mptcp/openmptcprouter-vps
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-02-12 11:21:56 +00:00
Code Issues Releases Wiki Activity

Merge develop to master branch

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2024-04-10 17:32:48 +00:00
commit fd2a3f1a27
27 changed files with 1580 additions and 458 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
debian-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian12-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1255
debian9-x86_64.sh
View file

File diff suppressed because it is too large Load diff

3
iperf3.override.conf Normal file
View file

@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem

2
iperf3.service.in
View file

@ -3,7 +3,7 @@ Description=iperf3
Requires=network.target
[Service]
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
Restart=on-failure
[Install]

4
multipath
View file

@ -117,7 +117,9 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
else
ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
#IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
[ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in

82
omr-bypass Executable file
View file

@ -0,0 +1,82 @@
#!/bin/sh
# Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Released under GPL 3. See LICENSE for the full terms.
[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
# Configuration
INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
TABLE="991337"
MARK="0x539"
CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
# Action
ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q --exist restore <<-EOF
create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
EOF
ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
for ip in $ipv4; do
ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
done
ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
for ip in $ipv6; do
ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
done
iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
if [ -n "$GATEWAY6" ]; then
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
fi

12
omr-bypass.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-ByPass
After=network.target network-online.target shorewall.service
[Service]
Type=simple
ExecStart=/usr/local/bin/omr-bypass
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target

8
omr-bypass.timer.in Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Timer for omr-bypass
[Timer]
OnUnitActiveSec=300
[Install]
WantedBy=timers.target

4
omr-pihole.sh
View file

@ -31,13 +31,13 @@ $SERVER["socket"] == "10.255.252.1:80" { }
$SERVER["socket"] == "10.255.251.1:80" { }
$SERVER["socket"] == "10.255.253.1:80" { }
EOF
systemctl -q restart lighttpd
systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd
grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fe80::aff:ff01/64
IPV6_ADDRESS=fd00::a00:/106
RATE_LIMIT=0/0
EOF

50
omr-service
View file

@ -7,13 +7,13 @@ _multipath() {
for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then
if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on 2>&1 >/dev/null
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
multipath $intf signal
multipath $intf signal 2>&1 >/dev/null
ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
}
else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off 2>&1 >/dev/null
fi
fi
done
@ -29,6 +29,7 @@ _glorytun_udp() {
for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
#ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null
fi
}
@ -41,12 +42,13 @@ _glorytun_tcp() {
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.255.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
sleep 10
fi
fi
#ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null
fi
}
@ -58,18 +60,40 @@ _dsvpn() {
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
systemctl restart dsvpn@dsvpn0
systemctl restart dsvpn-server@dsvpn0
fi
#ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
fi
}
_shadowsocks() {
[ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
[ -n "$(systemctl -a | grep 'shadowsocks-libev')" ] && [ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
systemctl restart shadowsocks-libev-manager@manager
}
}
_shadowsocks_go() {
[ -n "$(systemctl -a | grep 'shadowsocks-go')" ] && [ -z "$(pgrep shadowsocks-go)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
systemctl restart shadowsocks-go
}
}
_xray() {
[ -n "$(systemctl -a | grep 'xray')" ] && [ -z "$(pgrep xray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart XRay"
systemctl restart xray
}
}
_v2ray() {
[ -n "$(systemctl -a | grep 'v2ray')" ] && [ -z "$(pgrep v2ray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
systemctl restart v2ray
}
}
_wireguard() {
if [ -n "$(systemctl -a | grep 'wg')" ]; then
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
@ -80,7 +104,7 @@ _wireguard() {
_omr_api() {
[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin"
logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
systemctl -q restart omr-admin
}
}
@ -111,11 +135,11 @@ _gre_tunnels() {
. "$(readlink -f "$intf")"
iface="$(basename $intf)"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
ip tunnel del $iface 2>&1 >/dev/null
[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface 2>&1 >/dev/null
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
ip link set $iface up 2>&1 >/dev/null
ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
ip route add $NETWORK dev $iface 2>&1 >/dev/null
ip route add $NETWORK dev $iface onlink 2>&1 >/dev/null
fi
fi
done
@ -151,10 +175,16 @@ _openvpn_bonding() {
sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
modprobe bonding 2>&1 >/dev/null
ip link add omr-bonding type bond 2>&1 >/dev/null
#[ -n "$(uname -r | grep '6.1')" ] && {
# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
#}
while true; do
_glorytun_udp
_glorytun_tcp
_shadowsocks
_shadowsocks_go
_xray
_v2ray
_dsvpn
_wireguard
_multipath

2
omr.service.in
View file

@ -1,6 +1,6 @@
[Unit]
Description=OMR
After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service
After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service
[Service]
Type=simple

BIN
openmptcprouter-shorewall6.tar.gz
View file

Binary file not shown.

