From 3ba380d2fee4a51efead3500260320e7f0e88022 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 30 Oct 2020 14:21:28 +0000
Subject: [PATCH 001/164] Check if Glorytun TCP client side answer, else
 restart it

---
 omr-service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/omr-service b/omr-service
index 568ce7b..114c1b8 100755
--- a/omr-service
+++ b/omr-service
@@ -27,6 +27,12 @@ _glorytun_tcp() {
 	for intf in /etc/glorytun-tcp/tun*; do
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
+	if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
+			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
+			systemctl restart glorytun-tcp@tun0
+		fi
+	fi
 }
 
 _omr_api() {

From ef69f2bfecc5e26043059b81472463f7dc94f4b6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 31 Oct 2020 11:52:02 +0000
Subject: [PATCH 002/164] Increase MLVPN reorder buffer size

---
 mlvpn0.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mlvpn0.conf b/mlvpn0.conf
index 711c84d..cc24e47 100644
--- a/mlvpn0.conf
+++ b/mlvpn0.conf
@@ -5,7 +5,7 @@ interface_name = "mlvpn0"
 timeout = 30
 password = "MLVPN_PASS"
 reorder_buffer = yes
-reorder_buffer_size = 64
+reorder_buffer_size = 128
 loss_tolerence = 50
 
 [wan1]

From f4beb2f5a59c87f04b838fae244286dca6da822d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 31 Oct 2020 11:53:25 +0000
Subject: [PATCH 003/164] Increase version

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 812dcb2..3e4ada9 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1019"
+OMR_VERSION="0.1020"
 
 DIR=$( pwd )
 #"

From 68211f2033de3c476947167d7a4b6082e1138d48 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 3 Nov 2020 16:45:29 +0000
Subject: [PATCH 004/164] Fix on current-vpn file doesn't exist

---
 debian9-x86_64.sh | 1 +
 omr-service       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3e4ada9..3f1b13b 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -389,6 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	pip3 -q install fastapi netjsonconfig python-multipart -U
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
+	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
diff --git a/omr-service b/omr-service
index 114c1b8..38002d3 100755
--- a/omr-service
+++ b/omr-service
@@ -27,7 +27,7 @@ _glorytun_tcp() {
 	for intf in /etc/glorytun-tcp/tun*; do
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
-	if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
 		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0

From 9b47f9b25b005e973dc7192112724139dddc1c41 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 3 Nov 2020 16:47:24 +0000
Subject: [PATCH 005/164] Fix IPv6 ULA problem

---
 omr-6in4-run | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-6in4-run b/omr-6in4-run
index faf15cb..ea5faad 100755
--- a/omr-6in4-run
+++ b/omr-6in4-run
@@ -16,7 +16,7 @@ if [ "$1" = "start" ]; then
         ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
         ip -6 addr add ${LOCALIP6} dev ${DEV}
         ip link set ${DEV} up
-        [ -n "$ULA" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
+        [ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
 fi
 if [ "$1" = "stop" ]; then
         ip tunnel del ${DEV}

From d068d1475148216d068aa1ef52f8e274f177f3e8 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 3 Nov 2020 16:47:41 +0000
Subject: [PATCH 006/164] Fix on current-vpn file doesn't exist

---
 debian9-x86_64.sh | 1 +
 omr-service       | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8e83633..bd7a38c 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -389,6 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	pip3 -q install fastapi netjsonconfig python-multipart -U
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
+	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
diff --git a/omr-service b/omr-service
index 114c1b8..38002d3 100755
--- a/omr-service
+++ b/omr-service
@@ -27,7 +27,7 @@ _glorytun_tcp() {
 	for intf in /etc/glorytun-tcp/tun*; do
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
-	if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
 		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0

From 5cb79c7f77e03fc9152a6d995905ea69d5a7b770 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 3 Nov 2020 17:09:08 +0000
Subject: [PATCH 007/164] Use latest API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bd7a38c..9aa5197 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="8d0706e8c234f9a0eaa88ace6d58c2d0f45156cf"
+OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 #V2RAY_VERSION="v1.1.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From ec22ebbf04d61d9f8e78e9e3f6240e929c5e1735 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 6 Nov 2020 16:29:47 +0000
Subject: [PATCH 008/164] Update server kernel

---
 debian9-x86_64.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 9aa5197..d0ac75c 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -32,8 +32,8 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.65"
-KERNEL_PACKAGE_VERSION="1.13+9d3f35b"
+KERNEL_VERSION="5.4.74"
+KERNEL_PACKAGE_VERSION="1.14+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
@@ -195,8 +195,8 @@ rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
 	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
 fi
 
 # Check if mptcp kernel is grub default kernel

From 521a620e99324fd98951737763fefc4b3ce5acf9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 6 Nov 2020 16:30:53 +0000
Subject: [PATCH 009/164] Update version

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e4a8043..d76c87e 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1020"
+OMR_VERSION="0.1021"
 
 DIR=$( pwd )
 #"

From 11eb98aa91cb9f43d8f4645eb33b46b79edf8f2b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 10 Nov 2020 07:53:07 +0000
Subject: [PATCH 010/164] Changes needed to work on AWS EC2 with Ubuntu

---
 debian9-x86_64.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index d0ac75c..4b6b45b 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -207,8 +207,10 @@ if [ "$LOCALFILES" = "no" ]; then
 else
 	cd ${DIR}
 fi
+rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
+sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
 
 echo "Install tracebox OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox

From c1e2859ff3ed4e733e667213205199ab1b21353f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 10 Nov 2020 07:53:59 +0000
Subject: [PATCH 011/164] Increase version number

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1a12d74..7ba12f8 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1021"
+OMR_VERSION="0.1022"
 
 DIR=$( pwd )
 #"

From f89e40f9d96a57c557384d165635d5d35b048a96 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 23 Nov 2020 15:42:15 +0000
Subject: [PATCH 012/164] Update glorytun UDP

---
 debian9-x86_64.sh | 4 +++-
 glorytun-udp-run  | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 4b6b45b..085a360 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -35,7 +35,7 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev
 KERNEL_VERSION="5.4.74"
 KERNEL_PACKAGE_VERSION="1.14+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77"
+GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
@@ -46,6 +46,7 @@ DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
+DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
@@ -413,6 +414,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
 			cd /etc/openmptcprouter-vps-admin
+			sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		fi
 		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
 		sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
diff --git a/glorytun-udp-run b/glorytun-udp-run
index d393056..9aeb930 100644
--- a/glorytun-udp-run
+++ b/glorytun-udp-run
@@ -12,8 +12,8 @@ fi
 DEV="gt${HOST:+c}-udp-$(basename "$1")"
 
 exec glorytun \
-	bind $BIND $BIND_PORT \
+	bind from addr $BIND port $BIND_PORT \
 	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
-	${HOST:+to "$HOST" "$PORT"} \
+	${HOST:+to addr "$HOST" port "$PORT"} \
 	${OPTIONS:+$OPTIONS}

From 3a0fde41b46e34824397bf15c9babe65b4839e6b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 23 Nov 2020 15:42:35 +0000
Subject: [PATCH 013/164] Add a check to not restart glorytun tcp too often

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 38002d3..a235ad0 100755
--- a/omr-service
+++ b/omr-service
@@ -28,7 +28,7 @@ _glorytun_tcp() {
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
 	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then
+		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0
 		fi

From e0fbb8faa9ba936cbd1b8b2c19a8c333bf236019 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 16 Dec 2020 15:44:13 +0000
Subject: [PATCH 014/164] Update API, kernel and add OpenVPN Bonding support

---
 debian9-x86_64.sh                |  47 +++++++++++++++++++++++++------
 omr-6in4-run                     |   2 +-
 omr-service                      |  18 ++++++++++--
 openmptcprouter-shorewall.tar.gz | Bin 4056 -> 4076 bytes
 shorewall4/interfaces            |   2 +-
 5 files changed, 57 insertions(+), 12 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 085a360..34dc176 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -15,7 +15,7 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
-UPDATE_OS=${UPDATE_OS:-yes}
+UPDATE_O7S=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
@@ -32,17 +32,17 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.74"
-KERNEL_PACKAGE_VERSION="1.14+9d3f35b"
+KERNEL_VERSION="5.4.81"
+KERNEL_PACKAGE_VERSION="1.15+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03"
+OMR_ADMIN_VERSION="595b55f7309b8b940b6599bb49c824376750860e"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
-#V2RAY_VERSION="v1.1.0"
+V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
@@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1018-test"
+OMR_VERSION="0.1023-test"
 
 DIR=$( pwd )
 #"
@@ -389,7 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
-	pip3 -q install fastapi netjsonconfig python-multipart -U
+	pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
@@ -563,7 +563,10 @@ if systemctl -q is-active v2ray.service; then
 fi
 
 if [ "$V2RAY" = "yes" ]; then
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
+	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
+	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
@@ -765,13 +768,37 @@ if [ "$OPENVPN" = "yes" ]; then
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 		wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
+		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
+		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
+		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
+		wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
+		wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
+		wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
+		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
+		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
 	else
 		cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
 		cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
+		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
+		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
+		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
+		cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
+		cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
+		cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
+		cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
+		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
+	systemctl enable openvpn@bonding1.service
+	systemctl enable openvpn@bonding2.service
+	systemctl enable openvpn@bonding3.service
+	systemctl enable openvpn@bonding4.service
+	systemctl enable openvpn@bonding5.service
+	systemctl enable openvpn@bonding6.service
+	systemctl enable openvpn@bonding7.service
+	systemctl enable openvpn@bonding8.service
 fi
 
 echo 'Glorytun UDP'
@@ -1039,6 +1066,10 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] &
 	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 fi
+if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ]; then
+	sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat
+fi
+
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
diff --git a/omr-6in4-run b/omr-6in4-run
index ea5faad..ae91dce 100755
--- a/omr-6in4-run
+++ b/omr-6in4-run
@@ -3,7 +3,7 @@
 set -e
 
 if [ ! -f "$2" ]; then
-        echo "usage: $(basename "$0") FILE"
+        echo "usage: $(basename "$0") start FILE"
         exit 1
 fi
 
diff --git a/omr-service b/omr-service
index a235ad0..d3c098f 100755
--- a/omr-service
+++ b/omr-service
@@ -62,9 +62,9 @@ _gre_tunnels() {
 		if [ -f "$intf" ]; then
 			. "$(readlink -f "$intf")"
 			iface="$(basename $intf)"
-			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then
+			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP
+				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
 				ip link set $iface up
 				ip addr add $LOCALIP dev $iface
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
@@ -73,7 +73,20 @@ _gre_tunnels() {
 	done
 }
 
+_openvpn_bonding() {
+	if [ "$(ip link show ovpnbonding1)" != "" ] && [ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ]; then
+		ip link set opvpnbonding1 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding2 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding3 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding4 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding5 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding6 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding7 master omr-bonding 2>&1 >/dev/null
+		ip link set opvpnbonding8 master omr-bonding 2>&1 >/dev/null
+	fi
+}
 
+ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
@@ -81,5 +94,6 @@ while true; do
 	_omr_api
 	_lan_route
 	_gre_tunnels
+	_openvpn_bonding
 	sleep 10
 done
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 5a984469460479c249eee19de9ccf473c2daf5e9..dbbaefbae4907faea3d9be6dd77f680a5a4cbb83 100644
GIT binary patch
delta 3895
zcmV-756JM?AM76;ABzY804v&G00ZqD?Q)~Y@&2Nxn6jO_-HP>TNs%2Qe|uTUn_Ot`
z3h3$So}TIH?ty_x;QMjtOn&+1aL@qgw%hawP&_uz;k<cv-fXwpjqcg`H;rbq-R*uu
z8V77s2FoaRLPEX?gCPDC-LCTgQ8=y~6Z0tu-DhVuBh@OYyYZwRrI`98wT}u?_Jfdk
z{zDMXo!AR};@k(zn7BaUf4LEqkod`q$b&a?Pf7f;aLLi!@kz$5nsGY<c0cqrW5iqJ
ztaAJ&P&wuWOV(75<4kRA2olGMl4)_AZfKUqiMnRMg-H)%Q!+U7R<?v;rSgOKKu-9v
zr41!Tmkg79`z^6;!Llvh7)TZ)ux)<Ct0HeRqKaT$KDo1n8(uole+N_NQrEaDhyRw-
z1=nmezHd~1aQ&(Gkk;>8`ex;ac(JM(PZnIOS*SKVYn^S@GkCKg@w|DFEB~=}an@Yt
z+&pg;n<N{;CTlO8tXJ%IyXS?9s$^ZsnrW-%W_{m{@4X<Z`ca{UXGJc$zO73Zi(;QZ
z%g+i`O<t8Yt45CRe-_%_>2`}%<t;)ZZ?WFmPNQ4wEmIwBtLe`RRh!-77+PD$K3*Gq
ztl7O-Rb<C6o&TO6yWxW~aie{BlkKp>|F;_FXXyXC?ek`<(`ljq@3tGI|9=Zu_x~T<
zFhalHt~E%Nn9h7LbBUap2<d}oC*b}`{2Wv>(;?v2AH2t9e@KHu4LAzH;wAJRpJMV(
zcu!g|{MA;Y*(Ucd5Fy;0K+ARJG_qJ2IA-2`=!7o>V@T+_BnlqlXD4+3LSBL;nLsEB
z-KiHrw7Fl#F7aXlp0yr?P=6l4Y<NM`(x18^6$8ziM<jTl7Xx)n6gP^XY~cEC=*)<|
zyq|d!sH}Jsf7g#(;zVSDxai59rfuzGL(HTh5CDNaRr4>z^`IPOr@hvyHB)H`$5R4*
z_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m97(nK*O>PA!!kr+Wa`F_H;bS`
zb+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zGe*{g(RKcu3u;NZ2n%OcIa?_{D
z;uPY>!_0Y%PDAJ+7kUH~KlOuXz6>9t(+Gxo;?kmCqw-<lbB}Q~UiyFLxQr&{kQRe)
zXC&Jx<}>(xwf?7gPoq!Od<@;{5@y6}a)WtTy$>MH_>WsCzP9TsVGpoyLT7%!*pIMl
z{nu)>e+%os#`$>}|K9|5t^b&P(D=khk@x7+==H$~J?DM~aUp(U(T(^n#7qcLE(>OI
zj8QyVK0dlp3?-B<twwxj4t4L{M+hs=5JrJ1SuP;wg&+@cc;?12jjVA%Fy4dzSwc|8
z=s1VWAeiSG0RC%AXzcN!y)Tp<4OZ@&W{WU*f6O$Iex;esC0=mMx%b@osgYb=3A}0b
znrDq#s{=8;fyYi#mc)hLy6X=gCe4fH_j%^zU7;se@e#6^Nf1uoGx@m)!?6=8pPi;*
zh^0s_)Qpz17?cE+?peAJL0@9#;<3zw@g`3WWH7D^-5Yw)nSLe;_2jsMa@?!x>^a=Z
zf2yF2MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#&PxCP7LcX3)B%3&)|Bwp
z@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<(lTGcR<w<B3HUz`i(uwW
zUJff`=l$Qt#{6$I%J}~#@EP}ib!sBzf4$%G-tVjTewi29|9#(M_Mn!efX{154s=bC
zg}c?Yq78^5-AGD$EstdD@@j0DRt4{9=Iatz^Q>L-f*|SE2HC^&HmU-a6l=Xg_KM6R
z8mC7dL_^c_*Em-64lPH2uo&mjP$GRzQM6lG9i)9T8bg;|NkrkH4}dSn(H}$lf4d}D
z97j2oas2-l!sYCckA5lai2v<&ySV=c$XjLne+&4G_-~+zd};VUg|qWA2lxZ$0MwK0
zJq7qmknR=BB5olO*~~<64_OXhq}L32Agg?um=J@vq<nqca8`%oh&QhBTF_LLW-m#(
zC6CtVhhQJL6)kHY-K&-_r<;k6f60FaxCt&jzBAuv_@dhRCL#<BZLC**FeTP|yrQfw
zpelc*$mUQIS4cxrpeJ$&S-s&EIfodlmca|xc^Xx^tz@c+f&X2M8B_3#-pF?+)O;7-
z<d@}wJuSjng^wDJE3*H=nR(N9m@%PNyArQ>vY>O50Y90zi<pS2nUfT)e`Gv(iCc?<
zROWLK;?_y1@{Z+ttS?Xcw`+1(>oPf18Qt?ADerp1?nYOE2+?_7#mo~}Z_pIQL7msd
z?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9T5}czQ+HaU4w4E^
z2X1rdw&}f%1|Nha1DP`ye=2klgfaOm>2@G1p>8*Na;Cv^6ij}JXj>m=LHH6ceG>R<
zy#!2|)U|FXiY{6fJyK!SZl`nB`Q1F0(@h?qP|q}n>2U6);jLDSiW7%|j@<<ja!OXV
zx@k-}5rFpLd72Iq2i)l*hB7iBx`)tWIt}SyP!>&O+HGH4T;#b=N@gCKO@4wW7J4kI
zJS=VSX(zJ2JV|e7vdyAZ%IXtTbdP32^|kY}Lqit7YnaI$M#iV}|7NS%?O^`j?wofz
z%@*eWt#+r}|M4c1=m#TzM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z
z(MN^G)t=({Z2xz+I4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{
zZd5shc1*n+P{IIZG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6FY``1C|2a?e{VDtOX
z`v$cA7IaXEvVRTwvLW3<%6~{DV95c7G=M)D=Ez|GN?a+h*nm}vWh>girZ<y8pJY|C
zhQsqKT$!k1as`VwOXgLxrv?nMvdb1lK<B{Pg;DoqMe5Z*IAI-<-um2)B6K{gi0*do
z9c6y>@=p=|JEEn37C+Eb<t`OMmteqh#0!OHvwOSA3Tv(Dh7Qs#$=Dz^U&D{aMt>8V
z_z}RbG|BG>_u?9$Diur6?Y_bf%ncUV>Ta!l`ySO}4y{H2!?(b0G@^nrX{68Llt3Sg
z>u4VANra=AOcMcUH8_*8eE)XF8#*qBB@@(z#eQEN*g9{24SPo?zu~1Q8y{C)d3o}i
zIphs#9Si0#kTh8bY_GnILMU-UxBhEvKe~aps4Ef}?n;WR(;ri^r~wMs)B?e9G;s_R
z$fZ(I`;eI<0c%V>y7&CcI{l#%va{@D7EGL3@e=8vdAejMy_CGZaKjneqiJb|M1_ZL
z6oWEgNkff)`3~D0O5i~#ee?tc<16#d#MbtXj?j<}<6J}-<UW|d7|g+<#vr7o0>)7%
zBZ@IFh8@5Z=vv4Yr9MAatey{R<D45x(MMNd;7lh@6thL}>1a8Nz1;N_7TjtOn=i1I
z$tDxUCU-sZXk49(su{YA9QLS!oIYFP5m?KQV`(f2tv7uOial-m9g~g<CJraRVbU6X
zgcDp&eEi$Vlfnvre|H2C{WQrBPP1@^CM*njS+z~U04JPq6%>A?k4(lxP$b^4!KJYx
zZKNxb#RS4kfhY_U)CPB{DPz3t$;d<riEL{qsd%>{MOt)zq5iUtH!+w55p`E2z}<8i
z0vsu1ne0@>WP!)zMZ8n_5ooy5in5h{(!u_0`XpJF%nYd+e^wGS7^=@hCP1AS<qYY|
zEpLc6(+}@xgNU?qAp{LnaQ0*MTGei$+YFfnD6A<%7l0@WOdp4R%sS&(Rux&5fRiN*
zQ%a0uHi%KdI+A99MI@rpf;7KUxt1i|HZ0p(i8w};lXq=Rn<i4Ua+*G^8(N076q;hG
z1L)25Wz&d<fBq5K;{qlEHMU{ovwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN
z$;X!Tla06jwXxOfHXuBYAw(K*CD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV
z{Wyk%-Ok>8OQ>j4M<cTn##y*deK!-%R8Na23Y9iff4qf;pPz`V$!r2KB9p&?CT2+x
z5>XT#Saxj*Sy!7LK8j?hpJ3#ylt4FRn5KH~s721`A0C_V*INI>+yQ4MRM2i@F`dQ?
zXN=P(jLn>;$t*yeKD+}Dz$-S)lN>3S)(XLreK1qWG+`~5bOxFz*oVODP;O?^_*OHn
zdFT~Ye`J+^mJH2ieMm1gRchf+uX-5YuG56(8oaxe<h&;M_H>C(J^UfpR^XU)To_@0
z(A_K93M*fddV$qE%$G8QUM+C)Wy!vp)k0@eAY0OG!M|E#wTjs+TdiZZE3oIj+%kwG
zdI#wm7sx!hg8>{9YyV<#&RxkC`tfuoZCq>pe?D7ejCk`pEk$Ey=jFEH|00MW<2<yC
zo%?^;{r~*_pLVC*|NkaXc>goq^MjdmedI*{T)Lq%b=@!A{?jdY{``S={-6&z$`nbS
zt?YWPLTl0IDpbump!1FRZ`wz+<-<|j*8M*m{dN>)umXp<T>djs9PR+3-<tx`EB;DW
ze`M<pIt^mvk7LQ;Mc|seZPTbV>do%yKPn)n*}VW<dmVQU_SR*nR)V@f)b|M)m-}P|
zjtWd>_M9A_o5MT+<D;EUpU`EG(xb{TQocJ$-wArpag7@Nt2cmU_WDm5zyCN8#ld3X
zP7k^bcvt*yofW_T&}x<6e|j5uZU1j4f0qm7Oyob#1DdTe1^6SU067~uz-vHXxEXi7
z-WP3(&2NTHt~YkjCEt6>uB#gq)dJ_F#x_prr=dQdQ(9w#HvNp$ZZ3>+gDm};)NTfh
za)XS0s%m$2+Wa!jcms$hhyMcPuJ`|&-QxQ{t!AfF#{ai~<Kl<!7+80D4k4@6e=A-U
zZ)MTSUNO+d)(Tn4eIk#Oeq|qHs;pKF949AVX!_dvmaq=E5&tW{|JUqne*dl8F7N-n
z34F%;e?Oy%l&}An+5fBAKXoDpNc)p-v!=l)`4}E4f~;<!(h&98x&CXs(+}{aFY;%v
zvZSxcc#9A1?3)4fqRd-MD4~QBAxbErgc3?9p@b4jD4~QBN+_X(5=!{$@Nb?dmh=F4
F002~+qw@d&

