diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index f51b251..06efc7e 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -19,11 +19,11 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev KERNEL_VERSION="4.19.80" KERNEL_PACKAGE_VERSION="1.6+c62d9f6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -GLORYTUN_UDP_VERSION="7f30cdc5ee2e89f0008144ad71f4c0bd4215a0f4" +GLORYTUN_UDP_VERSION="13703fb15fb6a225ccf2488e3680ac14331c1c9e" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="60a72b11bedb94ccc03da58d8c418642c0230402" +OMR_ADMIN_VERSION="9f69540b62b9919123dc39e256421ad4d55f51dc" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" #V2RAY_VERSION="v1.1.0" V2RAY_VERSION="v1.2.0-8-g59b8f4f" @@ -308,10 +308,16 @@ if [ "$OMR_ADMIN" = "yes" ]; then fi #apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel #apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel - apt-get -y install python3-passlib python3-jwt python3-netaddr + if [ "$ID" = "ubuntu" ]; then + apt-get -y install python3-passlib python3-netaddr + apt-get -y remove python3-jwt + pip3 -q install pyjwt + else + apt-get -y install python3-passlib python3-jwt python3-netaddr + fi echo '-- pip3 install needed python modules' #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr - pip3 install fastapi netjsonconfig python-multipart uvicorn + pip3 -q install fastapi netjsonconfig python-multipart uvicorn mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /var/opt/openmptcprouter wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/${VPSPATH}/omr-admin.service.in @@ -502,19 +508,25 @@ if [ "$OPENVPN" = "yes" ]; then cd /tmp tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp/EasyRSA-v${EASYRSA_VERSION} - mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued - ./easyrsa init-pki - ./easyrsa --batch build-ca nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass - EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass - EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl - mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt - mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key - mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt - mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key - mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem - mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt - mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key + mkdir /etc/openvpn/ca + cp easyrsa /etc/openvpn/ca/ + cp openssl-easyrsa.cnf /etc/openvpn/ca/ + cp vars.example /etc/openvpn/ca/vars + cp -r x509-types /etc/openvpn/ca/ + + #mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued + #./easyrsa init-pki + #./easyrsa --batch build-ca nopass + #EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass + #EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass + #EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl + #mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt + #mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key + #mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt + #mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key + #mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem + #mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt + #mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key fi if [ -f "/etc/openvpn/server/server.crt" ]; then @@ -686,9 +698,9 @@ wget -O /usr/local/bin/multipath https://www.openmptcprouter.com/${VPSPATH}/mult chmod 755 /usr/local/bin/multipath # Add OpenMPTCProuter service -#wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service -#chmod 755 /usr/local/bin/omr-service -#wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in +wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/${VPSPATH}/omr-service +chmod 755 /usr/local/bin/omr-service +wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/${VPSPATH}/omr.service.in wget -O /usr/local/bin/omr-6in4-run https://www.openmptcprouter.com/${VPSPATH}/omr-6in4-run chmod 755 /usr/local/bin/omr-6in4-run wget -O /lib/systemd/system/omr6in4@.service https://www.openmptcprouter.com/${VPSPATH}/omr6in4%40.service.in @@ -696,7 +708,7 @@ if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi -#systemctl enable omr.service +systemctl enable omr.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config diff --git a/dsvpn-run b/dsvpn-run new file mode 100644 index 0000000..e4d1ff8 --- /dev/null +++ b/dsvpn-run @@ -0,0 +1,19 @@ +#!/bin/sh + +set -e + +if [ ! -f "$1" ]; then + echo "usage: $(basename "$0") FILE" + exit 1 +fi + +. "$(readlink -f "$1")" + +exec dsvpn \ + ${MODE:+server} \ + "$1".key \ + auto \ + ${PORT:+65401} \ + ${DEV:+dsvpn0} \ + ${LOCALTUNIP:+10.255.251.1} \ + ${REMOTETUNIP:+10.255.251.1} diff --git a/dsvpn-server@.service.in b/dsvpn-server@.service.in new file mode 100644 index 0000000..25cc20e --- /dev/null +++ b/dsvpn-server@.service.in @@ -0,0 +1,10 @@ +[Unit] +Description=Dead Simple VPN - Server on %I + +[Service] +ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i +Restart=always +RestartSec=15 + +[Install] +WantedBy=network.target \ No newline at end of file diff --git a/dsvpn0-config b/dsvpn0-config new file mode 100644 index 0000000..c4164cf --- /dev/null +++ b/dsvpn0-config @@ -0,0 +1,5 @@ +PORT=65401 +DEV=dsvpn0 +MODE=server +LOCALTUNIP=10.255.251.1 +REMOTETUNIP=10.255.251.2 \ No newline at end of file diff --git a/glorytun-tcp-post.sh b/glorytun-tcp-post.sh new file mode 100644 index 0000000..f494e11 --- /dev/null +++ b/glorytun-tcp-post.sh @@ -0,0 +1,8 @@ +#!/bin/sh +. "$(readlink -f "$1")" + +INTF=gt-${DEV} +[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1" +[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3" +ip link set dev ${INTF} up +ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh new file mode 100644 index 0000000..73a3853 --- /dev/null +++ b/glorytun-udp-post.sh @@ -0,0 +1,8 @@ +#!/bin/sh +. "$(readlink -f "$1")" + +INTF=gt-udp-${DEV} +[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1" +[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3" +ip link set dev ${INTF} up +ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} diff --git a/omr-6in4-run b/omr-6in4-run new file mode 100755 index 0000000..69f8d0d --- /dev/null +++ b/omr-6in4-run @@ -0,0 +1,22 @@ +#!/bin/sh + +set -e + +if [ ! -f "$2" ]; then + echo "usage: $(basename "$0") FILE" + exit 1 +fi + +. "$(readlink -f "$2")" + +DEV="omr-6in4-$(basename "$2")" + +if [ "$1" = "start" ]; then + [ -n "$(ip tunnel show ${DEV})" ] && ip tunnel del ${DEV} 2>&1 >/dev/null + ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP} + ip -6 addr add ${LOCALIP6} dev ${DEV} + ip link set ${DEV} up +fi +if [ "$1" = "stop" ]; then + ip tunnel del ${DEV} +fi diff --git a/omr-service b/omr-service index 4320f55..44f0305 100755 --- a/omr-service +++ b/omr-service @@ -113,7 +113,7 @@ $allip_mlvpn" current_vpn="$(cat /etc/openmptcprouter-vps-admin/current-vpn)" [ "$current_vpn" = "glorytun_tcp" ] && systemctl -q restart glorytun-tcp@tun0 [ "$current_vpn" = "glorytun_udp" ] && systemctl -q restart glorytun-udp@tun0 - systemctl -q restart systemd-networkd + #systemctl -q restart systemd-networkd _multipath sleep 10 } diff --git a/omr6in4@.service.in b/omr6in4@.service.in new file mode 100644 index 0000000..71b3542 --- /dev/null +++ b/omr6in4@.service.in @@ -0,0 +1,11 @@ +[Unit] +Description=OMR6IN4 on %I +After=network.target network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i +ExecStop=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i + +[Install] +WantedBy=multi-user.target diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz new file mode 100644 index 0000000..35205d4 Binary files /dev/null and b/openmptcprouter-shorewall.tar.gz differ diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz new file mode 100644 index 0000000..b43e80d Binary files /dev/null and b/openmptcprouter-shorewall6.tar.gz differ diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index c95e3b4..2b09931 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -19,6 +19,6 @@ sndbuf 0 rcvbuf 0 tls-server tls-version-min 1.2 -compress lzo +#compress lzo push "route 10.255.252.1 255.255.255.255" client-config-dir ccd