mirror of
https://github.com/Ysurac/openmptcprouter-vps.git
synced 2025-02-12 11:21:56 +00:00
Update to latest API and scripts
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
5b8b41326e
commit
ff74a1b298
10 changed files with 362 additions and 271 deletions
|
|
@ -6,7 +6,8 @@ DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[
|
||||||
NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
|
NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
|
||||||
OBFS=${OBFS:-yes}
|
OBFS=${OBFS:-yes}
|
||||||
V2RAY=${V2RAY:-yes}
|
V2RAY=${V2RAY:-yes}
|
||||||
UPDATE_DEBIAN=${UPDATE_DEBIAN:-yes}
|
UPDATE_OS=${UPDATE_OS:-yes}
|
||||||
|
UPDATE=${UPDATE:-yes}
|
||||||
TLS=${TLS:-yes}
|
TLS=${TLS:-yes}
|
||||||
OMR_ADMIN=${OMR_ADMIN:-yes}
|
OMR_ADMIN=${OMR_ADMIN:-yes}
|
||||||
OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
|
||||||
|
|
@ -15,21 +16,22 @@ MLVPN=${MLVPN:-yes}
|
||||||
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
|
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
|
||||||
OPENVPN=${OPENVPN:-yes}
|
OPENVPN=${OPENVPN:-yes}
|
||||||
DSVPN=${DSVPN:-yes}
|
DSVPN=${DSVPN:-yes}
|
||||||
|
SOURCES=${SOURCES:-yes}
|
||||||
NOINTERNET=${NOINTERNET:-no}
|
NOINTERNET=${NOINTERNET:-no}
|
||||||
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
|
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
|
||||||
KERNEL_VERSION="5.4.0"
|
KERNEL_VERSION="5.4.42"
|
||||||
KERNEL_PACKAGE_VERSION="1.8+1efcfb3"
|
KERNEL_PACKAGE_VERSION="1.9+1efcfb3"
|
||||||
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
|
KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
|
||||||
GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
|
GLORYTUN_UDP_VERSION="3622f928caf03709c4031a34feec85c623bc5281"
|
||||||
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
|
#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
|
||||||
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
|
MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
|
||||||
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
|
OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
|
||||||
OMR_ADMIN_VERSION="6e4a1e36ebdf8c7876573a4a4c3aafafe88cf5e9"
|
OMR_ADMIN_VERSION="af3b0d55aed7341c2e9e8f5012fc07300e48a8d0"
|
||||||
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
|
DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
|
||||||
#V2RAY_VERSION="v1.1.0"
|
#V2RAY_VERSION="v1.1.0"
|
||||||
V2RAY_VERSION="v1.2.0-8-g59b8f4f"
|
V2RAY_VERSION="v1.2.0-8-g59b8f4f"
|
||||||
EASYRSA_VERSION="3.0.6"
|
EASYRSA_VERSION="3.0.6"
|
||||||
SHADOWSOCKS_VERSION="3.3.4"
|
SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
|
||||||
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
|
VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
|
||||||
VPSPATH="server-test"
|
VPSPATH="server-test"
|
||||||
|
|
||||||
|
|
@ -50,13 +52,18 @@ fi
|
||||||
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
|
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
|
||||||
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
|
echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ]; then
|
elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
|
||||||
echo "This script only work with Ubuntu 18.04 or Ubuntu 19.04"
|
echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
|
||||||
exit 1
|
exit 1
|
||||||
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
|
elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
|
||||||
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
|
echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
ARCH=$(dpkg --print-architecture | tr -d "\n")
|
||||||
|
if [ "$ARCH" != "amd64" ]; then
|
||||||
|
echo "Only x86_64 (amd64) is supported"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# Check if DPKG is locked and for broken packages
|
# Check if DPKG is locked and for broken packages
|
||||||
#dpkg -i /dev/zero 2>/dev/null
|
#dpkg -i /dev/zero 2>/dev/null
|
||||||
|
|
@ -81,6 +88,7 @@ fi
|
||||||
|
|
||||||
# Check if OpenMPTCProuter VPS is already installed
|
# Check if OpenMPTCProuter VPS is already installed
|
||||||
update="0"
|
update="0"
|
||||||
|
if [ "$UPDATE" = "yes" ]; then
|
||||||
if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
|
if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then
|
||||||
update="1"
|
update="1"
|
||||||
elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then
|
elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then
|
||||||
|
|
