1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Merge pull request #3 from Ysurac/develop

tongbu
This commit is contained in:
suyuan 2020-03-10 05:48:59 -07:00 committed by GitHub
commit e35da806bd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 48 additions and 143 deletions

View file

@ -16,14 +16,14 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
OPENVPN=${OPENVPN:-yes}
DSVPN=${DSVPN:-yes}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
KERNEL_VERSION="4.19.80"
KERNEL_PACKAGE_VERSION="1.6+c62d9f6"
KERNEL_VERSION="4.19.104"
KERNEL_PACKAGE_VERSION="1.7+b864616"
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
GLORYTUN_UDP_VERSION="13703fb15fb6a225ccf2488e3680ac14331c1c9e"
GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327"
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc"
OMR_ADMIN_VERSION="0bee06d21605c9d9b4494a77e71043ce432aa5c2"
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
#V2RAY_VERSION="v1.1.0"
V2RAY_VERSION="v1.2.0-8-g59b8f4f"
@ -503,12 +503,12 @@ if [ "$OPENVPN" = "yes" ]; then
# cd /etc/openvpn/server
# openvpn --genkey --secret static.key
#fi
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ]; then
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then
wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz
cd /tmp
tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz
cd /tmp/EasyRSA-v${EASYRSA_VERSION}
mkdir /etc/openvpn/ca
mkdir -p /etc/openvpn/ca
cp easyrsa /etc/openvpn/ca/
cp openssl-easyrsa.cnf /etc/openvpn/ca/
cp vars.example /etc/openvpn/ca/vars
@ -570,7 +570,7 @@ fi
echo 'Glorytun UDP'
# Install Glorytun UDP
if systemctl -q is-active glorytun-udp@tun0.service; then
systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1
systemctl -q stop glorytun-udp@* > /dev/null 2>&1
fi
rm -f /var/lib/dpkg/lock
rm -f /var/lib/dpkg/lock-frontend
@ -648,7 +648,7 @@ fi
# Install Glorytun TCP
if systemctl -q is-active glorytun-tcp@tun0.service; then
systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1
systemctl -q stop glorytun-tcp@* > /dev/null 2>&1
fi
if [ "$ID" = "debian" ]; then
if [ "$VERSION_ID" = "9" ]; then
@ -708,6 +708,7 @@ if systemctl -q is-active omr-6in4.service; then
systemctl -q stop omr-6in4 > /dev/null 2>&1
systemctl -q disable omr-6in4 > /dev/null 2>&1
fi
systemctl enable omr6in4@user0.service
systemctl enable omr.service
# Change SSH port to 65222
@ -749,6 +750,7 @@ else
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
wget -O /etc/shorewall6/params https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params
wget -O /etc/shorewall6/params.net https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.net
wget -O /etc/shorewall6/params.vpn https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.vpn
wget -O /etc/shorewall6/interfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall6/interfaces
wget -O /etc/shorewall6/stoppedrules https://www.openmptcprouter.com/${VPSPATH}/shorewall6/stoppedrules
wget -O /etc/shorewall6/snat https://www.openmptcprouter.com/${VPSPATH}/shorewall6/snat
@ -904,18 +906,20 @@ else
echo 'done'
if [ "$MLVPN" = "yes" ]; then
echo 'Restarting mlvpn...'
systemctl -q start mlvpn@mlvpn0
systemctl -q restart mlvpn@mlvpn0
echo 'done'
fi
if [ "$DSVPN" = "yes" ]; then
echo 'Restarting dsvpn...'
systemctl -q start dsvpn-server@dsvpn0
systemctl -q restart dsvpn-server@* || true
echo 'done'
fi
echo 'Restarting glorytun and omr...'
systemctl -q start glorytun-tcp@tun0
systemctl -q start glorytun-udp@tun0
systemctl -q restart omr
echo 'Restarting glorytun...'
systemctl -q restart glorytun-tcp@* || true
systemctl -q restart glorytun-udp@* || true
echo 'done'
echo 'Restarting omr6in4...'
systemctl -q restart omr6in4@* || true
echo 'done'
if [ "$OPENVPN" = "yes" ]; then
echo 'Restarting OpenVPN'
@ -953,6 +957,9 @@ else
echo 'Apply latest sysctl...'
sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
echo 'done'
echo 'Restarting omr...'
systemctl -q restart omr
echo 'done'
echo 'Restarting shadowsocks...'
systemctl -q restart shadowsocks-libev-manager@manager
# if [ $NBCPU -gt 1 ]; then

View file

@ -9,7 +9,7 @@ NotifyAccess=main
ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/mlvpn
Restart=on-failure
Restart=always
[Install]
WantedBy=multi-user.target

