mptcp/openmptcprouter-vps
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of https://github.com/suyuan168/openmptcprouter-vps into develop

Browse source
This commit is contained in:
suyuan168 2022-06-10 16:21:16 +08:00
commit e1fb3e51c4
18 changed files with 473 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

6
debian/changelog vendored
View file

@ -1,3 +1,9 @@
omr-server (0.1026) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 14 Jun 2021 07:43:42 +0200
omr-server (0.1025-test) unstable; urgency=medium omr-server (0.1025-test) unstable; urgency=medium
* Wireguard support and fixed * Wireguard support and fixed

4
debian/control vendored
View file

@ -17,8 +17,8 @@ Depends:
unzip, unzip,
tracebox, tracebox,
omr-iperf3, omr-iperf3,
omr-shadowsocks-libev (= 3.3.5-1), omr-shadowsocks-libev (= 3.3.5-2),
omr-vps-admin (= 0.3+20210304), omr-vps-admin (= 0.3+20210508),
omr-simple-obfs, omr-simple-obfs,
omr-mlvpn (= 3.0.0+20201216.git.2263bab), omr-mlvpn (= 3.0.0+20201216.git.2263bab),
omr-glorytun (= 0.3.4-4), omr-glorytun (= 0.3.4-4),

3
debian/postinst vendored
View file

@ -6,7 +6,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
. /usr/share/debconf/confmodule . /usr/share/debconf/confmodule
sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
systemctl enable omr-update systemctl daemon-reload
systemctl restart omr-update
db_stop db_stop

4
debian/rules vendored
View file

@ -13,6 +13,6 @@ override_dh_auto_install:
cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin

209
debian9-x86_64.sh
View file

@ -10,6 +10,7 @@ echo '如果用于商业请选择蚂蚁聚合商业版openmptcprouter合作
echo '5秒后自动开始安装' echo '5秒后自动开始安装'
echo '====================================================================================' echo '===================================================================================='
sleep 5 sleep 5
UPSTREAM=${UPSTREAM:-yes}
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@ -33,13 +34,16 @@ OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes} DSVPN=${DSVPN:-yes}
WIREGUARD=${WIREGUARD:-yes} WIREGUARD=${WIREGUARD:-yes}
SOURCES=${SOURCES:-no} SOURCES=${SOURCES:-no}
if [ "$UPSTREAM" = "yes" ]; then
SOURCES="yes"
fi
NOINTERNET=${NOINTERNET:-no} NOINTERNET=${NOINTERNET:-no}
REINSTALL=${REINSTALL:-yes} REINSTALL=${REINSTALL:-yes}
SPEEDTEST=${SPEEDTEST:-no} SPEEDTEST=${SPEEDTEST:-yes}
LOCALFILES=${LOCALFILES:-no} LOCALFILES=${LOCALFILES:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="5.4.100" KERNEL_VERSION="5.4.132"
KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_PACKAGE_VERSION="1.19+4f508aa"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
GLORYTUN_UDP_VERSION="master" GLORYTUN_UDP_VERSION="master"
GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
@ -50,11 +54,14 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
OBFS_VERSION="master" OBFS_VERSION="master"
OBFS_BINARY_VERSION="0.0.5-1" OBFS_BINARY_VERSION="0.0.5-1"
OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5" OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
OMR_ADMIN_BINARY_VERSION="0.3+20210325" if [ "$UPSTREAM" = "yes" ]; then
OMR_ADMIN_VERSION="2a8f642f89a982d2c26c3e176f6c4c1e3e91ffcb"
fi
OMR_ADMIN_BINARY_VERSION="0.3+20210508"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
DSVPN_BINARY_VERSION="0.1.4-2" DSVPN_BINARY_VERSION="0.1.4-2"
V2RAY_VERSION="4.35.1" V2RAY_VERSION="4.43.0"
V2RAY_PLUGIN_VERSION="4.35.1" V2RAY_PLUGIN_VERSION="4.35.1"
EASYRSA_VERSION="3.0.6" EASYRSA_VERSION="3.0.6"
SHADOWSOCKS_VERSION="master" SHADOWSOCKS_VERSION="master"
@ -86,14 +93,14 @@ if test -f /etc/os-release ; then
else else
. /usr/lib/os-release . /usr/lib/os-release
fi fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
exit 1 exit 1
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
exit 1 exit 1
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)" echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
exit 1 exit 1
fi fi
@ -104,6 +111,13 @@ if [ "$ARCH" != "amd64" ]; then
exit 1 exit 1
fi fi
echo "Check virtualized environment"
VIRT="$(systemd-detect-virt 2>/dev/null || true)"
if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
echo "Container are not supported: kernel can't be modified."
exit 1
fi
# Check if DPKG is locked and for broken packages # Check if DPKG is locked and for broken packages
#dpkg -i /dev/zero 2>/dev/null #dpkg -i /dev/zero 2>/dev/null
#if [ "$?" -eq 2 ]; then #if [ "$?" -eq 2 ]; then
@ -138,6 +152,11 @@ if [ "$UPDATE" = "yes" ]; then
fi fi
echo "Update mode" echo "Update mode"
fi fi
# Force update key
[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
echo "Update OpenMPTCProuter repo key"
wget -O - http://repo.55860.com/openmptcprouter.gpg.key | apt-key add -
}
CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
@ -147,7 +166,8 @@ fi
[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
echo "Update ${REPO} key" echo "Update ${REPO} key"
if [ "$CHINA" = "yes" ]; then if [ "$CHINA" = "yes" ]; then
wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
else else
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
fi fi
@ -157,7 +177,7 @@ echo "Remove lock and update packages list..."
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock rm -f /var/cache/apt/archives/lock
apt-get update apt-get update --allow-releaseinfo-change
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
rm -f /var/cache/apt/archives/lock rm -f /var/cache/apt/archives/lock
@ -170,7 +190,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes upgrade
apt-get -y -f --force-yes dist-upgrade apt-get -y -f --force-yes dist-upgrade
sed -i 's:stretch:buster:g' /etc/apt/sources.list sed -i 's:stretch:buster:g' /etc/apt/sources.list
apt-get update apt-get update --allow-releaseinfo-change
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
VERSION_ID="10" VERSION_ID="10"
@ -180,7 +200,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes upgrade
apt-get -y -f --force-yes dist-upgrade apt-get -y -f --force-yes dist-upgrade
sed -i 's:bionic:focal:g' /etc/apt/sources.list sed -i 's:bionic:focal:g' /etc/apt/sources.list
apt-get update apt-get update --allow-releaseinfo-change
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
VERSION_ID="20.04" VERSION_ID="20.04"
@ -192,7 +212,8 @@ if [ "$CHINA" = "yes" ]; then
echo "Install git..." echo "Install git..."
apt-get -y install git apt-get -y install git
if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
fi fi
cd /var/lib/openmptcprouter-vps-debian cd /var/lib/openmptcprouter-vps-debian
git pull git pull
@ -204,7 +225,8 @@ if [ "$CHINA" = "yes" ]; then
echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
if [ ! -d /usr/share/omr-server-git ]; then if [ ! -d /usr/share/omr-server-git ]; then
git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