delta 3875
zcmV+;58UwVAJ`uqABzY8Cp>>&00ZqD?Q)~Y@&2Nxn3A2l-HP>TOOYKSf19l2&0T2k
z3h3$So}TIH?ty_x;QMjtOn&+1aL@$ko}JMnK=If*hx69ydF!lw*6g01f75KW&br-i
zNb`Vg%3vAAPDsc%VGzWhqT5yeJB6dl5iy^F(0z7hGg7OOh8s^BQHp6yQv0YNWj_ds
z=RXAD+=;!wC(eDajEM^rf1Vpb35lP)h&*^R_k_eR3zt;qj!!afwTxR8*!|Ggj1g~<
z)5_7CK;?)RELl@Ijx)8fAxIo2N~Xnex}jMbC+eC37bZQ7P08TQTiFtZmC6s^13Bi$
zmNt|WT{2Aa?YG3X1<SU0V<1_Kz_$4juZq0Qh$@10`Q*+PZg}ZHe;-VpOI_n?9R6EQ
z7hJ2^{JvTF!S$!!Lt4LY>6?`w;>D_FJXvt<R-xMPw0*i+&*061#PilguKdUP#c6Au
zbL+faY?5pUo2<QXvR<*<?VcAZs*-gjYo@K5oArG+zW0Kt=0}AVo))?2`nE1vEQ);s
zEk7+(HF;IqtQtAKe_LpKr`s)7mA43uyv2HJJI!vfw@h`kt)@RORBd&OV`yz1`*>~e
zv1a#TRgoRPbpCsO?1m4{#EtghO}4`h|KDz&wu}D1+b;e8o4~sN|KNrZ`t`GVlhlam
z%oj74$eD?dK6rKl?w`cZK`k>K0&e}mdt8PzDAa+Y5G-CofA8@rChvszqz%JgYd2eG
z<o*RBgqss+xz3zM77GK%%)1Yr@P%Lu30;>&!9)D)gzjI+ORyvp2qmFA^&*Hi_siHN
zUQEEVHi8i9&jXkZFNj+DQ#Yhypn3C%1P}CLppJ>+MiG<^T;C0y8PS*bGj9Tw6>sAD
zkxQJ2ED#qxf4S4Nt$l2WnKT3fAh4%u{)M<6l%wpl*V^?~DlOr7LZGkSIWe|BB*6kJ
zzK2G?keLImOKa9?7nmRj>tgsMhQx~_sUH6t)Bb)~hA50o-PrMF5mcz{74{I@SDvK0
z?|`1A3hljfKKfZxB|?a-T9VP{1w2R4bW9b@3Ir?ee;A^fEn^`!eVQyzAZ|R&oX6-S
zgdTFCM?motKZxeb@F6;hV5lc9E$THZ9~M6M7}w&Z|7VWNXi^SoG5B^yvYlc+gWp%{
ze~R}s`c%!w(5)?DMr@P&#gV0i-vcb1(3u}F_9N_C|Fzp^h4|k*KW~=t|1DtG`j6QM
zjZb_Oe|e8Sjb0y|&~xr*5EtSn7Tt*NLd=8^<+5NV#~8(<<>R9p#ZW@&(rUza=1}+E
zeT1;`3}F<QlH~$&UI_9Khi7ga)5sbJ1mnHuKQ19CV|1KDW)RGC4FLZ&B{cT<(B2oy
zjs`1tO|wN9JZ73mztYU+5-&LB+<R{P)J(3fe+1sNdacuDz1@MB-o#@kDNEu)Z{78W
z50lnK>-#)&@~+U6tM~|6%p?e>@0t8ugyGl;mCsJoFvL<M7ivb!Sqw^oO7|>Xh@dYq
zbMaW_!FZD=2QnDfh3*YK=uAHog?e&aK{@VKb@m)?WmQndqC}Wk)uBN}6vU;kJtzL3
ze_%Bbhm*0x|3d`m7T15B&S~lY-vYAKmO8+%-I@~K8s5U|?wtSUoAdv?y#MniaHE?x
zFN#L5MH2z~zg5vj#s;=sL0aZ3*owAUt`UFtun1<}<mIq3cHaMOZp{B?vyA_50-tgJ
zSEnXY-uo@@{l0qdmwA!>-}gOY4{AvYfB3wX<UrRHS-4wWE82i4(v75~*YZfVF0aOh
zX;tu!XTC0hHP6~LF9?!uZIC@YZ=)(;NwL-|WUt69qH%iUK{PZye~n{B@8ELu2a9nY
z4JFdo6h*t0)j`@fqcL>Zl|&RC`T+QH9Q`q*ze|F}ag<XT$Nz63T+R;p=$FEdfB1iP
zc2?Z~1LW;8{=Wr$M*KI>M7}iqpTOC9nFIWRa{%f|_MQTKB}n&*Wf8ZKh-_vexQ8r<
zFVbs<JdjmBO-zWvTT;G0Za8beal{+fcr9qEO0$=w+>%FY^h2-@+=`a9kM32=m($He
zN94Z)+ys{%-<j_-d{OOu6A=c6e>T=DKbR8hJzh~(7f_YIQe<-|i7TWbDbN!+gsk51
zikw4?Rm<Ro>pYDr-BvQy#K8Y9#*8U=MsMW16KcK-Z}Q7>!JZc3tinePM-|!s;LN<~
zJIt6+t6hm#JXz4W$$+0s+(k@8)yzqXRx%#E#I40aD)TuAaqA>hdB<`+f7X}B{o6G;
ztaX_js*LXWkCb;KVRxgeK!oT#uVUs2tT$+i;-Jp!;&!OAi+8Gu7zT?1)9Sr5t<paK
zSKzz#I=XMN2;C3hWtfYc1qu1ROKZ-8VCqim)In0g>A-Cc-8Q|q(cpuyWFT|qLWM4Z
zFeZN`-40|W)a^!3&NO(Ae}c&`5pC<^EC^rXrB4EXt(Sl)le*RoMbSmeqDLyM*6nmo
zJO43{<#dzBC)6{|VLF_9X?VNcrsBk*pksGIgq)I<t!^3<P6VKRc%G(%!~u7@h@p%O
zi0&b@m`+1F7?ec|nRd@EE-v!iCo>PtCO^Rw3q2B59+o!vv=dohI3B0BGudX*8fEnf
zD!NBAq59hS*`Xne-*wF74kP2!`G2e3>UJ>yKRxfBcFwy%*J_`2I%WR<7L)o1BY#!K
zZ{+w3=MggdSrmZNo_Ri;$K)xF7nhC3^Ye3kRSi5rW6tQKLgVUB@qD)byIUNW_*9cv
zgeM04jtSoAkqG2Y<ccV8ChlEs1rjmC8tb;CLP92qy*oFm96~#$-VG>WfHE4WDT9i4
z`&Z~jGOjdJw(feZ11bWb!>|lcpMU-9pz{OC=pC^6edv7y+I|Z<C`8%627TF(ZXxAA
zq!O^?07DwUpA2(kuzw}46j*G)D#fxDZD7-z$)HcNDp|wf`4z5AR57`N#hWGbs@YQm
zhFIBUn<AidVC}-F`?4bS8Xugn0ZDIT?nV(h9#%wmJNK%YAHDojg#W6v)PLd!nyTET
zLg*3<SdMt1&}?>ZH(6n=HQmrbx+NJK#O7=G(b(v3ViP|C_?0I49pPSF2UMkE3A)`^
z_<^~>B3s?9wQt{}dc>jC2w?aY*o{V1FeZ)kIh+#cV{skLgFT6G6q9Kp0IddRGM4Y(
z&Uiz|<*;Oey0F;q%L7~It$$&!di)z+in8%>)s>gWznMeckk+wa4g*P(b-?x-%P52r
zCv+RX#`dEdc#DQ2f#I&C$U6NoC5sxMa7`@`3`Y~kK!IE;6}1nUITEnOG@^UYziiMS
zDj_?|PG-TxnH4XQ4w|P+hSE#P8w)p_p*@<GW=K?c=teOp1C}(@n1AoE&7lMygwjV(
zP%yqS?@VlMuUbVzI*fA>VUYV^0%I@-iyDKFnhF?4gN!J~z!-J_Q=n@hTa^0zSh0FO
ztc`PSC`DJV!oZnMoG50C;FHmE7JIqtDJ;0vAU0oMEt5?qicRi%<k7e~7gaNK7ddRT
zf}B2EVim0A$FVe))(D%v1;w5={Rfkw3MLN6zhTlEeS{NSPJH~^@srgGe}7knh<=jf
z2PauLLlYK;ysX-$V1N@&xC#nC(nluaAt(}W*x=Gwkv7s5$zlRwra%;i32KA8)RZya
z_GDzDghaMAlvKQ1ks>WRzfgZ!$D0^Tf{3~+65wvS3;~W5vP^cWVzR(v@*>`;{0KB$
zX+_yeKj~n9Hhq#TOJ;`D41X&L8VuFvArqiZjB<wb<(4-@o9Tylv_VALxe$T|DmeSG
zdaY`=&~1jy0u<Jip$kBi1*VU~K4zV9B&&+7O2EkyhAAb+F&o6FU>!*_z#<aSXhE7^
zsa#8vZX1?utwbE5%E`O7rcDzmS~*Rh)(tJgS_)0E)B*J7`m$-nLx2B>>~R4Tfg0N|
z@>xHi9k3Fx#<8yIB5MlkMB5zq`|?k{UyuOYqfB2vpyXpq`pL#y|JvB<b(;{L#}Fb7
zxRPw6FW@G9N{FusjO3rCUUPMB=Vp^i^FZo@Swk@glztpT!ft18z9m#NsiTqE3F9nW
zr@osBXR4<~6opEgDSzHV!_QAd)?_w;7?H`}Koheh2#F|)4lKL2gsiJg4<AJ`)K4&S
zR!X27GE7swS8bD1`iI9B{I%ErFn7S22^F*(Sxl!f!x`hW31c&-X)+5Crw{MI1MrFs
z^CU+KrnN$_WFO2_GEG>^C7ppL3icuJI+UB)G``i0YaV(<6@OXfpCv=HSs&6%O_kdC
z)2kiEx9c>axd!iUB{{DNzCB%{QxAX0wG}uf9T!H}A9VLhw!+Gnq+Vb(5A&tWpjQi=
zd|9%uX0_1S6v&n|Tkx;eSgm3<%U0`{?F#I<FSiWhh~7cE#sxA@?qC4N#M-}DoO4&Q
zg?>DpNgLN%zkkmb86)1jPD|04*?GBb_<sl@$T$xzW9R-~cK<)W|L3ez?*D%iD7^of
z?)kw?x-oL1e=gn7nY!*5ZvW|)JAeMbJAcrJR5L}AXDhp&tI%5Xxe8Tt4(NO%{+IR<
zZTWB%w{`yyN536~8LYrzE|>p|6o)&2==Y|8^oqZd6@S^fgHD4O`QunJcoDcJZ`(BM
z%|@$x@{bD0X>~6Eceai@2Yc%>R69XkAnN;sjLUtp0!IZVGkZ>s&&^>Tfbr2zr%&jz
zN9j@J2r1tkr|$&4=eTB_{xzDwGJE}}jNgA8h~i+eaHj{|2D~f&w@-`Te`v#58UNn`
zUfciM$$#YnITQJ>^MF>nOacDLDL~Ff4)7Y#7jDK~ulGfpV)L6}lk1HgbjkOgvg_Ig
zMXkU&sj-by`e~@o=akmipiMs`wVMm0+#pN8CbgRZqud~4pQ_qjoi@KrGu{B=$>F~M
zx$FJ^R=4>6PrFs_|9cxaDt`Emfpw?n5VBgk;(t}~Ru--76$5Q-t&o-6C-OMySN1Wc
z%4)^HadPs7rmwAU3G09x@xSu>f342u_usl_<^8`mfzNpV?`JfT^7a2R`+qh2r%vPm
zX@Bx<)-)I;AHyR>kkt)T8lpZs*ME(7`T@T5MgHtnmh?3lZ}H(Q`(^;WDD&15N+_X(
l5+F(_p@b4jD4~QBN+_X(5=tncgc80w{2Q_uZ#@8b005%qpnCuS

diff --git a/shorewall4/interfaces b/shorewall4/interfaces
index 2f3e3ac..715e62b 100644
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@@ -21,4 +21,4 @@ vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
-
+vpn	omr-bonding	nosmurfs,tcpflags

From 9c66b1ba5fed86f6d8b5143b3817949c6f4a698b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 17 Dec 2020 15:48:26 +0000
Subject: [PATCH 015/164] Fix OpenVPN Bonding

---
 omr-service | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/omr-service b/omr-service
index d3c098f..9e17665 100755
--- a/omr-service
+++ b/omr-service
@@ -74,18 +74,32 @@ _gre_tunnels() {
 }
 
 _openvpn_bonding() {
-	if [ "$(ip link show ovpnbonding1)" != "" ] && [ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ]; then
-		ip link set opvpnbonding1 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding2 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding3 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding4 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding5 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding6 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding7 master omr-bonding 2>&1 >/dev/null
-		ip link set opvpnbonding8 master omr-bonding 2>&1 >/dev/null
+	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE)" != "8" ]); then
+		echo 0 > /sys/class/net/omr-bonding/bonding/mode
+		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding1 up
+		ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding2 up
+		ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding3 up
+		ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding4 up
+		ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding5 up
+		ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding6 up
+		ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding7 up
+		ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
+		ip link set ovpnbonding8 up
+		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
+		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
+		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
+		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null
 	fi
 }
 
+modprobe bonding 2>&1 >/dev/null
 ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp

From f5fc2cbc31e09c0fb40c3533fa345574345c15ba Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 21 Dec 2020 14:19:12 +0000
Subject: [PATCH 016/164] Update API and load BBRv2 module

---
 debian9-x86_64.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 34dc176..eb73d72 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="595b55f7309b8b940b6599bb49c824376750860e"
+OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
@@ -319,6 +319,10 @@ fi
 if ! grep -q bbr /etc/modules ; then
 	echo tcp_bbr >> /etc/modules
 fi
+# Load BBRv2 Congestion module at boot time
+if ! grep -q bbr2 /etc/modules ; then
+	echo tcp_bbr2 >> /etc/modules
+fi
 # Load mctcpdesync Congestion module at boot time
 if ! grep -q mctcp_desync /etc/modules ; then
 	echo mctcp_desync >> /etc/modules

From deb52dba7fea224e9f8eac159d0481b70297f4bb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Dec 2020 09:10:45 +0000
Subject: [PATCH 017/164] Fix for v2ray, for openvpn bonding and on some vps

---
 debian9-x86_64.sh |  4 +++-
 omr-service       | 12 +++++++-----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index eb73d72..8be8496 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -568,6 +568,7 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
+	rm -f /etc/systemd/system/v2ray.service
 	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
 	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
@@ -577,6 +578,7 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	systemctl daemon-reload
 	systemctl enable v2ray.service
 fi
 
@@ -1070,7 +1072,7 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] &
 	sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 	sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf
 fi
-if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ]; then
+if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then
 	sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat
 fi
 
diff --git a/omr-service b/omr-service
index 9e17665..1aa788f 100755
--- a/omr-service
+++ b/omr-service
@@ -5,10 +5,12 @@ _multipath() {
 	# Force multipath status
 	source /etc/shorewall/params.net
 	for intf in `ls -1 /sys/class/net`; do
-		if [ "$intf" = "$NET_IFACE" ]; then
-			[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
-		else
-			[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
+		if [ "$intf" != "bonding_masters" ]; then
+			if [ "$intf" = "$NET_IFACE" ]; then
+				[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
+			else
+				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
+			fi
 		fi
 	done
 }
@@ -74,7 +76,7 @@ _gre_tunnels() {
 }
 