@ -88,6 +96,7 @@ elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head
|
||||||
elif [ -f /root/openmptcprouter_config.txt ]; then
|
elif [ -f /root/openmptcprouter_config.txt ]; then
|
||||||
update="1"
|
update="1"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
|
|
@ -99,7 +108,7 @@ rm -f /var/cache/apt/archives/lock
|
||||||
apt-get -y install apt-transport-https gnupg
|
apt-get -y install apt-transport-https gnupg
|
||||||
|
|
||||||
#if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
|
#if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
|
||||||
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ]; then
|
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
|
||||||
echo "Update Debian 9 Stretch to Debian 10 Buster"
|
echo "Update Debian 9 Stretch to Debian 10 Buster"
|
||||||
apt-get -y -f --force-yes upgrade
|
apt-get -y -f --force-yes upgrade
|
||||||
apt-get -y -f --force-yes dist-upgrade
|
apt-get -y -f --force-yes dist-upgrade
|
||||||
|
|
@ -109,6 +118,16 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes"
|
||||||
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
|
||||||
VERSION_ID="10"
|
VERSION_ID="10"
|
||||||
fi
|
fi
|
||||||
|
if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
|
||||||
|
echo "Update Ubutnu 18.04 to Ubuntu 20.04"
|
||||||
|
apt-get -y -f --force-yes upgrade
|
||||||
|
apt-get -y -f --force-yes dist-upgrade
|
||||||
|
sed -i 's:bionic:focal:g' /etc/apt/sources.list
|
||||||
|
apt-get update
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
|
||||||
|
VERSION_ID="20.04"
|
||||||
|
fi
|
||||||
# Add OpenMPTCProuter repo
|
# Add OpenMPTCProuter repo
|
||||||
echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
|
echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
|
||||||
cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
|
cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
|
||||||
|
|
@ -139,7 +158,7 @@ wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter
|
||||||
wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
|
wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
|
||||||
# Rename bzImage to vmlinuz, needed when custom kernel was used
|
# Rename bzImage to vmlinuz, needed when custom kernel was used
|
||||||
cd /boot
|
cd /boot
|
||||||
apt-get -y install rename curl libcurl4
|
apt-get -y install rename curl libcurl4 unzip git
|
||||||
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
|
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
|
||||||
#apt-get -y install linux-mptcp
|
#apt-get -y install linux-mptcp
|
||||||
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
|
#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
|
||||||
|
|
@ -158,24 +177,34 @@ cd /tmp
|
||||||
bash update-grub.sh ${KERNEL_VERSION}-mptcp
|
bash update-grub.sh ${KERNEL_VERSION}-mptcp
|
||||||
bash update-grub.sh ${KERNEL_RELEASE}
|
bash update-grub.sh ${KERNEL_RELEASE}
|
||||||
|
|
||||||
echo "Install tracebox and iperf3 OpenMPTCProuter edition"
|
echo "Install tracebox OpenMPTCProuter edition"
|
||||||
apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox omr-iperf3
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
|
||||||
|
echo "Install iperf3 OpenMPTCProuter edition"
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
|
||||||
|
|
||||||
|
apt-get -y remove shadowsocks-libev
|
||||||
|
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
#apt -t stretch-backports -y install shadowsocks-libev
|
#apt -t stretch-backports -y install shadowsocks-libev
|
||||||
## Compile Shadowsocks
|
## Compile Shadowsocks
|
||||||
rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
||||||
wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
|
#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
|
||||||
cd /tmp
|
cd /tmp
|
||||||
tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
|
rm -rf shadowsocks-libev
|
||||||
cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
git clone https://github.com/Ysurac/shadowsocks-libev.git
|
||||||
wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
|
cd shadowsocks-libev
|
||||||
patch -p1 < 020-NOCRYPTO.patch
|
git checkout ${SHADOWSOCKS_VERSION}
|
||||||
wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
|
git submodule update --init --recursive
|
||||||
patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
|
#tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
|
||||||
wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
|
#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
||||||
patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
|
#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
|
||||||
wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
|
#patch -p1 < 020-NOCRYPTO.patch
|
||||||
patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
|
#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
|
||||||
|
#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
|
||||||
|
#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
|
||||||
|
#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
|
||||||
|
#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
|
||||||
|
#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
|
||||||
# Shadowsocks eBPF support
|
# Shadowsocks eBPF support
|
||||||
#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
|
#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
|
||||||
#patch -p1 < 030-eBPF.patch
|
#patch -p1 < 030-eBPF.patch
|
||||||
|
|
@ -199,7 +228,7 @@ patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
|
||||||
#rm -rf /tmp/libbpf
|
#rm -rf /tmp/libbpf
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged
|
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
|
||||||
sleep 1
|
sleep 1
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
|
|
@ -218,7 +247,7 @@ elif [ "$ID" = "ubuntu" ]; then
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get -y install libsodium-dev
|
apt-get -y install libsodium-dev
|
||||||
fi
|
fi
|
||||||
cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
|
mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
|
||||||
|
|
@ -228,10 +257,15 @@ dpkg-buildpackage -b -us -uc
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
cd /tmp
|
cd /tmp
|
||||||
dpkg -i shadowsocks-libev_${SHADOWSOCKS_VERSION}-1_amd64.deb
|
#dpkg -i shadowsocks-libev_*.deb
|
||||||
|
dpkg -i omr-shadowsocks-libev_*.deb
|
||||||
#mkdir -p /usr/lib/shadowsocks-libev
|
#mkdir -p /usr/lib/shadowsocks-libev
|
||||||
#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
|
#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
|
||||||
rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
|
||||||
|
rm -rf /tmp/shadowsocks-libev
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev
|
||||||
|
fi
|
||||||
|
|
||||||
# Load OLIA Congestion module at boot time
|
# Load OLIA Congestion module at boot time
|
||||||
if ! grep -q olia /etc/modules ; then
|
if ! grep -q olia /etc/modules ; then
|
||||||
|
|
@ -284,7 +318,6 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
#echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list
|
#echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list
|
||||||
#echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local
|
#echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local
|
||||||
#apt-get update
|
#apt-get update
|
||||||
apt-get -y install unzip
|
|
||||||
#apt-get -y -t buster install python3.7-dev
|
#apt-get -y -t buster install python3.7-dev
|
||||||
#apt-get -y -t buster install python3-pip python3-setuptools python3-wheel
|
#apt-get -y -t buster install python3-pip python3-setuptools python3-wheel
|
||||||
if [ "$(whereis python3 | grep python3.7)" = "" ]; then
|
if [ "$(whereis python3 | grep python3.7)" = "" ]; then
|
||||||
|
|
@ -305,7 +338,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
pip3 -q install setuptools wheel
|
pip3 -q install setuptools wheel
|
||||||
pip3 -q install pyopenssl
|
pip3 -q install pyopenssl
|
||||||
else
|
else
|
||||||
apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel python3-dev
|
apt-get -y install python3-openssl python3-pip python3-setuptools python3-wheel python3-dev
|
||||||
fi
|
fi
|
||||||
#apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel
|
#apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel
|
||||||
#apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel
|
#apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel
|
||||||
|
|
@ -316,25 +349,27 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
else
|
else
|
||||||
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
|
apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
|
||||||
fi
|
fi
|
||||||
|
apt-get -y install python3-uvicorn jq ipcalc python3-netifaces
|
||||||
echo '-- pip3 install needed python modules'
|
echo '-- pip3 install needed python modules'
|
||||||
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
|
#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
|
||||||
pip3 -q install fastapi netjsonconfig python-multipart uvicorn