32
openvpn-tun0.6.1.conf Normal file
View file

@ -0,0 +1,32 @@
topology subnet
dev tun0
user nobody
group nogroup
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
disable-dco
proto tcp-server
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
ifconfig-pool-persist ccd/ipp_tcp.txt
passtos
management 127.0.0.1 65302

4
openvpn-tun0.conf
View file

@ -18,8 +18,12 @@ crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
sndbuf 0
rcvbuf 0
txqueuelen 2000
tun-mtu 1400
mssfix 1360
tls-server
tls-version-min 1.2
#compress lzo
push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
management localhost 65302

29
openvpn-tun1.6.1.conf Normal file
View file

@ -0,0 +1,29 @@
topology subnet
dev tun1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
proto udp
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.250.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
push "route 10.255.250.1 255.255.255.255"
client-config-dir ccd
#ifconfig-pool-persist ccd/ipp_udp.txt
fast-io
passtos

39
shadowsocks-go.server.json Normal file
View file

@ -0,0 +1,39 @@
{
"servers": [
{
"name": "ss-2022",
"protocol": "2022-blake3-aes-256-gcm",
"tcpListeners": [
{
"network": "tcp",
"address": ":65280",
"fastOpen": false,
"reusePort": false,
"multipath": true
}
],
"enableTCP": true,
"listenerTFO": false,
"enableUDP": true,
"mtu": 1500,
"psk": "PSK",
"uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
}
],
"stats": {
"enabled": true
},
"api": {
"enabled": true,
"debugPprof": false,
"enableTrustedProxyCheck": false,
"trustedProxies": [],
"proxyHeader": "X-Forwarded-For",
"listen": "127.0.0.1:65279",
"certFile": "",
"keyFile": "",
"clientCertFile": "",
"secretPath": "",
"fiberConfigPath": ""
}
}

67
shadowsocks.6.1.conf Normal file
View file

@ -0,0 +1,67 @@
# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 16777216
# max write buffer
net.core.wmem_max = 16777216
#net.core.optmem_max = 33554432
# default read buffer
#net.core.rmem_default = 16777216
# default write buffer
#net.core.wmem_default = 16777216
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 10240
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 1638400 1638400 1638400
# UDP buffer
#net.ipv4.udp_mem = 4096 87380 16777216
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 16777216
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 16777216
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.mptcp.checksum_enabled = 0
net.mptcp.add_addr_timeout = 120
net.mptcp.allow_join_initial_addr_port = 1
net.mptcp.enabled = 1
net.mptcp.pm_type = 0
net.mptcp.stale_loss_cnt = 4
net.ipv4.tcp_ecn = 2

7
shadowsocks.conf
View file

@ -22,7 +22,7 @@ net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 80
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
@ -47,10 +47,11 @@ net.ipv4.tcp_wmem = 4096 65536 33554432
net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0

6
shorewall6/shorewall6.conf
View file

@ -138,7 +138,7 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
#CHAIN_SCRIPTS=Yes
CLAMPMSS=No
@ -168,7 +168,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
INLINE_MATCHES=No
#INLINE_MATCHES=No
IPSET_WARNINGS=Yes
@ -176,7 +176,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=Yes
LOAD_HELPERS_ONLY=Yes
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter

2
tun0.glorytun
View file

@ -4,4 +4,4 @@ DEV=tun0
SERVER=true
MPTCP=true
IPV6=true
OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue"

100
v2ray-server.json
View file

@ -1,6 +1,6 @@
{
"log": {
"loglevel": "warning",
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"transport": {
@ -34,6 +34,7 @@
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
@ -48,6 +49,98 @@
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65230,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65231,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65229,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"listen": "127.0.0.1",
"port": 10085,
@ -72,7 +165,10 @@
{
"type": "field",
"inboundTag": [
"omrin-tunnel"
"omrin-tunnel",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [

18
v2ray.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target

244
xray-server.json Normal file
View file

@ -0,0 +1,244 @@
{
"log": {
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"transport": {
"tcpSettings": {},
"wsSettings": {},
"kcpSettings": {
"mtu": 1460,
"tti": 10,
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": false,
"readBufferSize": 8,
"writeBufferSize": 8
}
},
"inbounds": [
{
"tag": "omrin-tunnel",
"port": 65248,
"protocol": "vless",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65250,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65251,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65249,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-shadowsocks-tunnel",
"port": 65252,
"protocol": "shadowsocks",
"settings": {
"password": "XRAY_PSK",
"method": "2022-blake3-aes-256-gcm",
"network": "tcp,udp",
"clients": [
{
"password": "XRAY_UPSK",
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp"
}
},
{
"listen": "127.0.0.1",
"port": 10086,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-tunnel",
"omrin-vless-reality",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [
"full:omr.lan"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
"stats": {},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}

47
xray-vless-reality.json Normal file
View file

@ -0,0 +1,47 @@
{
"inbounds": [
{
"port": 443,
"tag": "omrin-vless-reality",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "XRAY_UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "1.1.1.1:443",
"serverNames": [
""
],
"privateKey": "XRAY_X25519_PRIVATE_KEY",
"publicKey": "XRAY_X25519_PUBLIC_KEY",
"shortIds": [
""
]
},
"sockopt": {
"tcpMptcp": true,
"mark": 0
}
}
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-vless-reality"
]
}
]
}
}

18
xray.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=XRay Service
Documentation=https://xtls.github.io/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target