mirror of
https://github.com/Ysurac/openmptcprouter-vps.git
synced 2025-03-09 15:50:00 +00:00
commit
e35da806bd
15 changed files with 48 additions and 143 deletions
|
@ -16,14 +16,14 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
|
|||
OPENVPN=${OPENVPN:-yes}
|
||||
DSVPN=${DSVPN:-yes}
|
||||
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
|
||||
KERNEL_VERSION="4.19.80"
|
||||
KERNEL_PACKAGE_VERSION="1.6+c62d9f6"
|
||||
KERNEL_VERSION="4.19.104"
|
||||
KERNEL_PACKAGE_VERSION="1.7+b864616"
|
||||
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
|
||||
GLORYTUN_UDP_VERSION="13703fb15fb6a225ccf2488e3680ac14331c1c9e"
|
||||
GLORYTUN_UDP_VERSION="a9408e799ddbb74b5476fba70a495770322cd327"
|
||||
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
|
||||
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
|
||||
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
|
||||
OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc"
|
||||
OMR_ADMIN_VERSION="0bee06d21605c9d9b4494a77e71043ce432aa5c2"
|
||||
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
|
||||
#V2RAY_VERSION="v1.1.0"
|
||||
V2RAY_VERSION="v1.2.0-8-g59b8f4f"
|
||||
|
@ -503,12 +503,12 @@ if [ "$OPENVPN" = "yes" ]; then
|
|||
# cd /etc/openvpn/server
|
||||
# openvpn --genkey --secret static.key
|
||||
#fi
|
||||
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ]; then
|
||||
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then
|
||||
wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz
|
||||
cd /tmp
|
||||
tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz
|
||||
cd /tmp/EasyRSA-v${EASYRSA_VERSION}
|
||||
mkdir /etc/openvpn/ca
|
||||
mkdir -p /etc/openvpn/ca
|
||||
cp easyrsa /etc/openvpn/ca/
|
||||
cp openssl-easyrsa.cnf /etc/openvpn/ca/
|
||||
cp vars.example /etc/openvpn/ca/vars
|
||||
|
@ -570,7 +570,7 @@ fi
|
|||
echo 'Glorytun UDP'
|
||||
# Install Glorytun UDP
|
||||
if systemctl -q is-active glorytun-udp@tun0.service; then
|
||||
systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1
|
||||
systemctl -q stop glorytun-udp@* > /dev/null 2>&1
|
||||
fi
|
||||
rm -f /var/lib/dpkg/lock
|
||||
rm -f /var/lib/dpkg/lock-frontend
|
||||
|
@ -648,7 +648,7 @@ fi
|
|||
|
||||
# Install Glorytun TCP
|
||||
if systemctl -q is-active glorytun-tcp@tun0.service; then
|
||||
systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1
|
||||
systemctl -q stop glorytun-tcp@* > /dev/null 2>&1
|
||||
fi
|
||||
if [ "$ID" = "debian" ]; then
|
||||
if [ "$VERSION_ID" = "9" ]; then
|
||||
|
@ -708,6 +708,7 @@ if systemctl -q is-active omr-6in4.service; then
|
|||
systemctl -q stop omr-6in4 > /dev/null 2>&1
|
||||
systemctl -q disable omr-6in4 > /dev/null 2>&1
|
||||
fi
|
||||
systemctl enable omr6in4@user0.service
|
||||
systemctl enable omr.service
|
||||
|
||||
# Change SSH port to 65222
|
||||
|
@ -749,6 +750,7 @@ else
|
|||
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
|
||||
wget -O /etc/shorewall6/params https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params
|
||||
wget -O /etc/shorewall6/params.net https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.net
|
||||
wget -O /etc/shorewall6/params.vpn https://www.openmptcprouter.com/${VPSPATH}/shorewall6/params.vpn
|
||||
wget -O /etc/shorewall6/interfaces https://www.openmptcprouter.com/${VPSPATH}/shorewall6/interfaces
|
||||
wget -O /etc/shorewall6/stoppedrules https://www.openmptcprouter.com/${VPSPATH}/shorewall6/stoppedrules
|
||||
wget -O /etc/shorewall6/snat https://www.openmptcprouter.com/${VPSPATH}/shorewall6/snat
|
||||
|
@ -904,18 +906,20 @@ else
|
|||
echo 'done'
|
||||
if [ "$MLVPN" = "yes" ]; then
|
||||
echo 'Restarting mlvpn...'