|
#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
|
||||||
|
pip3 -q install fastapi netjsonconfig python-multipart -U
|
||||||
mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
|
mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
|
||||||
|
mkdir -p /etc/openmptcprouter-vps-admin/intf
|
||||||
mkdir -p /var/opt/openmptcprouter
|
mkdir -p /var/opt/openmptcprouter
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/${VPSPATH}/omr-admin.service.in
|
wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/${VPSPATH}/omr-admin.service.in
|
||||||
wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
|
wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
|
||||||
cd /tmp
|
cd /tmp
|
||||||
unzip -q -o openmptcprouter-vps-admin.zip
|
unzip -q -o openmptcprouter-vps-admin.zip
|
||||||
if [ -f /usr/local/bin/omr-admin.py ]; then
|
|
||||||
apt-get -y install jq
|
|
||||||
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
|
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
|
||||||
|
if [ -f /usr/local/bin/omr-admin.py ]; then
|
||||||
OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n")
|
OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n")
|
||||||
[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
|
[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
|
||||||
[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
|
[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
|
||||||
OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
|
OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
|
||||||
[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
|
[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
|
||||||
else
|
else
|
||||||
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
|
|
||||||
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
|
cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
|
||||||
cd /etc/openmptcprouter-vps-admin
|
cd /etc/openmptcprouter-vps-admin
|
||||||
fi
|
fi
|
||||||
|
|
@ -352,6 +387,12 @@ if [ "$OMR_ADMIN" = "yes" ]; then
|
||||||
chmod u+x /usr/local/bin/omr-admin.py
|
chmod u+x /usr/local/bin/omr-admin.py
|
||||||
systemctl enable omr-admin.service
|
systemctl enable omr-admin.service
|
||||||
rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
|
rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
|
||||||
|
else
|
||||||
|
apt-get -y install omr-vps-admin
|
||||||
|
OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
|
||||||
|
OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
|
||||||
|
fi
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get shadowsocks optimization
|
# Get shadowsocks optimization
|
||||||
|
|
@ -377,21 +418,24 @@ if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
|
||||||
#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
|
#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
|
||||||
sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
|
sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
|
||||||
[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
|
[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
|
||||||
elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ]; then
|
elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
|
||||||
for i in $(seq 2 $NBCPU); do
|
for i in $(seq 2 $NBCPU); do
|
||||||
sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
|
sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
|
||||||
done
|
done
|
||||||
|
sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json
|
||||||
fi
|
fi
|
||||||
[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
|
[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
|
||||||
#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
|
#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
|
||||||
#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
|
#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
|
||||||
wget -O /lib/systemd/system/shadowsocks-libev-manager@.service https://www.openmptcprouter.com/${VPSPATH}/shadowsocks-libev-manager@.service.in
|
wget -O /lib/systemd/system/shadowsocks-libev-manager@.service https://www.openmptcprouter.com/${VPSPATH}/shadowsocks-libev-manager@.service.in
|
||||||
systemctl disable shadowsocks-libev
|
if systemctl -q is-enabled shadowsocks-libev; then
|
||||||
|
systemctl -q disable shadowsocks-libev
|
||||||
|
fi
|
||||||
[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
|
[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
|
||||||
systemctl enable shadowsocks-libev-manager@manager.service
|
systemctl enable shadowsocks-libev-manager@manager.service
|
||||||
if [ $NBCPU -gt 1 ]; then
|
if [ $NBCPU -gt 1 ]; then
|
||||||
for i in $(seq 1 $NBCPU); do
|
for i in $(seq 1 $NBCPU); do
|
||||||
[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl disable shadowsocks-libev-server@config$i.service
|
[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
|
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
|
||||||
|
|
@ -400,6 +444,7 @@ fi
|
||||||
# Install simple-obfs
|
# Install simple-obfs
|
||||||
if [ "$OBFS" = "yes" ]; then
|
if [ "$OBFS" = "yes" ]; then
|
||||||
echo "Install OBFS"
|
echo "Install OBFS"
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -rf /tmp/simple-obfs
|
rm -rf /tmp/simple-obfs
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
|
|
@ -420,6 +465,9 @@ if [ "$OBFS" = "yes" ]; then
|
||||||
make install
|
make install
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/simple-obfs
|
rm -rf /tmp/simple-obfs
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs
|
||||||
|
fi
|
||||||
#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
|
#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -466,6 +514,7 @@ if [ "$MLVPN" = "yes" ]; then
|
||||||
if [ -f /etc/mlvpn/mlvpn0.conf ]; then
|
if [ -f /etc/mlvpn/mlvpn0.conf ]; then
|
||||||
mlvpnupdate="1"
|
mlvpnupdate="1"
|
||||||
fi
|
fi
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
|
apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git
|
||||||
|
|
@ -480,6 +529,11 @@ if [ "$MLVPN" = "yes" ]; then
|
||||||
./configure --sysconfdir=/etc
|
./configure --sysconfdir=/etc
|
||||||
make
|
make
|
||||||
make install
|
make install
|
||||||
|
cd /tmp
|
||||||
|
rm -rf /tmp/mlvpn
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn
|
||||||
|
fi
|
||||||
wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/${VPSPATH}/mlvpn.network
|
wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/${VPSPATH}/mlvpn.network
|
||||||
wget -O /lib/systemd/system/mlvpn@.service https://www.openmptcprouter.com/${VPSPATH}/mlvpn@.service.in
|
wget -O /lib/systemd/system/mlvpn@.service https://www.openmptcprouter.com/${VPSPATH}/mlvpn@.service.in
|
||||||
mkdir -p /etc/mlvpn
|
mkdir -p /etc/mlvpn
|
||||||
|
|
@ -494,10 +548,8 @@ if [ "$MLVPN" = "yes" ]; then
|
||||||
chown mlvpn /var/opt/mlvpn
|
chown mlvpn /var/opt/mlvpn
|
||||||
systemctl enable mlvpn@mlvpn0.service
|
systemctl enable mlvpn@mlvpn0.service
|
||||||
systemctl enable systemd-networkd.service
|
systemctl enable systemd-networkd.service
|
||||||
cd /tmp
|
|
||||||
rm -rf /tmp/mlvpn
|
|
||||||
fi
|
|
||||||
echo "install mlvpn done"
|
echo "install mlvpn done"
|
||||||
|
fi
|
||||||
if systemctl -q is-active openvpn-server@tun0.service; then
|
if systemctl -q is-active openvpn-server@tun0.service; then
|
||||||
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
|
systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
|
||||||
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
|
systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
|
||||||
|
|
@ -581,8 +633,9 @@ fi
|
||||||
echo 'Glorytun UDP'
|
echo 'Glorytun UDP'
|
||||||
# Install Glorytun UDP
|
# Install Glorytun UDP
|
||||||
if systemctl -q is-active glorytun-udp@tun0.service; then
|
if systemctl -q is-active glorytun-udp@tun0.service; then
|
||||||
systemctl -q stop glorytun-udp@* > /dev/null 2>&1
|
systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
|
apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
|
||||||
|
|
@ -615,6 +668,10 @@ systemctl enable glorytun-udp@tun0.service
|
||||||
systemctl enable systemd-networkd.service
|
systemctl enable systemd-networkd.service
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/glorytun-udp
|
rm -rf /tmp/glorytun-udp
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun
|
||||||
|
GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
|
||||||
|
fi
|
||||||
|
|
||||||
# Add chrony for time sync
|
# Add chrony for time sync
|
||||||
apt-get install -y chrony
|
apt-get install -y chrony
|
||||||
|
|
@ -627,6 +684,7 @@ if [ "$DSVPN" = "yes" ]; then
|
||||||
systemctl -q disable dsvpn-server > /dev/null 2>&1
|
systemctl -q disable dsvpn-server > /dev/null 2>&1
|
||||||
systemctl -q stop dsvpn-server > /dev/null 2>&1
|
systemctl -q stop dsvpn-server > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
rm -f /var/lib/dpkg/lock
|
rm -f /var/lib/dpkg/lock
|
||||||
rm -f /var/lib/dpkg/lock-frontend
|
