDSzHV!_QAd)?_w;7?H`}Koheh2#F|)4lKL2gsiJg4<AJ`)K4&S
zR!X27GE7swS8bD1`iI9B{I%ErFn7S22^F*(Sxl!f!x`hW31c&-X)+5Crw{MI1MrFs
z^CU+KrnN$_WFO2_GEG>^C7ppL3icuJI+UB)G``i0YaV(<6@OXfpCv=HSs&6%O_kdC
z)2kiEx9c>axd!iUB{{DNzCB%{QxAX0wG}uf9T!H}A9VLhw!+Gnq+Vb(5A&tWpjQi=
zd|9%uX0_1S6v&n|Tkx;eSgm3<%U0`{?F#I<FSiWhh~7cE#sxA@?qC4N#M-}DoO4&Q
zg?>DpNgLN%zkkmb86)1jPD|04*?GBb_<sl@$T$xzW9R-~cK<)W|L3ez?*D%iD7^of
z?)kw?x-oL1e=gn7nY!*5ZvW|)JAeMbJAcrJR5L}AXDhp&tI%5Xxe8Tt4(NO%{+IR<
zZTWB%w{`yyN536~8LYrzE|>p|6o)&2==Y|8^oqZd6@S^fgHD4O`QunJcoDcJZ`(BM
z%|@$x@{bD0X>~6Eceai@2Yc%>R69XkAnN;sjLUtp0!IZVGkZ>s&&^>Tfbr2zr%&jz
zN9j@J2r1tkr|$&4=eTB_{xzDwGJE}}jNgA8h~i+eaHj{|2D~f&w@-`Te`v#58UNn`
zUfciM$$#YnITQJ>^MF>nOacDLDL~Ff4)7Y#7jDK~ulGfpV)L6}lk1HgbjkOgvg_Ig
zMXkU&sj-by`e~@o=akmipiMs`wVMm0+#pN8CbgRZqud~4pQ_qjoi@KrGu{B=$>F~M
zx$FJ^R=4>6PrFs_|9cxaDt`Emfpw?n5VBgk;(t}~Ru--76$5Q-t&o-6C-OMySN1Wc
z%4)^HadPs7rmwAU3G09x@xSu>f342u_usl_<^8`mfzNpV?`JfT^7a2R`+qh2r%vPm
zX@Bx<)-)I;AHyR>kkt)T8lpZs*ME(7`T@T5MgHtnmh?3lZ}H(Q`(^;WDD&15N+_X(
l5+F(_p@b4jD4~QBN+_X(5=tncgc80w{2Q_uZ#@8b005%qpnCuS

diff --git a/shorewall4/interfaces b/shorewall4/interfaces
index 2f3e3ac..715e62b 100644
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@@ -21,4 +21,4 @@ vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
-
+vpn	omr-bonding	nosmurfs,tcpflags