 _openvpn_bonding() {
-	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE)" != "8" ]); then
+	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
 		echo 0 > /sys/class/net/omr-bonding/bonding/mode
 		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
 		ip link set ovpnbonding1 up

From 19166a0c58cfcc4eb1632412436789669dcb3f43 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Dec 2020 10:59:19 +0000
Subject: [PATCH 018/164] Fix v2ray update

---
 debian9-x86_64.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1e8a1d3..18fcc3e 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -568,7 +568,6 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	rm -f /etc/systemd/system/v2ray.service
 	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
 	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
@@ -578,6 +577,9 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
+		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
+	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
 fi

From c0a99de20c167332f1435106e30324f498dcb7c9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Dec 2020 11:32:08 +0000
Subject: [PATCH 019/164] Add openvpn-bonding

---
 openvpn-bonding1.conf | 17 +++++++++++++++++
 openvpn-bonding2.conf | 17 +++++++++++++++++
 openvpn-bonding3.conf | 17 +++++++++++++++++
 openvpn-bonding4.conf | 17 +++++++++++++++++
 openvpn-bonding5.conf | 17 +++++++++++++++++
 openvpn-bonding6.conf | 17 +++++++++++++++++
 openvpn-bonding7.conf | 17 +++++++++++++++++
 openvpn-bonding8.conf | 17 +++++++++++++++++
 8 files changed, 136 insertions(+)
 create mode 100644 openvpn-bonding1.conf
 create mode 100644 openvpn-bonding2.conf
 create mode 100644 openvpn-bonding3.conf
 create mode 100644 openvpn-bonding4.conf
 create mode 100644 openvpn-bonding5.conf
 create mode 100644 openvpn-bonding6.conf
 create mode 100644 openvpn-bonding7.conf
 create mode 100644 openvpn-bonding8.conf

diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf
new file mode 100644
index 0000000..d675d34
--- /dev/null
+++ b/openvpn-bonding1.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding1
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65351
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf
new file mode 100644
index 0000000..8920940
--- /dev/null
+++ b/openvpn-bonding2.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding2
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65352
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf
new file mode 100644
index 0000000..b04099e
--- /dev/null
+++ b/openvpn-bonding3.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding3
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65353
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf
new file mode 100644
index 0000000..d977b4e
--- /dev/null
+++ b/openvpn-bonding4.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding4
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65354
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf
new file mode 100644
index 0000000..e5866b4
--- /dev/null
+++ b/openvpn-bonding5.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding5
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65355
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf
new file mode 100644
index 0000000..fb9ad29
--- /dev/null
+++ b/openvpn-bonding6.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding6
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65356
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf
new file mode 100644
index 0000000..f197366
--- /dev/null
+++ b/openvpn-bonding7.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding7
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65357
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server
diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf
new file mode 100644
index 0000000..2e6d7a6
--- /dev/null
+++ b/openvpn-bonding8.conf
@@ -0,0 +1,17 @@
+dev ovpnbonding8
+dev-type tap
+cipher AES-256-CBC
+proto udp
+port 65358
+persist-tun
+persist-key
+reneg-sec 0
+verb 3
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 100 2400
+mode server
+tls-server

From 6e53e22761383f8620ff27913aef423837b1370d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Dec 2020 12:16:02 +0000
Subject: [PATCH 020/164] Force fix previous error

---
 debian9-x86_64.sh |  3 +++
 old-v2ray.service | 25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 old-v2ray.service

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 18fcc3e..fd1219f 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -569,6 +569,9 @@ fi
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
 	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
+		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
+	fi
 	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
diff --git a/old-v2ray.service b/old-v2ray.service
new file mode 100644
index 0000000..9ed715a
--- /dev/null
+++ b/old-v2ray.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=V2Ray - A unified platform for anti-censorship
+Documentation=https://v2ray.com https://guide.v2fly.org
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
+#Type=exec
+Type=simple
+# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
+# This service runs as root. You may consider to run it as another user for security concerns.
+# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
+# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
+User=root
+#User=v2ray
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=yes
+ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
+Restart=on-failure
+# Don't restart in the case of configuration error
+RestartPreventExitStatus=23
+
+[Install]
+WantedBy=multi-user.target

From 960cf901fe3ff622789faeaa3f0ce0e5e02942b0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 30 Dec 2020 11:44:39 +0000
Subject: [PATCH 021/164] Fix script and update API

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index fd1219f..fd1d386 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -15,7 +15,7 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
-UPDATE_O7S=${UPDATE_OS:-yes}
+UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
@@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a"
+OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"

From 6a0c3d32472833174f171018680e58def7b637a9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 30 Dec 2020 11:44:54 +0000
Subject: [PATCH 022/164] Fix glorytun UDP timeout

---
 glorytun-udp-post.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh
index 2c1dc40..51a20f0 100644
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@@ -13,4 +13,5 @@ done
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
 tc qdisc replace dev $INTF root cake
-ip link set $INTF txqlen 100
\ No newline at end of file
+ip link set $INTF txqlen 100
+glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null
\ No newline at end of file

From e6d3bb727981eb27f6e609aafde53077cc67dde1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 5 Jan 2021 14:11:09 +0000
Subject: [PATCH 023/164] Update kernel

---
 debian9-x86_64.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index fd1d386..e3c515e 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -32,8 +32,8 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.81"
-KERNEL_PACKAGE_VERSION="1.15+9d3f35b"
+KERNEL_VERSION="5.4.86"
+KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
@@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1023"
+OMR_VERSION="0.1024"
 
 DIR=$( pwd )
 #"

From e87ff9af8e9bec07a7db6e77ca8c6a6c2b7fcc68 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 6 Jan 2021 07:53:55 +0000
Subject: [PATCH 024/164] Update kernel, API and latest glorytun udp fix

---
 debian9-x86_64.sh    | 17 +++++++++++------
 glorytun-udp-post.sh |  3 ++-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1e8a1d3..e2ee6ef 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -15,7 +15,7 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
-UPDATE_O7S=${UPDATE_OS:-yes}
+UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
 OMR_ADMIN=${OMR_ADMIN:-yes}
@@ -32,15 +32,15 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.81"
-KERNEL_PACKAGE_VERSION="1.15+9d3f35b"
+KERNEL_VERSION="5.4.86"
+KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a"
+OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 V2RAY_VERSION="4.31.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
@@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 
-OMR_VERSION="0.1023"
+OMR_VERSION="0.1025-test"
 
 DIR=$( pwd )
 #"
@@ -568,8 +568,10 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	rm -f /etc/systemd/system/v2ray.service
 	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
+		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
+	fi
 	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
@@ -578,6 +580,9 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
+		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
+	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
 fi
diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh
index 2c1dc40..51a20f0 100644
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@@ -13,4 +13,5 @@ done
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
 tc qdisc replace dev $INTF root cake
-ip link set $INTF txqlen 100
\ No newline at end of file
+ip link set $INTF txqlen 100
+glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null
\ No newline at end of file

From 5cf11f2650bb3400a1673e2f20451e3f40e2d224 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 2 Mar 2021 08:52:33 +0000
Subject: [PATCH 025/164] Server scripts update

---
 debian9-x86_64.sh                 |  92 ++++++++++++++++++++++++------
 dsvpn-run                         |   2 +-
 dsvpn0-config                     |   1 +
 glorytun-tcp-run                  |   2 +-
 glorytun-udp-run                  |   5 +-
 omr-admin.service.in              |   2 +-
 omr-service                       |  29 +++++-----
 openmptcprouter-shorewall.tar.gz  | Bin 4076 -> 4080 bytes
 openmptcprouter-shorewall6.tar.gz | Bin 3809 -> 3780 bytes
 shorewall4/policy                 |   4 +-
 shorewall6/policy                 |   4 +-
 tun0.glorytun                     |   1 +
 tun0.glorytun-udp                 |   2 +
 v2ray-server.json                 |   2 +-
 14 files changed, 104 insertions(+), 42 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e2ee6ef..84ef712 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -32,23 +32,23 @@ NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.86"
-KERNEL_PACKAGE_VERSION="1.16+9d3f35b"
+KERNEL_VERSION="5.4.100"
+KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba"
+OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
-V2RAY_VERSION="4.31.0"
+V2RAY_VERSION="4.34.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server"
+VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 
 OMR_VERSION="0.1025-test"
@@ -167,11 +167,9 @@ Pin-Priority: 1001
 EOF
 wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 
-# Install mptcp kernel and shadowsocks
-echo "Install mptcp kernel and shadowsocks..."
-apt-get update
-sleep 2
-apt-get -y install dirmngr patch
+# Add buster-backports repo
+echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list
+
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then
 	if [ "$VERSION_ID" = "9" ]; then
@@ -182,8 +180,12 @@ elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
 fi
+# Install mptcp kernel and shadowsocks
+echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
+apt-get -y install dirmngr patch
+
 wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 # Rename bzImage to vmlinuz, needed when custom kernel was used
@@ -400,6 +402,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
+		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
@@ -427,6 +430,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		}
 		chmod u+x /usr/local/bin/omr-admin.py
+		#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
+		[ "$(ip -6 a)" != "" ] && {
+			systemctl enable omr-admin-ipv6.service
+		}
 		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
@@ -580,6 +587,8 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json
+	rm -f /tmp/v2rayError.log
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
 		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
 	fi
@@ -644,10 +653,6 @@ if [ "$MLVPN" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install mlvpn done"
 fi
-if systemctl -q is-active openvpn-server@tun0.service; then
-	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
-	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
-fi
 if systemctl -q is-active ubond@ubond0.service; then
 	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
 	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
@@ -703,6 +708,32 @@ if [ "$UBOND" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install ubond done"
 fi
+
+if systemctl -q is-active wg-quick@wg0.service; then
+	systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
+	systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
+fi
+
+if [ "$WIREGUARD" = "yes" ]; then
+	echo "Install WireGuard"
+	rm -f /var/lib/dpkg/lock
+	rm -f /var/lib/dpkg/lock-frontend
+	apt-get --no-install-recommends -y wireguard-tools
+	if [ ! -f /etc/wireguard/wg0.conf ]; then
+		cd /etc/wireguard
+		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
+		cat > /etc/wireguard/wg0.conf <<-EOF
+		[Interface]
+		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
+		ListenPort = 65311
+		Address = 10.255.247.1/24
+		SaveConfig = true
+		EOF
+	fi
+	systemctl enable wg-quick@wg0
+	echo "Install wireguard done"
+fi
+
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@@ -974,6 +1005,14 @@ else
 fi
 chmod 755 /usr/local/bin/multipath
 
+# Add omr-test-speed utility
+if [ "$LOCALFILES" = "no" ]; then
+	wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed
+else
+	cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed
+fi
+chmod 755 /usr/local/bin/omr-test-speed
+
 # Add OpenMPTCProuter service
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service
@@ -1094,6 +1133,12 @@ if [ "$TLS" = "yes" ]; then
 			systemctl -q restart shorewall
 			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
 			set -e
+			if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
+				rm -f /etc/openmptcprouter-vps-admin/cert.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem
+				rm -f /etc/openmptcprouter-vps-admin/key.pem
+				ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem
+			fi
 #			mkdir -p /etc/ssl/v2ray
 #			ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key
 #			ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer
@@ -1227,6 +1272,7 @@ if [ "$update" = "0" ]; then
 		Your OpenMPTCProuter Server username: openmptcprouter
 		EOF
 	fi
+	systemctl -q restart sshd
 else
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
@@ -1276,6 +1322,11 @@ else
 		systemctl -q restart openvpn@tun1
 		echo 'done'
 	fi
+	if [ "$WIREGUARD" = "yes" ]; then
+		echo 'Restarting WireGuard'
+		systemctl -q restart wg-quick@wg0
+		echo 'done'
+	fi
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo 'Restarting OpenMPTCProuter VPS admin'
 		systemctl -q restart omr-admin
@@ -1293,16 +1344,14 @@ else
 			echo 'openmptcprouter'
 			echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
 			echo '===================================================================================='
+		else
+			echo '!!! Keys are in /root/openmptcprouter_config.txt !!!'
 		fi
 	fi
 	if [ "$VPS_CERT" = "0" ]; then
 		echo 'No working domain detected, not able to generate certificate for v2ray.'
 		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
 	fi
-	echo 'Restarting shorewall...'
-	systemctl -q restart shorewall
-	systemctl -q restart shorewall6
-	echo 'done'
 	echo 'Apply latest sysctl...'
 	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
 	echo 'done'
@@ -1317,4 +1366,11 @@ else
 #		done
 #	fi
 	echo 'done'
+	echo 'Restarting shorewall...'
+	systemctl -q restart shorewall
+	systemctl -q restart shorewall6
+	echo 'done'
+	echo '===================================================================================='
+	echo '\033[1m  /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
+	echo '===================================================================================='
 fi
diff --git a/dsvpn-run b/dsvpn-run
index e4000c2..f4a2a5d 100644
--- a/dsvpn-run
+++ b/dsvpn-run
@@ -12,7 +12,7 @@ fi
 exec dsvpn \
 	${MODE} \
 	"$1".key \
-	auto \
+	${HOST:-auto} \
 	${PORT} \
 	${DEV} \
 	${LOCALTUNIP} \
diff --git a/dsvpn0-config b/dsvpn0-config
index 933e98b..647f160 100644
--- a/dsvpn0-config
+++ b/dsvpn0-config
@@ -1,4 +1,5 @@
 PORT=65401
+HOST=0.0.0.0
 DEV=dsvpn0
 MODE=server
 LOCALTUNIP=10.255.251.1
diff --git a/glorytun-tcp-run b/glorytun-tcp-run
index 9ccbee6..0572861 100644
--- a/glorytun-tcp-run
+++ b/glorytun-tcp-run
@@ -9,7 +9,7 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-$(basename "$1")"
+DEV="gt-$(basename "$1")"
 
 exec glorytun-tcp \
 	${SERVER:+listener} \
diff --git a/glorytun-udp-run b/glorytun-udp-run
index 9aeb930..fb66c92 100644
--- a/glorytun-udp-run
+++ b/glorytun-udp-run
@@ -9,11 +9,10 @@ fi
 