rm -f /var/lib/dpkg/lock-frontend
|
||||||
apt-get install -y --no-install-recommends build-essential git ca-certificates
|
apt-get install -y --no-install-recommends build-essential git ca-certificates
|
||||||
|
|
@ -655,12 +713,17 @@ if [ "$DSVPN" = "yes" ]; then
|
||||||
systemctl enable dsvpn-server@dsvpn0.service
|
systemctl enable dsvpn-server@dsvpn0.service
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/dsvpn
|
rm -rf /tmp/dsvpn
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn
|
||||||
|
DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Install Glorytun TCP
|
# Install Glorytun TCP
|
||||||
if systemctl -q is-active glorytun-tcp@tun0.service; then
|
if systemctl -q is-active glorytun-tcp@tun0.service; then
|
||||||
systemctl -q stop glorytun-tcp@* > /dev/null 2>&1
|
systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
if [ "$SOURCES" = "yes" ]; then
|
||||||
if [ "$ID" = "debian" ]; then
|
if [ "$ID" = "debian" ]; then
|
||||||
if [ "$VERSION_ID" = "9" ]; then
|
if [ "$VERSION_ID" = "9" ]; then
|
||||||
apt -t stretch-backports -y install libsodium-dev
|
apt -t stretch-backports -y install libsodium-dev
|
||||||
|
|
@ -695,9 +758,14 @@ if [ "$update" = "0" ]; then
|
||||||
echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
|
echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
|
||||||
fi
|
fi
|
||||||
systemctl enable glorytun-tcp@tun0.service
|
systemctl enable glorytun-tcp@tun0.service
|
||||||
systemctl enable systemd-networkd.service
|
#systemctl enable systemd-networkd.service
|
||||||
cd /tmp
|
cd /tmp
|
||||||
rm -rf /tmp/glorytun-0.0.35
|
rm -rf /tmp/glorytun-0.0.35
|
||||||
|
else
|
||||||
|
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Load tun module at boot time
|
# Load tun module at boot time
|
||||||
if ! grep -q tun /etc/modules ; then
|
if ! grep -q tun /etc/modules ; then
|
||||||
|
|
@ -772,7 +840,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
|
||||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||||
fi
|
fi
|
||||||
if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]); then
|
if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "20.04" ]); then
|
||||||
sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
|
sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
|
||||||
sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
|
sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf
|
||||||
sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
|
sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
|
||||||
|
|
@ -874,7 +942,7 @@ if [ "$update" = "0" ]; then
|
||||||
echo ' /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\'
|
echo ' /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\'
|
||||||
echo '------------------------------------------------------------------------------------'
|
echo '------------------------------------------------------------------------------------'
|
||||||
echo ' After reboot, check with uname -a that the kernel name contain mptcp.'
|
echo ' After reboot, check with uname -a that the kernel name contain mptcp.'
|
||||||
echo ' Else, you may have to modify GRUB_DEFAULT in /etc/defaut/grub'
|
echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub'
|
||||||
echo '===================================================================================='
|
echo '===================================================================================='
|
||||||
|
|
||||||
# Save info in file
|
# Save info in file
|
||||||
|
|
@ -926,14 +994,14 @@ else
|
||||||
if [ "$DSVPN" = "yes" ]; then
|
if [ "$DSVPN" = "yes" ]; then
|
||||||
echo 'Restarting dsvpn...'
|
echo 'Restarting dsvpn...'
|
||||||
systemctl -q start dsvpn-server@dsvpn0 || true
|
systemctl -q start dsvpn-server@dsvpn0 || true
|
||||||
systemctl -q restart dsvpn-server@* || true
|
systemctl -q restart 'dsvpn-server@*' || true
|
||||||
echo 'done'
|
echo 'done'
|
||||||
fi
|
fi
|
||||||
echo 'Restarting glorytun...'
|
echo 'Restarting glorytun...'
|
||||||
systemctl -q start glorytun-tcp@tun0 || true
|
systemctl -q start glorytun-tcp@tun0 || true
|
||||||
systemctl -q restart glorytun-tcp@* || true
|
systemctl -q restart 'glorytun-tcp@*' || true
|
||||||
systemctl -q start glorytun-udp@tun0 || true
|
systemctl -q start glorytun-udp@tun0 || true
|
||||||
systemctl -q restart glorytun-udp@* || true
|
systemctl -q restart 'glorytun-udp@*' || true
|
||||||
echo 'done'
|
echo 'done'
|
||||||
echo 'Restarting omr6in4...'
|
echo 'Restarting omr6in4...'