|
||||
systemctl -q start mlvpn@mlvpn0
|
||||
systemctl -q restart mlvpn@mlvpn0
|
||||
echo 'done'
|
||||
fi
|
||||
if [ "$DSVPN" = "yes" ]; then
|
||||
echo 'Restarting dsvpn...'
|
||||
systemctl -q start dsvpn-server@dsvpn0
|
||||
systemctl -q restart dsvpn-server@* || true
|
||||
echo 'done'
|
||||
fi
|
||||
echo 'Restarting glorytun and omr...'
|
||||
systemctl -q start glorytun-tcp@tun0
|
||||
systemctl -q start glorytun-udp@tun0
|
||||
systemctl -q restart omr
|
||||
echo 'Restarting glorytun...'
|
||||
systemctl -q restart glorytun-tcp@* || true
|
||||
systemctl -q restart glorytun-udp@* || true
|
||||
echo 'done'
|
||||
echo 'Restarting omr6in4...'
|
||||
systemctl -q restart omr6in4@* || true
|
||||
echo 'done'
|
||||
if [ "$OPENVPN" = "yes" ]; then
|
||||
echo 'Restarting OpenVPN'
|
||||
|
@ -953,6 +957,9 @@ else
|
|||
echo 'Apply latest sysctl...'
|
||||
sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
|
||||
echo 'done'
|
||||
echo 'Restarting omr...'
|
||||
systemctl -q restart omr
|
||||
echo 'done'
|
||||
echo 'Restarting shadowsocks...'
|
||||
systemctl -q restart shadowsocks-libev-manager@manager
|
||||
# if [ $NBCPU -gt 1 ]; then
|
||||
|
|
|
@ -9,7 +9,7 @@ NotifyAccess=main
|
|||
ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
WorkingDirectory=/etc/mlvpn
|
||||
Restart=on-failure
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
112
omr-service
112
omr-service
|
@ -1,13 +1,5 @@
|
|||
#!/bin/bash
|
||||
# OpenMPTCProuter VPS service script
|
||||
# This script configure 6in4, multipath and firewall for current VPN
|
||||
|
||||
if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
|
||||
ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
|
||||
ip link set omr-6in4 down
|
||||
ip tunnel del omr-6in4
|
||||
exit 0
|
||||
fi
|
||||
|
||||
_multipath() {
|
||||
# Force multipath status
|
||||
|
@ -21,109 +13,7 @@ _multipath() {
|
|||
done
|
||||
}
|
||||
|
||||
# Add IPv6 tunnel
|
||||
if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
|
||||
ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
|
||||
else
|
||||
ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
|
||||
ip addr add fe80::a00:1/126 dev omr-6in4 >/dev/null 2>&1
|
||||
fi
|
||||
ip link set omr-6in4 up
|
||||
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
|
||||
|
||||
_ping() {
|
||||
local host=$1
|
||||
ret=$(ping -4 "${host}" \
|
||||
-W 5 \
|
||||
-c 1 \
|
||||
-q
|
||||
)
|
||||
[ -n "$ret" ] && echo "$ret" | grep -s " 0% packet loss" > /dev/null && {
|
||||
return
|
||||
}
|
||||
false
|
||||
}
|
||||
|
||||
_ping_range() {
|
||||
local network=$1
|
||||
for i in {2..50} ;do
|
||||
_ping $network$i
|
||||
pingr=$?
|
||||
if $(exit $pingr); then
|
||||
ipd=$network$i
|
||||
return
|
||||
fi
|
||||
done
|
||||
false
|
||||
}
|
||||
|
||||
while true; do
|
||||
source /etc/shorewall/params.vpn
|
||||
iface=""
|
||||
currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
|
||||
currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
|
||||
if [ -n "$currentpeer" ]; then
|
||||
_ping $currentpeer
|
||||
status=$?