View file

@ -1,13 +1,5 @@
#!/bin/bash
# OpenMPTCProuter VPS service script
# This script configure 6in4, multipath and firewall for current VPN
if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
ip link set omr-6in4 down
ip tunnel del omr-6in4
exit 0
fi
_multipath() {
# Force multipath status
@ -21,109 +13,7 @@ _multipath() {
done
}
# Add IPv6 tunnel
if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
else
ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
ip addr add fe80::a00:1/126 dev omr-6in4 >/dev/null 2>&1
fi
ip link set omr-6in4 up
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
_ping() {
local host=$1
ret=$(ping -4 "${host}" \
-W 5 \
-c 1 \
-q
)
[ -n "$ret" ] && echo "$ret" | grep -s " 0% packet loss" > /dev/null && {
return
}
false
}
_ping_range() {
local network=$1
for i in {2..50} ;do
_ping $network$i
pingr=$?
if $(exit $pingr); then
ipd=$network$i
return
fi
done
false
}
while true; do
source /etc/shorewall/params.vpn
iface=""
currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
if [ -n "$currentpeer" ]; then
_ping $currentpeer
status=$?
if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then
allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet)
allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
[ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
[ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
[ -d "/sys/class/net/dsvpn0" ] && allip_dsvpn=$(ip -4 addr show dsvpn0 2>/dev/null | grep inet)
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ]; then
current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)"
[ "$current_vpn" = "glorytun_tcp" ] && allip="$allip_tcp"
[ "$current_vpn" = "glorytun_udp" ] && allip="$allip_udp"
[ "$current_vpn" = "mlvpn" ] && allip="$allip_mlvpn"
[ "$current_vpn" = "openvpn" ] && allip="$allip_openvpn"
[ "$current_vpn" = "dsvpn" ] && allip="$allip_dsvpn"
fi
if [ -z "$allip" ]; then
allip="$allip_tcp
$allip_udp
$allip_openvpn
$allip_dsvpn
$allip_mlvpn"
fi
while IFS= read -r inet; do
ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
if [ "$ip" != "" ]; then
_ping_range $(echo $ip | sed 's/.1$/./' | tr -d "\n")
statusr=$?
if $(exit $statusr); then
_ping $ipd
statusp=$?
if $(exit $statusp); then
logger -t "OMR-Service" "Set new 6in4 tunnel IPs"
ip tunnel change omr-6in4 mode sit remote $ipd local $ip
echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
iface=$(ip -4 addr | grep $ip/ | awk '{print $7}' | tr -d "\n")
echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
systemctl reload shorewall
_multipath
break
fi
fi
fi
done < <(printf '%s\n' "$allip")
[ -z "$iface" ] && [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && {
logger -t "OMR-Service" "Restart Glorytun and networkd"
current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)"
[ "$current_vpn" = "glorytun_tcp" ] && systemctl -q restart glorytun-tcp@tun0
[ "$current_vpn" = "glorytun_udp" ] && systemctl -q restart glorytun-udp@tun0
#systemctl -q restart systemd-networkd
_multipath
sleep 10
}
fi
fi
#result="$(curl -Isk -m 30 https://127.0.0.1:65500/status | head -n 1 | grep 405)"
#if [ "$result" = "" ]; then
# logger -t "OMR-Service" "Restart OMR Admin"
# systemctl -q restart omr-admin
# sleep 10
#fi
_multipath
sleep 10
done

View file

@ -5,7 +5,8 @@ After=network.target network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
RemainAfterExit=true
ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i
[Install]
WantedBy=multi-user.target

Binary file not shown.

Binary file not shown.

View file

@ -6,6 +6,7 @@ proto tcp
port 65301
persist-tun
persist-key
reneg-sec 0
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
@ -14,7 +15,7 @@ cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 120
keepalive 10 240
sndbuf 0
rcvbuf 0
tls-server

View file

@ -4,6 +4,7 @@ proto udp
port 65301
persist-tun
persist-key
reneg-sec 0
duplicate-cn
#ncp-disable
#mssfix 1300
@ -14,4 +15,4 @@ cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 120
keepalive 10 240

View file

@ -6,7 +6,10 @@ After=network-online.target
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=99999
LimitNPROC=99999
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
Restart=always
[Install]
WantedBy=multi-user.target

View file

@ -50,6 +50,8 @@ net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072
net.ipv4.conf.all.log_martians = 0
# MPTCP settings
net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 1

View file

@ -15,9 +15,9 @@
###############################################################################
#ZONE INTERFACE OPTIONS
net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
vpn gt-tun+ nosmurfs,routefilter,tcpflags
vpn gt-udp-tun+ nosmurfs,routefilter,tcpflags
vpn mlvpn+ nosmurfs,routefilter,tcpflags
vpn tun+ nosmurfs,routefilter,tcpflags
vpn dsvpn+ nosmurfs,routefilter,tcpflags
vpn gt-tun+ nosmurfs,tcpflags
vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags

View file

@ -144,7 +144,7 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
#CHAIN_SCRIPTS=Yes
CLAMPMSS=No
@ -180,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
INLINE_MATCHES=No
#INLINE_MATCHES=No
IPSET_WARNINGS=Yes
@ -188,7 +188,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=No
LOAD_HELPERS_ONLY=Yes
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter
@ -196,13 +196,13 @@ MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
#MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MODULE_SUFFIX=ko
#MODULE_SUFFIX=ko
MULTICAST=No

View file

@ -15,5 +15,5 @@
###############################################################################
#ZONE INTERFACE OPTIONS
net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1,routeback
vpn omr-6in4 tcpflags,forward=1,routeback
vpn omr-6in4-user+ tcpflags,forward=1,routeback

View file

@ -18,4 +18,4 @@
MASQUERADE fe80::/10,\
fd00::/8 $NET_IFACE
# SNAT from VPN server for all VPN clients
SNAT(fe80::a00:1) ::/0 omr-6in4
SNAT(fe80::a00:1) ::/0 omr-6in4-user+

View file

@ -13,6 +13,6 @@
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
# PORT(S) PORT(S)
ACCEPT omr-6in4 -
ACCEPT - omr-6in4
#ACCEPT omr-6in4 -
#ACCEPT - omr-6in4