|
||||||
systemctl -q start omr6in4@user0 || true
|
systemctl -q start omr6in4@user0 || true
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,13 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
[ ! -f $(readlink -f "$1") ] && exit 1
|
||||||
. "$(readlink -f "$1")"
|
. "$(readlink -f "$1")"
|
||||||
|
|
||||||
INTF=gt-${DEV}
|
INTF=gt-${DEV}
|
||||||
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
|
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
|
||||||
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
|
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
|
||||||
|
while [ -z "$(ip link show $INTF)" ]; do
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
||||||
ip link set dev ${INTF} up 2>&1 >/dev/null
|
ip link set dev ${INTF} up 2>&1 >/dev/null
|
||||||
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,13 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
[ ! -f $(readlink -f "$1") ] && exit 1
|
||||||
. "$(readlink -f "$1")"
|
. "$(readlink -f "$1")"
|
||||||
|
|
||||||
INTF=gt-udp-${DEV}
|
INTF=gt-udp-${DEV}
|
||||||
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
|
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
|
||||||
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
|
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
|
||||||
|
while [ -z "$(ip link show $INTF)" ]; do
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
|
||||||
ip link set dev ${INTF} up 2>&1 >/dev/null
|
ip link set dev ${INTF} up 2>&1 >/dev/null
|
||||||
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
|
||||||
|
|
|
||||||
31
omr-service
31
omr-service
|
|
@ -6,9 +6,9 @@ _multipath() {
|
||||||
source /etc/shorewall/params.net
|
source /etc/shorewall/params.net
|
||||||
for intf in `ls -1 /sys/class/net`; do
|
for intf in `ls -1 /sys/class/net`; do
|
||||||
if [ "$intf" = "$NET_IFACE" ]; then
|
if [ "$intf" = "$NET_IFACE" ]; then
|
||||||
multipath $intf on
|
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
|
||||||
else
|
else
|
||||||
multipath $intf off
|
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
@ -16,30 +16,45 @@ _multipath() {
|
||||||
_glorytun_udp() {
|
_glorytun_udp() {
|
||||||
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
|
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
|
||||||
logger -t "OMR-Service" "Restart Glorytun-UDP"
|
logger -t "OMR-Service" "Restart Glorytun-UDP"
|
||||||
systemctl -q restart glorytun-udp@*
|
systemctl -q restart 'glorytun-udp@*'
|
||||||
}
|
}
|
||||||
for intf in /etc/glorytun-udp/*; do
|
for intf in /etc/glorytun-udp/tun*; do
|
||||||
/etc/glorytun-udp/post.sh /etc/glorytun-udp/${intf}
|
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
_glorytun_tcp() {
|
_glorytun_tcp() {
|
||||||
for intf in /etc/glorytun-tcp/*; do
|
for intf in /etc/glorytun-tcp/tun*; do
|
||||||
/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/${intf}
|
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
_omr_api() {
|
_omr_api() {
|
||||||
[ -z "$(curl -s -k -m 1 https://127.0.0.1:65500/)" ] && {
|
[ -z "$(curl -s -k -m 3 https://127.0.0.1:65500/)" ] && {
|
||||||
logger -t "OMR-Service" "Restart OMR-Admin"
|
logger -t "OMR-Service" "Restart OMR-Admin"
|
||||||
systemctl -q restart omr-admin
|
systemctl -q restart omr-admin
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_lan_route() {
|
||||||
|
cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
|
||||||
|
while IFS=$"\n" read -r c; do
|
||||||
|
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
|
||||||
|
if [ -n "$vpnremoteip" ]; then
|
||||||
|
echo "$c" | jq -c '.lanips //empty' |
|
||||||
|
while IFS=$"\n" read -r d; do
|
||||||
|
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
|
||||||
|
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
_glorytun_udp
|
_glorytun_udp
|
||||||
_glorytun_tcp
|
_glorytun_tcp
|
||||||
_multipath
|
_multipath
|
||||||
_omr_api
|
_omr_api
|
||||||
|
_lan_route
|
||||||
sleep 10
|
sleep 10
|
||||||
done
|
done
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.s
|
||||||
Type=simple
|
Type=simple
|
||||||
Restart=always
|
Restart=always
|
||||||
ExecStart=/usr/local/bin/omr-service
|
ExecStart=/usr/local/bin/omr-service
|
||||||
ExecStop=/usr/local/bin/omr-service stop
|
KillSignal=9
|
||||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
||||||
Binary file not shown.