fi fi
cd /usr/share/omr-server-git cd /usr/share/omr-server-git
git pull git pull
@ -214,6 +236,7 @@ if [ "$CHINA" = "yes" ]; then
git checkout master git checkout master
fi fi
LOCALFILES="yes" LOCALFILES="yes"
TLS="no"
DIR="/usr/share/omr-server-git" DIR="/usr/share/omr-server-git"
else else
echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
@ -223,6 +246,17 @@ else
Pin: origin ${REPO} Pin: origin ${REPO}
Pin-Priority: 1001 Pin-Priority: 1001
EOF EOF
if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
Package: *
Pin: origin ${REPO}
Pin-Priority: 1002
EOF
else
rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
fi
wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
fi fi
@ -240,9 +274,9 @@ elif [ "$ID" = "ubuntu" ]; then
fi fi
# Install mptcp kernel and shadowsocks # Install mptcp kernel and shadowsocks
echo "Install mptcp kernel and shadowsocks..." echo "Install mptcp kernel and shadowsocks..."
apt-get update apt-get update --allow-releaseinfo-change
sleep 2 sleep 2
apt-get -y install dirmngr patch rename curl libcurl4 unzip apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
@ -255,7 +289,7 @@ if [ "$SOURCES" = "yes" ]; then
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
@ -269,6 +303,7 @@ else
apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
fi fi
fi fi
# Check if mptcp kernel is grub default kernel # Check if mptcp kernel is grub default kernel
echo "Set MPTCP kernel as grub default..." echo "Set MPTCP kernel as grub default..."
if [ "$LOCALFILES" = "no" ]; then if [ "$LOCALFILES" = "no" ]; then
@ -280,13 +315,39 @@ fi
rm -f /etc/grub.d/30_os-prober rm -f /etc/grub.d/30_os-prober
bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_VERSION}-mptcp
bash update-grub.sh ${KERNEL_RELEASE} bash update-grub.sh ${KERNEL_RELEASE}
sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
echo "Install tracebox OpenMPTCProuter edition" echo "Install tracebox OpenMPTCProuter edition"
apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
echo "Install iperf3 OpenMPTCProuter edition" echo "Install iperf3 OpenMPTCProuter edition"
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
if [ "$UPSTREAM" = "yes" ]; then
echo "Compile and install mptcpize..."
apt-get -y install --no-install-recommends build-essential
cd /tmp
git clone https://github.55860.com/Ysurac/mptcpize.git
cd mptcpize
make
make install
cd /tmp
rm -rf /tmp/mptcpize
echo "Compile and install iproute2..."
apt-get -y install --no-install-recommends bison libbison-dev flex
#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
#tar xzf iproute2-5.16.0.tar.gz
#cd iproute2-5.16.0
git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git
cd iproute2
git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
make
make install
cd /tmp
rm -rf iproute2
echo "MPTCPize iperf3..."
mptcpize enable iperf3
fi
apt-get -y remove shadowsocks-libev apt-get -y remove shadowsocks-libev
if [ "$SOURCES" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then
@ -334,6 +395,7 @@ if [ "$SOURCES" = "yes" ]; then
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
sleep 1 sleep 1
rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend rm -f /var/lib/dpkg/lock-frontend
@ -456,9 +518,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then
apt-get -y remove python3-jwt apt-get -y remove python3-jwt
pip3 -q install pyjwt pip3 -q install pyjwt
else else
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then
apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
pip3 -q install uvloop
else
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
fi
fi fi
apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests
echo '-- pip3 install needed python modules' echo '-- pip3 install needed python modules'
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
@ -521,6 +588,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
systemctl enable omr-admin-ipv6.service systemctl enable omr-admin-ipv6.service
} }
systemctl enable omr-admin.service systemctl enable omr-admin.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable omr-admin.service
[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
fi
fi fi
# Get shadowsocks optimization # Get shadowsocks optimization
@ -585,6 +656,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then
systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
fi fi
if [ "$LOCALFILES" = "no" ]; then
wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
else
cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
fi
# Install simple-obfs # Install simple-obfs
if [ "$OBFS" = "yes" ]; then if [ "$OBFS" = "yes" ]; then
echo "Install OBFS" echo "Install OBFS"
@ -665,23 +742,20 @@ if [ "$V2RAY" = "yes" ]; then
else else
apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
fi fi
if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
fi
if [ ! -f /etc/v2ray/v2ray-server.json ]; then if [ ! -f /etc/v2ray/v2ray-server.json ]; then
wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
rm /etc/v2ray/config.json
ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
fi fi
ln -sf /etc/v2ray/v2ray-server.json /etc/v2ray/config.json rm -f /etc/v2ray/config.json
sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
rm -f /tmp/v2rayError.log