|
||||
if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then
|
||||
allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet)
|
||||
allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
|
||||
[ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
|
||||
[ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
|
||||
[ -d "/sys/class/net/dsvpn0" ] && allip_dsvpn=$(ip -4 addr show dsvpn0 2>/dev/null | grep inet)
|
||||
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ]; then
|
||||
current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)"
|
||||
[ "$current_vpn" = "glorytun_tcp" ] && allip="$allip_tcp"
|
||||
[ "$current_vpn" = "glorytun_udp" ] && allip="$allip_udp"
|
||||
[ "$current_vpn" = "mlvpn" ] && allip="$allip_mlvpn"
|
||||
[ "$current_vpn" = "openvpn" ] && allip="$allip_openvpn"
|
||||
[ "$current_vpn" = "dsvpn" ] && allip="$allip_dsvpn"
|
||||
fi
|
||||
if [ -z "$allip" ]; then
|
||||
allip="$allip_tcp
|
||||
$allip_udp
|
||||
$allip_openvpn
|
||||
$allip_dsvpn
|
||||
$allip_mlvpn"
|
||||
fi
|
||||
while IFS= read -r inet; do
|
||||
ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
|
||||
if [ "$ip" != "" ]; then
|
||||
_ping_range $(echo $ip | sed 's/.1$/./' | tr -d "\n")
|
||||
statusr=$?
|
||||
if $(exit $statusr); then
|
||||
_ping $ipd
|
||||
statusp=$?
|
||||
if $(exit $statusp); then
|
||||
logger -t "OMR-Service" "Set new 6in4 tunnel IPs"
|
||||
ip tunnel change omr-6in4 mode sit remote $ipd local $ip
|
||||
echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
|
||||
echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
|
||||
iface=$(ip -4 addr | grep $ip/ | awk '{print $7}' | tr -d "\n")
|
||||
echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
|
||||
systemctl reload shorewall
|
||||
_multipath
|
||||
break
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done < <(printf '%s\n' "$allip")
|
||||
[ -z "$iface" ] && [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && {
|
||||
logger -t "OMR-Service" "Restart Glorytun and networkd"
|
||||
current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)"
|
||||
[ "$current_vpn" = "glorytun_tcp" ] && systemctl -q restart glorytun-tcp@tun0
|
||||
[ "$current_vpn" = "glorytun_udp" ] && systemctl -q restart glorytun-udp@tun0
|
||||
#systemctl -q restart systemd-networkd
|
||||
_multipath
|
||||
sleep 10
|
||||
}
|
||||
fi
|
||||
fi
|
||||
#result="$(curl -Isk -m 30 https://127.0.0.1:65500/status | head -n 1 | grep 405)"
|
||||
#if [ "$result" = "" ]; then
|
||||
# logger -t "OMR-Service" "Restart OMR Admin"
|
||||
# systemctl -q restart omr-admin
|
||||
# sleep 10
|
||||
#fi
|
||||
_multipath
|
||||
sleep 10
|
||||
done
|
||||
|
|
|
@ -5,7 +5,8 @@ After=network.target network-online.target
|
|||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
|
||||
ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
|
||||
RemainAfterExit=true
|
||||
ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -6,6 +6,7 @@ proto tcp
|
|||
port 65301
|
||||
persist-tun
|
||||
persist-key
|
||||
reneg-sec 0
|
||||
duplicate-cn
|
||||
verb 3
|
||||
server 10.255.252.0 255.255.255.0
|
||||
|
@ -14,7 +15,7 @@ cert /etc/openvpn/ca/pki/issued/server.crt
|
|||
key /etc/openvpn/ca/pki/private/server.key
|
||||
dh /etc/openvpn/server/dh2048.pem
|
||||
crl-verify /etc/openvpn/ca/pki/crl.pem
|
||||
keepalive 10 120
|
||||
keepalive 10 240
|
||||
sndbuf 0