|
|
@ -8,7 +8,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||||
LimitNOFILE=99999
|
LimitNOFILE=99999
|
||||||
LimitNPROC=99999
|
LimitNPROC=99999
|
||||||
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
|
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,10 @@
|
||||||
# max open files
|
# max open files
|
||||||
fs.file-max = 512000
|
fs.file-max = 512000
|
||||||
# max read buffer
|
# max read buffer
|
||||||
net.core.rmem_max = 150000000
|
net.core.rmem_max = 67108864
|
||||||
# max write buffer
|
# max write buffer
|
||||||
net.core.wmem_max = 75000000
|
net.core.wmem_max = 67108864
|
||||||
net.core.optmem_max = 75000000
|
net.core.optmem_max = 33554432
|
||||||
# default read buffer
|
# default read buffer
|
||||||
net.core.rmem_default = 131072
|
net.core.rmem_default = 131072
|
||||||
# default write buffer
|
# default write buffer
|
||||||
|
|
@ -28,19 +28,19 @@ net.ipv4.tcp_keepalive_time = 7200
|
||||||
# outbound port range
|
# outbound port range
|
||||||
net.ipv4.ip_local_port_range = 9999 65000
|
net.ipv4.ip_local_port_range = 9999 65000
|
||||||
# max SYN backlog
|
# max SYN backlog
|
||||||
net.ipv4.tcp_max_syn_backlog = 4096
|
net.ipv4.tcp_max_syn_backlog = 10240
|
||||||
# max timewait sockets held by system simultaneously
|
# max timewait sockets held by system simultaneously
|
||||||
net.ipv4.tcp_max_tw_buckets = 10000
|
net.ipv4.tcp_max_tw_buckets = 10000
|
||||||
# turn on TCP Fast Open on both client and server side
|
# turn on TCP Fast Open on both client and server side
|
||||||
net.ipv4.tcp_fastopen = 3
|
net.ipv4.tcp_fastopen = 3
|
||||||
# TCP buffer
|
# TCP buffer
|
||||||
net.ipv4.tcp_mem = 768174 75000000 150000000
|
net.ipv4.tcp_mem = 8092 131072 67108864
|
||||||
# UDP buffer
|
# UDP buffer
|
||||||
net.ipv4.udp_mem = 768174 75000000 150000000
|
net.ipv4.udp_mem = 8092 131072 67108864
|
||||||
# TCP receive buffer
|
# TCP receive buffer
|
||||||
net.ipv4.tcp_rmem = 4096 524288 75000000
|
net.ipv4.tcp_rmem = 4096 87380 33554432
|
||||||
# TCP write buffer
|
# TCP write buffer
|
||||||
net.ipv4.tcp_wmem = 4096 524288 75000000
|
net.ipv4.tcp_wmem = 4096 65536 33554432
|
||||||
# turn on path MTU discovery
|
# turn on path MTU discovery
|
||||||
net.ipv4.tcp_mtu_probing = 0
|
net.ipv4.tcp_mtu_probing = 0
|
||||||
|
|
||||||
|
|
@ -54,5 +54,5 @@ net.ipv4.conf.all.log_martians = 0
|
||||||
|
|
||||||
# MPTCP settings
|
# MPTCP settings
|
||||||
net.mptcp.mptcp_checksum = 0
|
net.mptcp.mptcp_checksum = 0
|
||||||
net.mptcp.mptcp_syn_retries = 1
|
net.mptcp.mptcp_syn_retries = 2
|
||||||
net.ipv4.tcp_ecn=1
|
net.ipv4.tcp_ecn=1
|
||||||
|
|
@ -18,4 +18,4 @@
|
||||||
MASQUERADE fe80::/10,\
|
MASQUERADE fe80::/10,\
|
||||||
fd00::/8 $NET_IFACE
|
fd00::/8 $NET_IFACE
|
||||||
# SNAT from VPN server for all VPN clients
|
# SNAT from VPN server for all VPN clients
|
||||||
SNAT(fe80::a00:1) ::/0 omr-6in4-user+
|
#SNAT(fe80::a00:1) ::/0 omr-6in4-user+
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,4 @@ DEV=tun0
|
||||||
SERVER=true
|
SERVER=true
|
||||||
MPTCP=true
|
MPTCP=true
|
||||||
IPV6=true
|
IPV6=true
|
||||||
OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
|
OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
|
||||||
Loading…
Reference in a new issue