if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
fi fi
systemctl daemon-reload systemctl daemon-reload
systemctl enable v2ray.service systemctl enable v2ray.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable v2ray
fi
fi fi
if systemctl -q is-active mlvpn@mlvpn0.service; then if systemctl -q is-active mlvpn@mlvpn0.service; then
@ -923,6 +997,9 @@ if [ "$OPENVPN" = "yes" ]; then
mkdir -p /etc/openvpn/ccd mkdir -p /etc/openvpn/ccd
systemctl enable openvpn@tun0.service systemctl enable openvpn@tun0.service
systemctl enable openvpn@tun1.service systemctl enable openvpn@tun1.service
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable openvpn@tun0
fi
systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding1.service
systemctl enable openvpn@bonding2.service systemctl enable openvpn@bonding2.service
systemctl enable openvpn@bonding3.service systemctl enable openvpn@bonding3.service
@ -1034,6 +1111,9 @@ if [ "$DSVPN" = "yes" ]; then
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
fi fi
if [ "$UPSTREAM" = "yes" ]; then
mptcpize enable dsvpn-server@dsvpn0
fi
fi fi
# Install Glorytun TCP # Install Glorytun TCP
@ -1055,8 +1135,15 @@ if [ "$SOURCES" = "yes" ]; then
apt-get -y install build-essential pkg-config autoconf automake apt-get -y install build-essential pkg-config autoconf automake
rm -rf /tmp/glorytun-0.0.35 rm -rf /tmp/glorytun-0.0.35
cd /tmp cd /tmp
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz if [ "$UPSTREAM" = "yes" ]; then
wget -O /tmp/glorytun-0.0.35.tar.gz https://github.55860.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
else
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
fi
tar xzf glorytun-0.0.35.tar.gz tar xzf glorytun-0.0.35.tar.gz
if [ "$UPSTREAM" = "yes" ]; then
mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
fi
cd glorytun-0.0.35 cd glorytun-0.0.35
./autogen.sh ./autogen.sh
./configure ./configure
@ -1160,38 +1247,29 @@ if [ "$update" = "0" ]; then
else else
# Update only needed firewall files # Update only needed firewall files
if [ "$LOCALFILES" = "no" ]; then if [ "$LOCALFILES" = "no" ]; then
wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces mkdir -p ${DIR}
wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces mkdir -p ${DIR}/shorewall4
wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4
wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy mkdir -p ${DIR}/shorewall6
wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6
wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn
wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net
wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params
wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net
wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn
wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces
wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules
wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat
else
cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
cp ${DIR}/shorewall4/snat /etc/shorewall/snat
cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
cp ${DIR}/shorewall4/params /etc/shorewall/params
cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
cp ${DIR}/shorewall6/params /etc/shorewall6/params
cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
fi fi
cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
cp ${DIR}/shorewall4/snat /etc/shorewall/snat
cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
cp ${DIR}/shorewall4/policy /etc/shorewall/policy
cp ${DIR}/shorewall4/params /etc/shorewall/params
#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
cp ${DIR}/shorewall6/params /etc/shorewall6/params
#cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
#cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
@ -1243,9 +1321,9 @@ if [ "$TLS" = "yes" ]; then
fi fi
if [ "$SPEEDTEST" = "yes" ]; then if [ "$SPEEDTEST" = "yes" ]; then
if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then mkdir -p /usr/share/omr-server/speedtest
if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then
echo "Generate speedtest image..." echo "Generate speedtest image..."
mkdir -p /usr/share/omr-server/speedtest
dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
echo "Done" echo "Done"
fi fi
@ -1272,6 +1350,7 @@ fi
if [ "$SOURCES" != "yes" ]; then if [ "$SOURCES" != "yes" ]; then
apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
rm -f /etc/openmtpcprouter-vps-admin/update-bin
fi fi
if [ "$update" = "0" ]; then if [ "$update" = "0" ]; then
@ -1298,7 +1377,7 @@ if [ "$update" = "0" ]; then
echo 'Your glorytun key: ' echo 'Your glorytun key: '
echo $GLORYTUN_PASS echo $GLORYTUN_PASS
if [ "$DSVPN" = "yes" ]; then if [ "$DSVPN" = "yes" ]; then
echo 'A Dead Simple VPN port: 65011' echo 'A Dead Simple VPN port: 65401'
echo 'A Dead Simple VPN key: ' echo 'A Dead Simple VPN key: '
echo $DSVPN_PASS echo $DSVPN_PASS
fi fi
@ -1345,7 +1424,7 @@ if [ "$update" = "0" ]; then
EOF EOF
if [ "$DSVPN" = "yes" ]; then if [ "$DSVPN" = "yes" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF cat >> /root/openmptcprouter_config.txt <<-EOF
A Dead Simple VPN port: 65011 A Dead Simple VPN port: 65401
A Dead Simple VPN key: ${DSVPN_PASS} A Dead Simple VPN key: ${DSVPN_PASS}
EOF EOF
fi fi