|
||||
rcvbuf 0
|
||||
tls-server
|
||||
|
|
|
@ -4,6 +4,7 @@ proto udp
|
|||
port 65301
|
||||
persist-tun
|
||||
persist-key
|
||||
reneg-sec 0
|
||||
duplicate-cn
|
||||
#ncp-disable
|
||||
#mssfix 1300
|
||||
|
@ -14,4 +15,4 @@ cert /etc/openvpn/ca/pki/issued/server.crt
|
|||
key /etc/openvpn/ca/pki/private/server.key
|
||||
dh /etc/openvpn/server/dh2048.pem
|
||||
crl-verify /etc/openvpn/ca/pki/crl.pem
|
||||
keepalive 10 120
|
||||
keepalive 10 240
|
||||
|
|
|
@ -6,7 +6,10 @@ After=network-online.target
|
|||
Type=simple
|
||||
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
LimitNOFILE=99999
|
||||
LimitNPROC=99999
|
||||
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -50,6 +50,8 @@ net.core.default_qdisc = fq
|
|||
# Default conntrack is too small
|
||||
net.netfilter.nf_conntrack_max = 131072
|
||||
|
||||
net.ipv4.conf.all.log_martians = 0
|
||||
|
||||
# MPTCP settings
|
||||
net.mptcp.mptcp_checksum = 0
|
||||
net.mptcp.mptcp_syn_retries = 1
|
||||
|
|
|
@ -15,9 +15,9 @@
|
|||
###############################################################################
|
||||
#ZONE INTERFACE OPTIONS
|
||||
net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
|
||||
vpn gt-tun+ nosmurfs,routefilter,tcpflags
|
||||
vpn gt-udp-tun+ nosmurfs,routefilter,tcpflags
|
||||
vpn mlvpn+ nosmurfs,routefilter,tcpflags
|
||||
vpn tun+ nosmurfs,routefilter,tcpflags
|
||||
vpn dsvpn+ nosmurfs,routefilter,tcpflags
|
||||
vpn gt-tun+ nosmurfs,tcpflags
|
||||
vpn gt-udp-tun+ nosmurfs,tcpflags
|
||||
vpn mlvpn+ nosmurfs,tcpflags
|
||||
vpn tun+ nosmurfs,tcpflags
|
||||
vpn dsvpn+ nosmurfs,tcpflags
|
||||
|
||||
|
|
|
@ -144,7 +144,7 @@ BASIC_FILTERS=No
|
|||
|
||||
BLACKLIST="NEW,INVALID,UNTRACKED"
|
||||
|
||||
CHAIN_SCRIPTS=Yes
|
||||
#CHAIN_SCRIPTS=Yes
|
||||
|
||||
CLAMPMSS=No
|
||||
|
||||
|
@ -180,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No
|
|||
|
||||
IMPLICIT_CONTINUE=No
|
||||
|
||||
INLINE_MATCHES=No
|
||||
#INLINE_MATCHES=No
|
||||
|
||||
IPSET_WARNINGS=Yes
|
||||
|
||||
|
@ -188,7 +188,7 @@ IP_FORWARDING=On
|
|||
|
||||
KEEP_RT_TABLES=No
|
||||
|
||||
LOAD_HELPERS_ONLY=Yes
|
||||
#LOAD_HELPERS_ONLY=Yes
|
||||
|
||||
MACLIST_TABLE=filter
|
||||
|
||||
|
@ -196,13 +196,13 @@ MACLIST_TTL=
|
|||
|
||||
MANGLE_ENABLED=Yes
|
||||
|
||||
MAPOLDACTIONS=No
|
||||
#MAPOLDACTIONS=No
|
||||
|
||||
MARK_IN_FORWARD_CHAIN=No
|
||||
|
||||
MINIUPNPD=No
|
||||
|
||||
MODULE_SUFFIX=ko
|
||||
#MODULE_SUFFIX=ko
|
||||
|
||||
MULTICAST=No
|
||||
|
||||
|
|
|
@ -15,5 +15,5 @@
|
|||
###############################################################################
|
||||
#ZONE INTERFACE OPTIONS
|
||||
net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1,routeback
|
||||
vpn omr-6in4 tcpflags,forward=1,routeback
|
||||
vpn omr-6in4-user+ tcpflags,forward=1,routeback
|
||||
|
||||
|
|
|
@ -18,4 +18,4 @@
|
|||
MASQUERADE fe80::/10,\
|
||||
fd00::/8 $NET_IFACE
|
||||
# SNAT from VPN server for all VPN clients
|
||||
SNAT(fe80::a00:1) ::/0 omr-6in4
|
||||
SNAT(fe80::a00:1) ::/0 omr-6in4-user+
|
||||
|
|
|
@ -13,6 +13,6 @@
|
|||
###############################################################################
|
||||
#ACTION SOURCE DEST PROTO DEST SOURCE
|
||||
# PORT(S) PORT(S)
|
||||
ACCEPT omr-6in4 -
|
||||
ACCEPT - omr-6in4
|
||||
#ACCEPT omr-6in4 -
|
||||
#ACCEPT - omr-6in4
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue