Merge pull request #2 from Ysurac/develop

sync

debian11-x86_64.sh

@@ -0,0 +1 @@
+debian9-x86_64.sh

debian9-x86_64.sh

@@ -105,11 +105,13 @@ fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
 	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
 	exit 1
-elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
+elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
-	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
+	echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
+	echo "Use debian when possible"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+	echo "Use Debian when possible"
 	exit 1
 fi
 
@@ -284,6 +286,10 @@ if [ "$ID" = "debian" ]; then
 elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
+	[ "$VERSION_ID" = "22.04" ] && {
+		apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+		echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list
+	}
 fi
 # Install mptcp kernel and shadowsocks
 echo "Install mptcp kernel and shadowsocks..."

multipath

@@ -117,7 +117,7 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
 else
         ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
         IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
-        IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+        IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
         [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
         case $TYPE in

omr-service

@@ -20,26 +20,32 @@ _multipath() {
 }
 
 _glorytun_udp() {
-	[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
+	if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
-		logger -t "OMR-Service" "Restart Glorytun-UDP"
+		[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
-		systemctl -q restart 'glorytun-udp@*'
+			logger -t "OMR-Service" "Restart Glorytun-UDP"
-	}
+			systemctl -q restart 'glorytun-udp@*'
-	for intf in /etc/glorytun-udp/tun*; do
+			sleep 10
-		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
+		}
-	done
+		for intf in /etc/glorytun-udp/tun*; do
+			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
+		done
+	fi
 }
 
 _glorytun_tcp() {
-	for intf in /etc/glorytun-tcp/tun*; do
+	if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
-		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
+		for intf in /etc/glorytun-tcp/tun*; do
-	done
+			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
-	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+		done
-		localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
+		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		[ -z "$localip" ] && localip="10.255.255.1"
+			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
-		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+			[ -z "$localip" ] && localip="10.255.255.1"
-		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
+			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
+			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
-			systemctl restart glorytun-tcp@tun0
+				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
+				systemctl restart glorytun-tcp@tun0
+				sleep 10
+			fi
 		fi
 	fi
 }
@@ -49,19 +55,22 @@ _dsvpn() {
 }
 
 _shadowsocks() {
-	[ -z "$(pgrep ss-server)" ] && {
+	[ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
 		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
 		systemctl restart shadowsocks-libev-manager@manager
 	}
 }
 
 _wireguard() {
-	[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+	if [ -n "$(systemctl -a | grep 'wg')" ]; then
+		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null
+	fi
 }
 
 
 _omr_api() {
-	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
+	[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Restart OMR-Admin"
 		systemctl -q restart omr-admin
 	}
@@ -71,7 +80,7 @@ _lan_route() {
 	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
-		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
+		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then
 			echo "$c" | jq -c -r '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')

shorewall4/interfaces

@@ -20,6 +20,7 @@ vpn	gt-udp-tun+	nosmurfs,tcpflags
 vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
 vpn	wg+		nosmurfs,tcpflags
+vpncl	client-wg+	nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
 vpn	omr-bonding	nosmurfs,tcpflags

shorewall4/policy

@@ -19,6 +19,8 @@ fw              vpn             ACCEPT
 fw              net             ACCEPT
 net             all             DROP
 vpn		vpn		DROP
+vpncl		vpn		ACCEPT
+vpn		vpncl		ACCEPT
 # THE FOLLOWING POLICY MUST BE LAST
 all		all		REJECT
 

shorewall4/shorewall.conf

@@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
 
 AUTOCOMMENT=Yes
 
-AUTOHELPERS=Yes
+AUTOHELPERS=No
 
 AUTOMAKE=No
 
@@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
 
 CLAMPMSS=No
 
-CLEAR_TC=Yes
+CLEAR_TC=No
 
 COMPLETE=No
 
 DEFER_DNS_RESOLUTION=Yes
 
-DELETE_THEN_ADD=Yes
+DELETE_THEN_ADD=No
 
 DETECT_DNAT_IPADDRS=No
 
@@ -163,7 +163,7 @@ DISABLE_IPV6=No
 
 DOCKER=No
 
-DONT_LOAD=
+DONT_LOAD=nf_conntrack_sip
 
 DYNAMIC_BLACKLIST=Yes
 
@@ -233,7 +233,7 @@ SAVE_ARPTABLES=No
 
 SAVE_IPSETS=No
 
-TC_ENABLED=Simple
+TC_ENABLED=No
 
 TC_EXPERT=No
 

shorewall4/stoppedrules

@@ -25,4 +25,6 @@ ACCEPT          tun+		-
 ACCEPT          -               tun+
 ACCEPT          wg+		-
 ACCEPT          -               wg+
+ACCEPT          client-wg+	-
+ACCEPT          -               client-wg+
 

shorewall4/tcinterfaces

@@ -1,3 +1,3 @@
 #INTERFACE             TYPE          IN-BANDWIDTH        OUT-BANDWIDTH
 $NET_IFACE		External
-$VPS_IFACE		Internal
+#$VPS_IFACE		Internal

shorewall4/zones

@@ -16,4 +16,5 @@
 fw      firewall
 net     ipv4
 vpn     ipv4
+vpncl   ipv4