123
multipath Normal file → Executable file
View file

@ -6,9 +6,8 @@
# Released under GPL 3 or later # Released under GPL 3 or later
if [ -d "/proc/sys/net/mptcp" ]; then if [ -d "/proc/sys/net/mptcp" ]; then
if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
echo "MPTCP is disabled!" echo "MPTCP is disabled!"
echo "Please set net.mptcp.mptcp_enabled = 1"
exit 1 exit 1
fi fi
else else
@ -26,7 +25,7 @@ case $1 in
echo " multipath device {on | off | backup | handover}" echo " multipath device {on | off | backup | handover}"
echo echo
echo "show established conections: -c" echo "show established conections: -c"
echo "show mullmesh info: -f" echo "show fullmesh info: -f"
echo "show kernel config: -k" echo "show kernel config: -k"
echo echo
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
@ -43,12 +42,28 @@ case $1 in
cat /proc/net/mptcp_fullmesh cat /proc/net/mptcp_fullmesh
exit 0;; exit 0;;
"-k") "-k")
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` elif [ -f /proc/sys/net/mptcp/enabled ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` echo Enabled: `cat /proc/sys/net/mptcp/enabled`
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` fi
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
fi
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
else
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
fi
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo echo
echo See http://multipath-tcp.org/ for details echo See http://multipath-tcp.org/ for details
exit 0 ;; exit 0 ;;
@ -65,38 +80,74 @@ TYPE="$2"
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
[ -d "/sys/class/net/$DEVICE/" ] || { [ -d "/sys/class/net/$DEVICE/" ] || {
echo "Device '$DEVICE' can't found!" #echo "Device '$DEVICE' can't found!"
echo "Use the hardware name like in ifconfig" #echo "Use the hardware name like in ifconfig"
exit 1 exit 1
} }
FLAG_PATH="/sys/class/net/$DEVICE/flags" if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
IFF=`cat $FLAG_PATH` FLAG_PATH="/sys/class/net/$DEVICE/flags"
IFF=`cat $FLAG_PATH`
IFF_OFF="0x80000" IFF_OFF="0x80000"
IFF_ON="0x00" IFF_ON="0x00"
IFF_BACKUP="0x100000" IFF_BACKUP="0x100000"
IFF_HANDOVER="0x200000" IFF_HANDOVER="0x200000"
IFF_MASK="0x380000" IFF_MASK="0x380000"
case $TYPE in case $TYPE in
"off") FLAG=$IFF_OFF;; "off") FLAG=$IFF_OFF;;
"on") FLAG=$IFF_ON;; "on") FLAG=$IFF_ON;;
"backup") FLAG=$IFF_BACKUP;; "backup") FLAG=$IFF_BACKUP;;
"handover") FLAG=$IFF_HANDOVER;; "handover") FLAG=$IFF_HANDOVER;;
"") "")
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
case "$IFF" in case "$IFF" in
$IFF_OFF) echo $DEVICE is deactivated;; $IFF_OFF) echo $DEVICE is deactivated;;
$IFF_ON) echo $DEVICE is in default mode;; $IFF_ON) echo $DEVICE is in default mode;;
$IFF_BACKUP) echo $DEVICE is in backup mode;; $IFF_BACKUP) echo $DEVICE is in backup mode;;
$IFF_HANDOVER) echo $DEVICE is in handover mode;; $IFF_HANDOVER) echo $DEVICE is in handover mode;;
*) echo "Unkown state!" && exit 1;; *) echo "Unkown state!" && exit 1;;
esac esac
exit 0;; exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac esac
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
else
ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in
"off")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
exit 0;;
"on")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
exit 0;;
"signal")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
exit 0;;
"backup")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
exit 0;;
"")
case "$IFF" in
"") echo $DEVICE is deactivated;;
"subflow") echo $DEVICE is in default mode;;
"backup") echo $DEVICE is in backup mode;;
"signal") echo $DEVICE is in signal mode;;
"fullmesh") echo $DEVICE is in fullmesh mode;;
*) echo "$DEVICE Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
fi

1
omr-pihole.sh
View file

@ -33,6 +33,7 @@ cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0 PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16 IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fe80::aff:ff01/64 IPV6_ADDRESS=fe80::aff:ff01/64
RATE_LIMIT=0/0
EOF EOF
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf

52
omr-service
View file

@ -7,7 +7,11 @@ _multipath() {
for intf in `ls -1 /sys/class/net`; do for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then if [ "$intf" != "bonding_masters" ]; then
if [ "$intf" = "$NET_IFACE" ]; then if [ "$intf" = "$NET_IFACE" ]; then
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
multipath $intf signal
ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
}
else else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
fi fi
@ -40,6 +44,22 @@ _glorytun_tcp() {
fi fi
} }
_dsvpn() {
[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
}
_shadowsocks() {
[ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
systemctl restart shadowsocks-libev-manager@manager
}
}
_wireguard() {
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
}
_omr_api() { _omr_api() {
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin" logger -t "OMR-Service" "Restart OMR-Admin"
@ -63,19 +83,21 @@ _lan_route() {
_gre_tunnels() { _gre_tunnels() {
. "$(readlink -f "/etc/shorewall/params.vpn")" . "$(readlink -f "/etc/shorewall/params.vpn")"
for intf in /etc/openmptcprouter-vps-admin/intf/*; do if [ -n "$OMR_ADDR" ]; then
if [ -f "$intf" ]; then for intf in /etc/openmptcprouter-vps-admin/intf/*; do
. "$(readlink -f "$intf")" if [ -f "$intf" ]; then
iface="$(basename $intf)" . "$(readlink -f "$intf")"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then iface="$(basename $intf)"
ip tunnel del $iface 2>&1 >/dev/null if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null ip tunnel del $iface 2>&1 >/dev/null
ip link set $iface up 2>&1 >/dev/null ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
ip addr add $LOCALIP dev $iface 2>&1 >/dev/null ip link set $iface up 2>&1 >/dev/null
ip route add $NETWORK dev $iface 2>&1 >/dev/null ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
ip route add $NETWORK dev $iface 2>&1 >/dev/null
fi
fi fi
fi done
done fi
} }
_openvpn_bonding() { _openvpn_bonding() {
@ -104,11 +126,15 @@ _openvpn_bonding() {
fi fi
} }
sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
modprobe bonding 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null
ip link add omr-bonding type bond 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null
while true; do while true; do
_glorytun_udp _glorytun_udp
_glorytun_tcp _glorytun_tcp
_shadowsocks
_dsvpn
_wireguard
_multipath _multipath
_omr_api _omr_api
_lan_route _lan_route

51
omr-test-speed Executable file → Normal file
View file

@ -1,30 +1,43 @@
#!/bin/sh #!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
INTERFACE="$1" OVH=false
if [ "$1" = "ovh" ]; then
OVH=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
echo "Select best test server..." [ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" echo "You must use a real interface. You wan find them using 'ip a' for example"
bestping="999" exit 0
for pinghost in $HOSTLST; do }
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then if [ "$OVH" = false ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) echo "Select best test server..."
else HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) bestping="9999"
fi for pinghost in $HOSTLST; do
echo "host: $domain - ping: $ping" domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then if [ -z "$INTERFACE" ]; then
bestping=$ping ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
HOST=$pinghost else
fi ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
done fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" [ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
echo "Best server is $HOST, running test:" echo "Best server is $HOST, running test:"
trap : HUP INT TERM trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then if [ -z "$INTERFACE" ]; then
curl -4 $HOST >/dev/null || echo curl -4 -o /dev/null $HOST || echo
else else
domain=$(echo $HOST | awk -F/ '{print $3}') domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
@ -33,7 +46,7 @@ else
ipset add ss_rules_dst_bypass_all $ip ipset add ss_rules_dst_bypass_all $ip
done done
fi fi
curl -4 --interface $INTERFACE $HOST >/dev/null || echo curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip ipset del ss_rules_dst_bypass_all $ip

56
omr-test-speedv6 Normal file
View file

@ -0,0 +1,56 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
OVH=false
if [ "$1" = "ovh" ]; then
OVH=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$OVH" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -6 $HOST >/dev/null || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

11
omr-update Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
if [ -f /etc/openmptcprouter-vps-admin/update ]; then
wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
rm -f /etc/openmptcprouter-vps-admin/update
reboot
fi
if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
rm -f /etc/openmptcprouter-vps-admin/update-bin
#reboot
fi

9
omr-update.service.in
View file

@ -4,11 +4,10 @@ After=network.target network-online.target
[Service] [Service]
Type=simple Type=simple
Restart=no Restart=never
Environment="SOURCES=no" ExecStart=/usr/bin/omr-update
Environment="REINSTALL=no" #ExecStart=/usr/share/omr-server/debian9-x86_64.sh
Environment="LOCALFILES=yes" AmbientCapabilities=
ExecStart=/usr/share/omr-server/debian9-x86_64.sh
StandardOutput=file:/var/log/omr-update.log StandardOutput=file:/var/log/omr-update.log
StandardError=file:/var/log/omr-update.log StandardError=file:/var/log/omr-update.log

BIN
openmptcprouter-shorewall.tar.gz
View file

Binary file not shown.

5
shadowsocks.conf
View file

@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1
#net.ipv4.tcp_tw_recycle = 0 #net.ipv4.tcp_tw_recycle = 0
# short FIN timeout # short FIN timeout
net.ipv4.tcp_fin_timeout = 80 net.ipv4.tcp_fin_timeout = 80
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time # short keepalive time
net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_time = 7200
# outbound port range # outbound port range
@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic
net.core.default_qdisc = fq net.core.default_qdisc = fq
# Default conntrack is too small # Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072 net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.log_martians = 0
@ -57,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0
net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 2 net.mptcp.mptcp_syn_retries = 2
net.mptcp.mptcp_scheduler = blest net.mptcp.mptcp_scheduler = blest
net.ipv4.tcp_ecn=1 net.ipv4.tcp_ecn = 2

9
shorewall4/snat
View file

@ -15,7 +15,14 @@
########################################################################################################################################### ###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
# #
MASQUERADE 10.255.0.0/16,\ MASQUERADE 10.255.247.0/24,\
10.255.248.0/24,\
10.255.250.0/24,\
10.255.251.0/24,\
10.255.252.0/24,\
10.255.253.0/24,\
10.255.254.0/24,\
10.255.255.0/24,\
169.254.0.0/16,\ 169.254.0.0/16,\
172.16.0.0/12,\ 172.16.0.0/12,\
192.168.0.0/16 $NET_IFACE 192.168.0.0/16 $NET_IFACE

17
ubond.network Normal file
View file

@ -0,0 +1,17 @@
[Match]
Name=ubond*
[Network]
Description=UBOND tunnel
Address=10.255.248.1/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h

42
ubond0.conf Normal file
View file

@ -0,0 +1,42 @@
[general]
tuntap = "tun"
mode = "server"
interface_name = "ubond0"
timeout = 30
password = "UBOND_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
loss_tolerence = 50
[wan1]
bindport = 65251
bindhost = "0.0.0.0"
[wan2]
bindport = 65252
bindhost = "0.0.0.0"
[wan3]
bindport = 65253
bindhost = "0.0.0.0"
[wan4]
bindport = 65254
bindhost = "0.0.0.0"
[wan5]
bindport = 65255
bindhost = "0.0.0.0"
[wan6]
bindport = 65256
bindhost = "0.0.0.0"
[wan7]
bindport = 65257
bindhost = "0.0.0.0"
[wan8]
bindport = 65258
bindhost = "0.0.0.0"

16
ubond@.service.in Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=UBOND connection to %i
PartOf=ubond.service
ReloadPropagatedFrom=ubond.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/ubond
Restart=always
[Install]
WantedBy=multi-user.target