 . "$(readlink -f "$1")"
 
-DEV="gt${HOST:+c}-udp-$(basename "$1")"
+DEV="gt-udp-$(basename "$1")"
 
 exec glorytun \
-	bind from addr $BIND port $BIND_PORT \
+	bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
 	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
-	${HOST:+to addr "$HOST" port "$PORT"} \
 	${OPTIONS:+$OPTIONS}
diff --git a/omr-admin.service.in b/omr-admin.service.in
index d76318a..ba30724 100644
--- a/omr-admin.service.in
+++ b/omr-admin.service.in
@@ -6,7 +6,7 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-admin.py
-CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
 
 [Install]
 WantedBy=multi-user.target
diff --git a/omr-service b/omr-service
index 1aa788f..4b8e54d 100755
--- a/omr-service
+++ b/omr-service
@@ -30,7 +30,10 @@ _glorytun_tcp() {
 		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 	done
 	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
+		localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.255.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 			systemctl restart glorytun-tcp@tun0
 		fi
@@ -66,9 +69,9 @@ _gre_tunnels() {
 			iface="$(basename $intf)"
 			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
-				ip link set $iface up
-				ip addr add $LOCALIP dev $iface
+				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
+				ip link set $iface up 2>&1 >/dev/null
+				ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
 				ip route add $NETWORK dev $iface 2>&1 >/dev/null
 			fi
 		fi
@@ -77,23 +80,23 @@ _gre_tunnels() {
 
 _openvpn_bonding() {
 	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
-		echo 0 > /sys/class/net/omr-bonding/bonding/mode
+		echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null
 		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding1 up
+		ip link set ovpnbonding1 up 2>&1 >/dev/null
 		ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding2 up
+		ip link set ovpnbonding2 up 2>&1 >/dev/null
 		ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding3 up
+		ip link set ovpnbonding3 up 2>&1 >/dev/null
 		ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding4 up
+		ip link set ovpnbonding4 up 2>&1 >/dev/null
 		ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding5 up
+		ip link set ovpnbonding5 up 2>&1 >/dev/null
 		ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding6 up
+		ip link set ovpnbonding6 up 2>&1 >/dev/null
 		ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding7 up
+		ip link set ovpnbonding7 up 2>&1 >/dev/null
 		ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding8 up
+		ip link set ovpnbonding8 up 2>&1 >/dev/null
 		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
 		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
 		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index dbbaefbae4907faea3d9be6dd77f680a5a4cbb83..b7120120fce994d29ba0944d3beb4d99a80aeecf 100644
GIT binary patch
delta 4068
zcmV<A4;%38AMhW4ABzY8RCXy~00ZqD?Q)~YasQ&Hn6jPRZpHevB%hs9E*OwRjDQ1V
zpRZCyVF}yRNuU5)pL4bEp6(ey2+6BWR`Mnn+PeaJdb+1)db)dHU=sL#96FO<-W?7a
z0Nr+*9s!ES<~f`<&(53eR=d$XJAc<`Hrw6qJJL8{n=)8`MzIqT@-7U5_;Yl-%Kt~<
zxN=O)ryz8no!N|3tEBG6lX{e5>XXzyDoEK6LgM)kK{$6}FYt+TA1q_y0)^*BP(tD-
zFCq`#%snOX%fcl`bH^tcw`#`i2-yA5*NhQwk+aJ2n?U857c5y*IgT^6u^~ttCrYNp
zak`;d8Yk+1ngJIkJ&aAs;LKau5{8w^58eYg;m4LXloVYuO!CJ+65AFm+v1IZWHAEU
z=106L@-`!?2-fA3J6pKnr2~C1buM*{t8(~nIbCqgM&tWN<p<ZFdJk#+zNK$geux*V
zn(<`8wVH)$!?V`eW<7&93lh(p7rF8uYZqtDb<WLy^H#A*vLS4;_QJ_}#csEIUZ|)_
z)|IT8wrXzH_ucs33!<tY6<T;!<f7}_x@55^_6fB7tWeeDRcW(o<oIr(?VWD7SXJI4
zH1Zbft?e|r#ojX2(YBiYyim2-EsmkJb?oD{!N;22i&aH-{Mz~N`LP>5I1@M8hd0>{
zJN$ott8spY{{OsjcGhh-n&|(#XN}VTzXh!O|Br4Mp<i#;8l*~0XTF%ZM9xfv^ue<e
zaQ`HJ4yu{y5OC`c-s3W)L7@g5g<$a#dXG;rc`tk*Eg1f4tI=$e`xl51Zcd=(I&&IX
zEDRho?>=<G7lJV)bX^h!5Am}Tx_>4w!IDgWAe4me)Qce6+%IF7crgLbS`R{~KM!Cw
zydY}nPu-A;f#%I45<Jk0fjTCN8%0nyaD6v)W<+1!&%6m#R=kPpM=o(9vOrw)<WAGJ
z_OT&m(hvxMz@Do4XX1KLj<VBUYt@>mw1nd+fxde0#Mu6j1PiSA0UG^6W)8G2ty!ag
zU0{MBtc&537!ogzq+0xIO#Ay`8KN*Ubz{eyMNpx-SJ*>rUwM+FeFyX`RcP&<^YPD`
zDiK0t)sl=pFW@<XremsLRv=h$ClJkS84J1T(`0c9apPg;JVvJ>^pFcZ0*asdK{Q{6
z57B7^Lp^b6QLj<?xbV5hxEe40KXF`tMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBU
zGvYP5!91+q2M}lc$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^<M*$finKT1?*b?G5etL
ziH{=h(WlYtqZ4}0{S4wl{KTRg@m+|S5TaZb%;XrOc(i<cbfXwbC|z2O_|6=E>fXDL
z5LTWci~>`#TtLnXK_24p%#C9jS>u3Uya)fYgrJPkaSoY5FwZpr{MVGw*yBTcUnn~o
ztlTxt7Gdz1X(IhfGn-4i;Fxpox$#pYxw;Z~)9N+P8nspjVtNCQoun*@3%zyMA3jW)
z7tQbU%*p#gPp;x4WHFN<oPJ<`@^cY}V<%KTJ59q7OOaft87*fqC<!XvvveVXzQoMM
zW0?ozO`aUcU|bivH}s%0{Y(_<$#DhcxL4KLbGVgNK^cn@VP;i>1{F~dcfR$U_<w@c
zKpalS4*w4kpj*8E*Xf*<{{Jl?OKqtG{MM~0;jQ5<yzb8Vf4({Y&&&IN|8D{}x@q&G
zX!M#i5upE@6>Vf}U|SWWWxj%~XdC4c@P8f_!OWYy99G88=YQSCyJj2Lf#<Dmw}tb+
z(P)?R|1IDP?*Ho4M9O==<-Olm@BK0_vj6+O$Lv8ZNdceNk{sxoA`5q`YegFnMY@rc
z^jaRt*5%dMFs%yS(ahI>C9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ
z9Q~n}FmHwu>1&Fj-OB19?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w<fA_dJN$pU
z-7fC`0P<Gp|K9?>!2cU)B46wNPvPvmi~+yn7(hMA-b27Qf^@HcQ09RPfoL-l;U1zK
zzDTbb@<3MkG%yi^x1@Z1+;CKf<A^t|@mkPSl}4|m+>%FY^h2-@+=`U7kM32<m($H8
z$K*c)+ys>#-<uyYd{OOu6A=c6Hr6XYm=fzfUQt#TP?f(@WOFEqE2JSQ&=Wa?tlsd7
zoI{LN%ix9UJdG-U-BvQy#K8Y9#)ug_qc`&12{qq^H~D3`U{4EhR^hGY<BIHmbY|Z4
zJw{N}YFFTmCkr|^8Ss;dyNHRXnmI|)O2&hixV1P)Wj+TXZk>ZF?^&#8eR<NqU6aFF
zm&u{Z=$`*bdDjzmH@XT$h|cpWW*)$LgQh4B>bx#)hbp^&c&Dm}VX!DLJ-T<MN3_rX
z8Tf9khVGjzLiZzh8RjBqK|+4-(weg%n7Y#%b&ynWI&hmqw@vSDH25GS8OWTuP@#(;
zjLBa}w*y%Tb-U4%GYy`jVDd{u+xj>Q!k2jIlfYl=C1A>=u609EbkVZtkqWDJJDs!6
zzs+Mg-Q@9q8TCwam=5P&8s2KPs5o&b=-6ElA*W<ztDDAz69H%+o~P*`aloA>wUm(o
z(LIC~(`iTtgR*EM({B6X;v&y|GV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte
z(Mzblb$)he$l`YmGr7aa_<a7~Y&E+b%>Ub+^G>IK*~0w4)$Wwf|K9}mo;P7sS>^XP
zNow5LvbA8{^jOX9Nhp2H?Z&td;0rQQ%I=8q8#(^Md4$Y<76st6XPyt|F?ovP#bv$z
z{QO*7RRd2@pELTX(74)DJfH3V?gqytKGh@^;fVpiW1_>gL?Cw}S44p`aqn^~kcb)9
zShppA6%sN@?A^Ih<q+C2^=?231C-G~O&L_Y+rL6Ll5wS(vUS&M9#9bg9foCq`s`l^
zogYX>?|{wkL+=~V_FK?FA<F(W=*xz53n~90m4GD&7}5a#WSAp^{VQ>$z+wYdDVD8h
z1DoDV1bvcK$r=vNuW)6eipdo$-Yl6{&7K;6FvQ9(TNDAE18WyX-Io=qSO4gQbx3;a
zb2p06@vtJg+qHL;`O(WiMELKBmRkHkQ<b|^2wj2!%MmXWnvIUMQb|@=YfU$FkZwuF
z2C?}Xel#}vo7lvU0Dh%Oen+qu*8o+iSb}c%6@FlDu*g<-Ywg?js2+1@H3AsE1$Lu<
z5fzL{BYh611o~K9NAqA$A{@nJng~Fv!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39Fd
zFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>e
zP`IWR2!^AHW1v7Tm5SPj%p3_=W9rd=z2{%n=?|5Von<GpVB*Y*mq-WA(<MXcrR4R6
z8_v)kO-nN*Dm-+f7?c4^8fwgU*yd0I4?^jqCny+SnRh0(ws&-dhIAO`BElf|!34%&
z4i+^AAvF~+jyf4pjDa!i0H#3KLbfRN`LSa4d{`Uj+)#=>x(WklI&q?yErL&fN6T64
z<*ui&;8ug!e1Wx0Hkl|kx$BWf<LX>g&Cp%sutyc-^u-d7z*>GBOJixh>040j>BGOl
z_%H#)fUz9HXc{n<Iw!zrj_AnZ#6Q5e8sPN=ZG^7{_P&c?*?jUFCauvYIKkz_r@x;3
z7QIBVJO2a|eCpyxSDN;I`mSPsn8RG%=xMVGU?#yF-z^04gY;J+VW2)!UrmdHOau)A
zf~*c$O1iqXsTb?99jZ_uingrV5R!RQV&N81CamZS$dRndCVyp0ss*QFn(X4+oY=j9
zULlg#J6DJie=SiySG*|;Hj9mnb2dMFM-b6Zll<T`3ukD;!jP9$+Y}6caKZ^!LE%UG
z$YeYOMdA$`TpBCVM!F(dOd!k@h{7;IZE%;GGRE7Uj7*e}$hL-(igzngq($c!>M!ef
z6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5<KAfrcxsC|l_#9qiAhPZnj#%#fO4B|(Fs
z`aEO;)QM5fkiOjVhG;W?{qT-9h)6pZLeM}3XFpc2RqYnK&5&7u!kRL40f@4|^l{k7
ztTT>fRgqN*I9b9lrNlU9gBTU8BWVU$L?Rk3Nb@U|Ye~{=!?LZFh+|YadDqgkX(B}{
zr|HwWp=DT0p(&O+fZkkRHjQ}bACWySU?Nas8%93s2eboL0@gTx)>U0(O<|pAo8x|8
z{;Bs15`cS@>GpF<KDMNvY`pcajjdj{0pWQJA<}>=$u{}|ZqlZNxJ`T{|19+yt8+Uy
zn^c+yQXkA3iaDV4;}{ZlJA3mfp`uA0jm%CMXW=^a-Ap)BJuRXrRN74O78-tjBC;m4
z3B-s@{sx+uB|%7kL{W5L*|jBPU2S^!D3YOmf|0XQ0^N{dn(Doy7CEDTcx=L7YyA&%
z2b`HuLA#N~bQ&|9F;1H>HglRLvjB1W@D4lxuh=k8a-?8dD+EjS!AvF7gtc7K8EB$l
z9|EsKxtUGlTg|xUp;uIqRsLBrG@JDyz0_2xg+IOOVSKxPP7|7I@a|TU^P1q>(<M6f
z@P}Mmfn(BfVTAobcQa%wtb9r81y=JgUz%=dNEbNyvSeSyYN4|!kS%Gp;9sq=TE%RZ
zt=2Ky71(oMZW+W8y@Pa(3uK<$!2phlwSTcV=dNT6{dhW)Hm<dPpDi**ym_6LqA|1c
za@**C5k!zLaUNR6&iDV>{r~*_pLVC*|NSOVc>gcm^MjdmedI*{Sh}Gzb=|Mr{?jdY
z{``)U5e^?wLEP5;KOFsb5N5Cfhq+w-GeR8h0HWU;0@5q~N>*g+4mu5D<d0*?;6>n?
zylv5_HR{do>EA0Lr`f##TzegN4))e%s8)iyK-BjM8JGKH0h56a8h<}Y-wFA^ag7@N
zt2cmU_WDN|zkfdv#ld3XP7k^bcvt*yofY5zZ^2m^|K9>$+yC3i<pMbq`H%B}W~)pA
ze$OdD&PERK8pu~}#$B)XRhwe-n_-jdjU9B!_kObL>IOx%z&WY0jZ^w*pfBf?*4Us;
zKO?l83!~g1OTQ+xn|}eL+#qA0D%xG0Hor_W-T>ms;lBX5>;3O$xA^`~tJ&$4@&7I0
zxcK2S2G*UPL&$3NidV&3S+ufO479PeLRNC0NaLhm*~fS)s}%#s$;lUbzO}w3tOIVu
z|HkkCH9MQ%|LV5O`+si&U-16l&uAj$>)&Pe|7!M6oyY;w{#E4LoM|vhK88k$Agddw
zG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN<plzD3jC6rJ?2_=+JLJ1|5P(leMlu$wm
WC6rJ?2_=;9P2pc@jbV`hcmM!e6ak(9

literal 4076
zcmV<I4-@boiwFP!E81TG1MM8`a-+!c{-URtvYor#iuGwpK0BpcFd&H-0SCxFU!{t|
z61J(6KmoKq=W5?Q-7|m?l2?0K$(vkg?+WPY>7JhH>F$AnN#Of&=uCe3=5Wve=(gMR
z2v9sW&*8jzcHV5a+Kukn`8SPbv)%1}LmCHcQwGZ@c0xkF34<X16y2`!|4}%u924^?
z2;FCAHY3$4sk`x{9;KN2B(;wUQuc$8c>Y5W&Yjo`eB#^(%b2)8;kgl%kod`q$b&a?
zPf7f;aLLi!@kz$5nsGY<c0cqrW5iqJtaAJ&P&wuWOV(75<4kRA2olGMl4)_AZfKUq
ziMnRMg-H)%Q!+U7R<?v;rSgOKKu-9vr41!Tmkg79`z^6;!Llvh7)TZ)ux)<Ct0HeR
zqKaT$KDo1n8(uol2UF)#*SIQ&|CZAQ*K9PtZ&ZG8{i*km*6&;TX61)?v8owQ7F?@Y
zs5U%noo&`Lc(Wk!ym^r;|FL#))?DY@JZ}}7BpbpeYcHIvSL}AX=Y@)@WL?RcX{+XD
zecz4my&$UkQK5xrMJ~F&txFb*VxK_E&k9vdUX?bhMvm_m+TQ7Qi&f<<LL+an-r7#1
zTkI`U9c`=W&kI$X-QpNpTgN_L8+@$Uy;xOb$1k1#o*%p6gEMiXeRz}Yu*3hi8s}%|
z|GVw;W~<X_q5to;8>Rn$3t0F6AKWlPzuvAjNR^n*d@*y0oS6vegJ&n;{z?2CR5Q~d
z;MO0!$7M)^LJc?y!Qv(K9-m_JPIymRF#Oe4quD0+FAyQzoIuNU<}|Wc7&vC$edvTQ
z1Y=0(x+Dr7;%6sx|3Y4ZC7D1d3Eim|LA1GF#xC(<0-m)VgiwDTz-)Ly)Y6~2Ar%A7
zn@1#gpceymOcXbYplsm!Zs^R2zPz7#6R50s6W5Pi;zVSDxai59rfuzGL(HTh5CDNa
zRr4>z^`IPOr@hvyHB)H`$5R4*_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m
z97(nK*O>PA!!kr+Wa`F_H;bS`b+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zG
z1Wm_O!K^^A;!Yr%*)kS#)2GSe6ynCi%z2DXL+BwFdIS_d^@C`>3?HJ?2!?v%(xP6Y
z@?qg~k8w3#`hVuQj3(uf7K3kRB-<(GGx&YA{-=0Pqfga*4BhGyX2ff9gLzoJ4<OF?
zk6S3dw(BZk53q1TXMVugkFaa~*J`y3>%YeNc^UuT1a__en0?Ur#7B|$=+o%+!3jO*
zeg<(Neqzy$_%6gu2vIHzW^#;CJX$_Jx={=zlrF7Cd}j`I@7+fTE6)%{fhk!oAm@c3
z4{><r#xaeoaX>KMga27VP{!yuhs+?D=NbV1Yf5PB@u9shlpPIL?wV$cFnG)~k$$C_
z%_UxN%(?g6_^FXxT?xEt^_pjmTB`#wy@AJ0QkKMp-n#1#A12L<=J$E#<XxdBSMd?D
zm`M;$-!u8S2*a@xDxaOEVTh$jF4T;cvlx^FmF`)(5J6vJ=Hju;gYhO$4rDN{3*8%f
z(3yTF3iaf;f^yue>g+k(%BrA@MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#
z&PxCP7LcX3)B%3&)|Bwp@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<
z(lTGcR<w<B3HUz`i(uwWUJff`=l$Qt#{6$I%J}~#@EP}ib!sBzz2EZQ@2mHInHSmr
zecxmDpq8Y7&ud8zbWM?kyVbR#4TvJ$NJ@Gwk7VoeYHXNR1@CC)>k?S=tX=bhAnDcy
z*~9ZTssff2YrR7Dip(M!r$-({L(}uuI9BuyEk}Q_80XPYB7IF!v|Cvnq<u3QLzi7i
zMB$+ifG@|<A4B@PBv>3rIhAqz{}#gK?2wOsDeQ><?RLAk{|CrhW&D2&_>A~(pox5G
z_&<fS^D+nc1LpwLlk7bO_)3uO70V)SAraZkL~svT4qv3#40#}{e43aLgSVu7ecW(X
zhvSGhuJKyXRF!5gNx3DD*64>|AGj4QYaiXKmM^E9iH^yC2Dk|>J-##FXZWJp`6eO^
z3~j7eelR80d%U8oE}$xZrO4(`5?4q=QlKYt2wA=16*-3(tCqnF*LfOMx~*iYiGlxJ
zj2Tn#jNZt1C)9iw-sG3%f;}z5S%r@pjw`bN!I^o}cbGAuR=X0fc(R~#lL0@OxQm#G
zs+p4%tz<lSiCc?<ROWLK;?_y1@{Z+ttS?Xcw`+1(>oPf18Qt?ADerp1?nYOE2+?_7
z#mo~}Z_pIQL7msd?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9
zT5}czQ+HaU4w4E^2X1rdw&}f%1|Nha1DP`yDs&NqG5IU$b|5REZZ~>zronR*On!-I
zTOVgZ_!2LD68LMq1WcLKwQeYiE?O2nQeo9@r*qc%-8`1lO&*_6&oqbWaPFnytyYVQ
z6NiG1-31YHN>;YIX-qf~fcD{enhp{N-032QGBO~#htOg=4e4M|7ENT@ZC_km<hf5~
z9-2*lf+rSwEUG*#ZSZL)vc5b?Z)dX2qE*W36I67MW<vF~^Rq)k7Qbtl$sI<<r}O`2
ztJ&>f{@?DLcRI}$=KrmBr`-SXCb0Ls38Ts?zrRUR<Ia|?CF`cgYHm+L={5&9#(f~4
zk%>}vM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z(MN^G)t=({Z2xz+
zI4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{Zd5shc1*n+P{IIZ
zG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6G<*Fon8lF>V0^ZU^I2DJSabWn)0e+~Mw
zA>BgCe@G=@$pMBmfIk`L$YB3UTq&^FfK`fRE84)OH<Ll1WL2_;!}BX#nW$oN1&cRJ
z=2f$&1`M&X%N9jI=fK*9QTJs<>eW9uVI7j*`rM5obUdtx?so1SWq$PXPZ9n*qNNr;
z&{X9v6+)L_z;eV3g=VvRyU7Y`t?7mi(k;o@AU0pakH$uS6Px%Ez^^pP?+Ewe8lWl_
zOVI7U!Vk<17TM}<t$q6*)ng8=MgYUNz-~06f-z~N&*79nAB*c~9_&ekqnJz+0cbTi
zld*jNcE%ezE{7!()P==<Umn;xZw-4#C%@sPC>tMFU3q!(n>pkSX&npZFpxA^2W+pt
zj6x`JLbv{FY(Khzx2P);8171ntkWM;vZw(H*VF>Ra5QlY6v(AgQTvdYBLQnnJ-YY&
z%R2p`60)=GWEM=ES@9C-pn1AvD7}=tzHq}C+M{V{hD3#jZWMzuU`a!b`3~D0O5i~#
zee?tc<16#d#MbtXj?j<}<6J}-<UW|d7|g+<#vr7o0>)7%BZ@IFh8@5Z=vv4Yr9MAa
ztey{R<D45x(MMNd;7lh@6thL}>1a8Nz1;N_7TjtOn=i1I$tDxUCU-sZXk49(su{YA
z9QLS!oIYFP5m?KQV`(g{H+>6=J#G3Oj1Ln)3>eEHjHUr&sdEC1=7^3gPW%Ims{vk5
z&_?)LXz#lSmdz)>VbU6XgcDp&eEi$VZ_!H>yYr7Q!KW^6bf#(V$L}hJIn33Ko;Irh
zW)jTt-BKVwNPiU)2I@2Q)wDRsM9?50$m)Qlq^oP2da)kcp$rA0Xv?|{A(=NN7H$z`
z!iv6t9LcI|@>iy$T5u|+$u7Rli`@(86(V`PcZC@7*AnG(#hbEVv)ITuXY;dn1QGo-
z$q!DmaE2x<40&0#O~C*soNyHsex#2~#zRmf-mt-?u_A4xE0V<o!c2iE3=`A_cd033
zyzR-zL<xy(YbdFBw<1Mabbg`!vW_<~m;@1ZS0upQbQuC1DP)=KRK;Y0$K*x4Q~42S
zxYCNUm44E}{%rarS(eNUsTo!hG#IMSLnc6-808G<%Pnt+Hq#I9XoHBfb0Gu`RB-lV
z^;*?#q1z0Z1t_d3Ll=N33rrt}eat%JSXLETm4K5a3{y&sV>XCU!8(#=fJG#t(SkI;
zQn{8S-8L-ST8TJDm6LaEO`9fCv~rq0ts7c~wG^6SsRQWE^<~qDhyD@S;{qlEHMU{o
zvwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN$;X!Tla06jwXxOfHXuBYAw(K*
zCD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV{Wyk%-Ok>8OQ>j4M<cTn##y*d
zeK!-%R8Na23Y9ifyoH9JpNOo<YyvSNlfQu`W=RkdQ4}3mc5Mk+SDPL_ie#vtVC1Zn
zKsRKVrh4zFMb79S9-HvjTK~h`0cR#u&~9WgoyH7jjMFBJ&77vmEI^z-yaNxwD>lrN
z94VOA3c-?nFjL7iVJ(+*2AU|?hrsJlZf4W?Rx_@7=oM9Dm4B8D&1QW_FEv$a;ZLu6
z7~ihbgytH&yOrd;CiwPriB3KIA=g&mm~>niVSmuwE7=MwUy^!()jZ6XGJ{?%aPnoz
zzM9oSXHy_s(rm%MT4S|}*(_VFW40@>=f2!Bh$DIj=^7WvJh_7b920B*VsXx0$rk$Y
zbS7<FYyCc3WQ=(8IxR(GX6NO$;r}9tAmco=jGg;`+5P|g{-1WI-2eY3P<a0{-SdN)
zbbaJR|6IDEGj-iB-2T%ocmDi=cmALcIm#4Co~`V9u0m_k=PFdqIiT~6_;1=rwB^H5
z+}8a+9Q}3_X0QT>xm^A;QXK98qTibW(kuQ-R%GiAIt^mvk7LQ;Mc|seZPTbV>do%y
zKPn)n*}VW<dmVQU_SR*nR)V@f)b|M)m-}P|jtWd>_M9A_o5MT+<D;EUpU`EG(xb{T
zQocJ$-wArpag7@Nt2cmU_WDm5zyCN8#ld3XP7k^bcvt*yofW_T&}x<6e|j5uZU1j4
zmkZ=f<Uh^>nyoSg_#>wPIU6~^Yd~MP8F#(j7j25oZ-z~-H+Ik^-+Rigs~Z&60_UX0
zHcsiMp+28eT4RGY{fyLZE{t-6Ed83)ZU&5UgN%KuYIk+o{4&jW1BfSw{{rN$_y3#S
z;`=|XW~Woe|F?kS;)m}TSa*63A*<CZUKMX;(aK&i(8ksZS;>7OkCT37A7iSlRty{`
zCtqm#+WMBT4!9BjE5HBO>}-Djt=lf||Gf!(#`}LiqluKS|CibStJyzwA_qwOlW()8
z!6^9{9w~yXZlKZ-_1U@pYrNAB@TD*EXRorPugQ3e5AE!m0raBGTT3XRgc3?9p@b4j
eD4~QBN+_X(5=tncgc3^l>hN!#D3<g9cmMz~cm87l

diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index 2f4dee49c8cd7be2a6734da76cc5f231add1b4f1..d5769fae4f168217f983a780a6bdd3be7bb4e23a 100644
GIT binary patch
literal 3780
zcmV;#4m<H5iwFQ<b}3*01MOUGbE8HQ-mmCaOv%1vx6ZQOEII3xE{9<xaYjG@*>UQs
zC@f){iUb^>b$na<->-Xk5klVeW><1@32m1IGt)giGd)lD41;FA=f$Bt`{mXCs0GwN
zIbq*G<?nX?wDYRnJ#C+KPFnr$>8n<|eRA4=MOu5*DW_Ew+aV#ZLf?-+Rqna`|5G}s
z9T4N*51j{lvFMXVgEXCZ){OF`<}9<28kQaUA#uH1KU~_e>wCn$@mDc%poHs0kVE2o
zHzK$0!Z{-GW8jeb()P$&Tq74(2YEjXRei#nq+2`KE7cBo!IV^m<2XZ|>H_6Bks2n)
zX}W5voT#a~$r<c(YEYdst|U_!*J?kwx8#tYn(CO!8r2Q*%{Rod1k*BkeMHTqfMxL$
zUJ-dKDO3~8vwLR|IN_NMZJ*m`n#wge{9nxjuH9;V*Q)*CcysqQ;~$#ZHuG&9tU2RZ
zz;)UswsE)9-R9GIqg3N*`)wir$K$u%_NL_aX{W4`qzl`k-Eg+a*zfmGON<IN&n4Bc
z6l0s;bK)D<j~ZT7(y&{WqG?ZcNf4C#1T^oKSPfpG+pLl8IVIhD{eGEMdZN<E4K}sy
zwfg1WGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0
z-|trV|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>F
zQSgJu(7n5l$!p;a>A>(eI<58zxp@Tt;1nt}9ec_AiivJx;ogLH_(;%$gpNZZ|2BTG
zL+5+)=&#5O97*WR-3WZm%_???8xz3SrXK?T(uX<mh)FAN?u4uwP;VI#|CZg1lqr#&
zD1y9^<2j+dAlm9?;m&|rc4v+kImC`gfN9aaGtYD#q9R7B2)I8G&zku?aa_p9y0c#E
z9JjODQi(?d`s%eEqy8cB17v&yN<Wf?4ccX#$E*tss0ew{c@mxS;)EW@zs9V;Z&x8!
zM&?dzyNd`I8at)0_v~wPi0Zrc=6RgZ*}3F{pH+ntLL|kc`j8j!8cEeKUNCClvbaO=
zX_i#TWHi5@1xMgWZWs1lbQA{AGtdD?(1Bnn^FjM4g#L4GFmQSoc$~is8-3S1X{^8m
z|DFlS`JZCj5yXFz0z0&qd&GXE=kUMX>6h@ob$Z&a@c$*~`S?Gv5Qb2E6uEaE!>@OC
z=-M|6K!*4}!8hVLfSLeOP6B6Aj5r>x?(Uo@h8$KdV<Vou1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXZ88ZxSyMK?k8jaubJ=h$QzmI3~w|J_}vwAuq21bw}}A3hx*%B}I^@A|;7c
z97EORBmldY0IrI5LhEtdUmefjKdu1E@qe$^t?>UPC=YEI`u*P8RP@rc2JQXT@$CGE
z>+<~XSMlGAP~gK7_;J5=JiGtX>%3~8wA!7{X}8tsCh`ACHU2L_pRxa=F%zlweyY8n
zkM8{>D6;!~pM&ISO}^)X4{eHjFq$e$!u9%IR!2mpmsHN~rHN#oolkYctl=(9k(Zzi
z7Ks-Gs+qOh2l6?^AY%SxF;Q1FwCyn^Lsgd5D@hq;`c9_MjB`q49`q_RmhW}?FDjV(
z+6)R;i+yhWGkOO9Pfj{z{}07m75={jeFpyPXd+(=|3`3jTKRxKu@7KKvU3;kJ5hFE
zAV=YnBii;vc#xowUM{cd(nwPH%rOz2H#eRp;IV@yd{21&0`CP?QJD8i^G#{8QGN{e
zfd>+D{n&|xVm^DMd_ca8@F+y~{n~hwr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbHEE!`e
zt`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg*(=6b
zg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=Yt>O!5LtA
zodga^UmgyxHtI>V%j;o{(OmD2$!@0NE;R)TC1N-ZA1ZMmhvVGfUBBVZmceEoZVNw=
z$5>c_b>2s-ex_L)GE4QLOfmF>lCb)XJ+HHV|F7>k$HxfaBnX{%fHVnAF8s9kjl(z>
zzCU;7#|$KK+*nN;z4wt`U<#G;aKAhq#)7f1>H<HE$v;TH2Qdi)-RRz)`wx*n`z2yp
z-Yxv_F<yDZ_cr<^?}&}@ENfV{EB4JQYxH})ZtpkCSk1R(e4=@VG0p~XCyIAE9afz<
z7BrGRz9ef)-8P@Hy)YYO2Wq-c7;c(@HR#~<Lud+{ootkt>^9ccKY9E1ZL!+f!bM9e
z&im9@4@8B}tODveYqyT^uag`kYA{KExhEIv2Uy1#%I&3&Psji5cK@_|{-@LHcB=UQ
zC1~ey6MB+$e1DmS#=WPWESGFA;e9#`Wluz%7@q@w&M8wSubv2;*j`}YL2$o_d_eAn
z>%n!5IrniKoHd&d4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5tDbe7b5{RM5
zIg#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx>gTE<nb(8%
z9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLTRNAoSm7BVg$PhBSgd3FgRX
z_l-E0VbKAr71NT{k;OI@p*`v9WFrl)&vAvKi0R$h3_C0V`T~|LN#;<J>7e<}4x13?
zHkVEmA<`sS?2y}_p2O$a-y;04vs|{+N@SS)NLA$Pf#TO{6J983iRf9Yr3<SKO?3@w
zH>ti=*!WobWU3FhQ&ZT0^mR)LNBmvSjgKL%Rx<_78p{00*piX2>NXVI^(Y>2Xe9y|
zx(Rlo5(SJ$B|{FU0AebxpLwt!5x&KAS_n{9g)0g3cW+m)updezOXJP)pnmusZ$(M}
zQ0Tw2<|+!|-VU8&>fw81%<FWsFqp=Os*(n&g96*Hv32M8ZqSq|*sRvag*P?Oel_-C
z(8Q923ucaBMXET35-6rtQ-%<ZV*!ooaw7J|^_qbbE)bqj@n!@mXHE9Os?D$Ri-kY4
z7v)<lS4ZPCOjW0>^3aK5XbqUvSWR%lGR73pgH;;cL&o&nxHeGRLA{PfwI5&+VZeuA
z4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h<+&tGwCLzO^zHe~
zj^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w88cO<-%Ijc5KTheC
zZZ_zNq~z(wm({T!@1nzCk72lV7;KFbV7Mo2=n*CMFz`A+q@Ygl4Whxf5v;Bc-(y@G
zeSiyGbA0&c;rr+@ik;;LfPlG!XCYZ+{NdZ0Zj1}O(fu|Hq|E#!zJ>(F_tIabXo3N(
zww^b8nJFrG4@ns%@#^~CVlX#I4q`)wIFS^|;Li=Jm~bg(5iY*ah1~|p>xA?TuXVzN
zzo5*+p7VwzSc!);l9X&>4(j07kJ6yvDEDb#n!=cu6w45FNi$QSg3M2}iIIp9WXkIn
zKpDGHCz?#nq&k=i;E7=}T7Z(OJjET)M1V-KkY$dkV)0_y7*SQw`STcih}Q}~0bSSn
zu_E**4J^cB4<99J<cX?ornsLZ4SDeF42PH^5RP2&x@aY;;>L7REbA$7BqIeNd#YS0
z>J{{XE+uXTnI&iu)MkQx;@C`+wn>UCDHLRx!Z<64&d7p_6d1u&5ecG(q;ec()vMJm
zDAg?8v{FZQokUE$n7%q?SS%i5$yq?OX$*O)iE#$Zn2}63*FD%k3&t#OHjZEtVzExL
zjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y3Jb{?)+J9CFdU;lP9apb
z@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LEC+Hh9yVG<Dj9MGiJEY70
z@VgCvoy|XVv1rG@pk7L1X7ov#KFvmWYUEH3Ba^6vY1;T2<_j-dV2g#KFnH^PBtQm3
zpoRg<owPw{1gb0wyaxG3ZuVEIe!)ZI6)|D{nd+*Q^aHz9723g%L1RA%r!l{O0T^ed
zVWI&Dm#tzM&h2ygAxegZiwW!xcBmj<gcNhKX|}fXVs3VZAX^j^^V0JS`5IumzI@rR
zos}#Qw$s;v|90Lw^nbbmJMPOT264hRSuSu5$&+gsz$r0zUoFnLbIC-Y%x2Qoy*eBw
zvG{~HF0x!S=HwcH<p2+f5QI(KLKDH*RFmj*qF&NnY*t4QOzc3+C+V5<ADvdKy#L!e
z=~d@HUW7K!f8=LA423tF6Fd6P$_eec<9y}ukA8LX<4=6@12LqYHzeIve|kr~xyi-$
z(^)f@kX%&ak93aYiC>T4o;?4-v0sqDkWAn(Kq>y11cxU;*pE&?(R2P>k|pyRIt_py
zmc=?Rg4A2*yVluRv)wxScMa;eowxAzJFf5sDt0o=&E)weKJNsx23ul%$R4=lk3gf^
z0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~CpwFHE@Ab;>e|0)1)$c#N2z~7Q
zXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{ak;TK1={>5KoL<V@D%V)2HP*>5
z@`Db)k?;`S?|lBh-RqoepZ~A$|3&CC&j0_6CQ`lrRiXb!(Vv0H9$-KHZ65PlV_={D
zYQ`2WOUhOfBXw$iHr9VkcJ@mh*;`@xVb<)REFLY+UoB%de?XM4sG^E0s;HuhDypcW
uiYlt8qKYc2sG^E0s;HuhDypcWiYlt8qKYc2sG^GgjPySSZ@`TJcmM!h5`xnJ

delta 3806
zcmV<44k7Wx9pN2+ABzY8x&6yt00Zq@dvl{k65oH(r<js`$!?uxy(~HFlx`0Lk~kwE
zfb2MRRTP%6O+^9@&^o@<e)sF10fdluz1fwVTteF=F|VGUnVw(wJkTug{UmZ`Kfl@^
zwSf93C-fVr{N3)Kc3!o+{Z{*=ciQQ8U$xrplhf`i(%PecOgXLM#EA%b6$L@^seI3+
z|DV!9?SPo~LF7I-i$$L_8l>qavu2z}HD{TI)G+Tbh=}Lk2GP<<yuc^UO|VLc3pqSD
zh7^+Adoj877VZ&A9z&PZmyS=?>>4?{I`Dfp)Qkylk#6l^uT(qW1xwacj^j*iY6ud?
ziIQn?oNj1;md1&?W>}m_Kc}W-aORb43FBJrop(zP`KhIiB}JDElYH|Hv2DS!E#4SO
z7RzAU{DfCU-e#F<f^~N9E<!gtbD-^W=S<hQ28aKvdC0X}t?yd3cdkG8ZnN@3OW!Vh
zn}q9<$t>hL?NYIEx6|D&XYgjJ#?$uOLi!KKZ@cY(P0sDpPFW<`5Vl!+(QLC|zu!MC
z6;vhbT-HomHMh(AZgS%Val?;G5_Zd6bp5F=3Bz)qfaKj$QIl7t?V_>cyCvCs{eHQq
z{6wX(7j8=1YxT>$WvY{>O8U!E(RRN)hSrl~pKJ_1mh8V>7i8bNng5=jxY4aMbK~9c
zdy1Za#s6*(@xRjt*l+b(i2wa=h5s)?8~9J&yHSj&esbI*4PrXWaN!a;R}nG<Tqgkj
zBzXuLx#|$W^jq(46;YFL3><|Ze2l!i`-Hp}-jEIqf1?BDo!mTveQ*mETCTICcEv)o
zvG8spCwe4kK_b^Bad4YFIFb83c??!$28JYma_3$Qw&rG)xWr2c;A=C8p!_m`Iq`^5
zD}U}rv>Fg^8I$0a21e?XC~h1>+Q{|Y$XO75b+hnhP+0M1t{=O^iAjiY@x43GWF4X)
zW-17nKVVOr`8{zxNXNRfUh5pUv)WRQM+ExnwUeOy5eY&p_y&Z2Bnt<m%Ss;8E-;~g
zA}ou>lNb^&PNd`HmxT8B?JB~`$lOgFZxKU*#!l($E&Ey>;`*+wdG054cFy_WCry<I
zA+l;o#*i2A8A;R8UodN6vbaOAX|`NQq%^;ug-2jWZWqp7d=!PyGtdD?(1D;S^FjM4
zg8p-F&~bVn`dqM#8hy_{X{<m6|DG{_$;&@gY)26PNeZ3FS?&@0k)Ff<cBfDA{{#ZP
z&MDx3>$Kml@c$*~dH<hj2t_D9j=ejd;@5j8@|>FmAVYG`@QwH`peBHn%iv5-5Xa-y
z-JKgJkV5li#fa}Lq3n%&2f*?GKnhIBDg@sLU>=Zo;U)>i)+8W^_?~~a0$4_Wd|ZNU
z2$lr_U_#9aMIRpoex&RuT)CTV3!~sJZ;JE_HEw4Z;Mn{gxXFDh4W-k6Kqt8$#LHE5
zyHSw5F89+K|G-Mkf@uDRF)ttpdUJ;b_NnD_p+LM^Bp^AM#2aP>V(1_=NFFmNj3v2u
zz%aQk^jYLV5BYfwC_A#>5_rddcqyxbG8HAlwBi`5E=K{_y##Pov=ds7<NoS+2LEvd
zP~QLP!7`x2{}-U#wV~+udrMQ%OVb*(_gBZW^B<l!{XdxhmH+o56b7&ae%x;z&-wqS
z?N%B8A+{R-m!Qws|Iw+6RC_<w-p@z(ei(}Ee&6SSoz~=gE_i5D+=J17HANP#*I`8)
z5k<O`lq@VyWb5pFYM53HcVUWU3F=^xctMbKt9JW9J|`P^%%99A8k$}VWA~!2k0mnH
z6h*s|)lnw@WD3nXmx#iHoMlGkup#|R608#AFJ5s)tHnOI{wY0!|0gG%GXA&lNT9<1
z7og9;e*;zIYvKP0o=z)&8}KK#0TfAgZUTNM$}SA#C|fc_+m;9~5)|Ug`87ix$ts^2
zCSvf`#%TgxJ7~i9gf}iQENH4qtyh|E$&-!zW6%%0kdVtqZ!8qk>5=jQ`7*+*5ZU)@
z^GzOKZgx>bq>-Ub_1ZgAV!g*J$~pi=`Ex}!$C9{?G$aLjq7Wf}tCzeY7b2#rW$?m9
zF^?);)$*o^f&XoSRx)@%H1gdURo~E?{k#g<UNO!p+^IaM$^Lt1;mu#8b;edbXT_6Q
zNarRael~N%govtHs3~68aqFe9mIPUy4?%<%XQ0Sy<~XpvJRDwa)Wf99>!FR&J^zmK
zZl>%mbrmu(HXMh4he{mq;W#gR-*0%cWw@D!+rm$z(IPa%I_;xXKhvxYo~8Pbrx*oc
ziCO)|nb&E*|2Od6<70$y5=QQOKpF;<iy+N@<I<9gAeg)JV+xWuZnUP2-up-|P=QKm
zxL=+QV?kMHbzu-C<R7Hp1D}L~ZhY^|gNHbn{Tx#%?-oIS^q8!C68Ibal6S<$c$OtB
z>lOW`l{NakUbpv~d93E!JU-Dp(;R05xD&xUoer%|91A*0k1xquQ@7QptS?jt>4lo^
z6N;NAU=0Qs{Ro;uXD1yc%DauV^-tcueOs({w(wAsit|2I)&o)HGp&Gn&f2YG{Ohob
zL=DR6FL!c(u|B{$Mptexb$r_YZ@2rW^#0GuX}8^n0Qmo%-buCp^CGl!zX>hL+P}X{
zUE|(UC(9+>V`ZOqL+OdAo8UR{=iD--{OXM1#PLJt4xIZ%8~}1JJRhDDOu0{z@T}Q<
zcz8I@i{eRGbIFRtTOuCcC(Fg|cR4sNMOTwpgeL}nd`=1O9!LayC~{5|coKJBZw(wW
z!<y>0q=I86iGyo5uI;0Bta+Ev2m>0UK{I7&;`QzubSW9<nkie?gZ3U90;I#RjIces
zZ-dT{BxA5g@rTg+2FQK|ZBU4^`xXpkL%IUjf1izjr3Wa|2>xW4Bct6n;#`462dq{s
zThT^;Hr-T&_N1$mjW~Qh#}$eyrlGYOc4!3j1uR)u;!swkLG!&6HNnqqF5Ngrq+v<)
zlG~u3!{^!GV*IbuRJzn+JS={ssmk?04QjOsFO;NY8-nS=YC}>(huSU4*vf2vEPgUI
zhTE|zY(V_FC50>gp6?~c5Lc^Nf^H8Leq?Tc@yJ(o8v^cn6c0Gm5&;z50zJ`)3d*CA
zA%{}{F%{R(Jm`-I-(or~1jwtwlZ@%R*DF}q59N`q^VWD!Kl~MgqHKI9^xs)?6-N+u
zBDWZO_^UbQ4QVqosK!XrWF2A$g<`)X_MIDeVN;PnXZ1cVyd@L$SEnDQ#575`py~*J
zTBM0n$boEXHFXH?IA+i#Lt$)hJii&b(E{NK1#iX>bJnCEwA%bBe^>-FXHgDfzB($W
zX=#Q;E05ebf!2UpjWvcFwmFsnJ!qxzJtR!e&1(~-9n|ZnRQmxI5e9q+>M#Y>u&81P
znc9G&G|7a<7-+wCuNG_pWQ)>}pDNaWz=ySQ0fMsVI$fU2!bFdc&ZEGY&zv}6n;A!w
z)gti<;W@0m)gUn+{j<Y-j?vh36Qmf83w2R7BR4F>)@#V=ODeB}4*f8drqX7Eo`_<n
z8DCb%eyocDgFS}fHej%IPJrQ_(4j|^*u%gZ0Fi<=!8eEo-^Q@IKKvE^+V}&1Jm8w+
z!#@vyjUVI0U48%vn7eovl6uA;zO5PNxKK8}-!1|%vtWs@Awl-N^jFE7pa83{=gnSb
ziU!t0R!7WVU59N7a|3n}8xq8ctjZ>TZc3^Jk7DNG;tO5aZ4kYVNZ;^UM@;w&iCWlm
z-joHKSxA$`WD|2x2fKchIt536xlIGr6vn))+NNO0x|K2&6n>&lOvXY`B;K$A%4k5F
z=!#^q>R>8>C5Fjp14?Sj6n8us15v_Ewl$Vin-|l@h?<JVpGV(AyjJ-M$hww~W|4l>
zK|^eM*eFY89;q2tiu){T$b)64I79^jcjSsUM4O3<8`CUX)>B|eMk+vm_Ef!4wJYcY
zLuO_M3(L?VsLcZX#Ic#Ow#lj@s}k_CgmIP;jgbu%sW5`6AToFjta2P>&9BuiBuTdo
z%T5j1HS?HwF@1H)w5dNtqcewSQyKDD3;hh3F(XCVT=!rDZ5Xq>**JpC#iE^Lo73S?
z{&Da##!M~gM;rI#wW&3K=(lP$ywN+6f0A(Fkv-c5RaL1=MzM~aETB6k{V)Yr+0NfR
zNOMvDirPgdN^)aq8&H>oQl{-U`AaB^-N$;;67mLR!5^V-tSqD(GAOk^sCP)0{^55U
z{yLj~Xkt;1p@4QNi<#21IAfZP@YKwq97cwTgmL=#8s-bH*r1Dlg{&}m>j>r`gCa<#
z3Co?dL8t_pA_}|?>1M9>SDJCbL*rGE75+&wG@JDU4Qi^?!H+>>KM1E&yMF-~XQghU
z2?&?1Vkyq;bNM04rjCmV><=`2>qSU0C7WhzO)sW0&08-DifQS6hI|dMU0=Rz*iK>#
zgzfmX<G-D@cKx4!ZorQF@`*v5&`p*LTto8Y8U}Dmtld|ObM9QW5Gb>mv=!EdL*|Q5
zc=IAlMP+8s04xW1DTE+w;ue|+%BESwkS5xtw2RH^7@Ub6u=ylCbN{2$YSI1Qe&_VG
z-|2Sn{>Mr0wA%lD3EI5>k>B|+Ro-e&ocKR0H*)5#`<2&!Kl;_pk3aFv55$mq-jH-x
z{plU`=4L6npH7>(gy^CWf24aPPyBiW_vHN#j{brKx?}=}4odOIBsjbQLVt7uvYzwj
zvLaj8&}jhtuq-xs5xCyE-?h%pn(fxnziUv(?YxD-@3_JnsMyIcH`)0no_B&;gD%lN
zqz5kf5olb0JHVW;8B+&Xwcl_Y@N03Umr?(6hn^MX6emF#y7RqW1AXrPf3Mds{r*Fz
zb5i~O!;8?z?tk_QzCb}mzSs|FcPba)&+GyebYu^&0et0U%*}FNbt$rV88Qu{c<lC4
zW>&ezI<B#fevuz^_>F{@@P6m}|LtDqWb6Kah5s)`L!WW~|0h(D>h-S*{XdHS6h!s_
z`{{4<Sl2oQ`}9{cws2Wix1uO%Q|q&_{$sqeU+T!-3d=9EW*24gYH|K*84dgaQNELo
U4k`{R`ZLo10ClEqp#XRQ041<>6#xJL

diff --git a/shorewall4/policy b/shorewall4/policy
index 59142ff..2e5fe13 100644
--- a/shorewall4/policy
+++ b/shorewall4/policy
@@ -17,8 +17,8 @@ vpn             net             ACCEPT
 vpn             fw             ACCEPT
 fw              vpn             ACCEPT
 fw              net             ACCEPT
-net             all             DROP            info
+net             all             DROP
 vpn		vpn		DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT		info
+all		all		REJECT
 
diff --git a/shorewall6/policy b/shorewall6/policy
index 9a01ad9..8b37313 100644
--- a/shorewall6/policy
+++ b/shorewall6/policy
@@ -15,7 +15,7 @@
 
 vpn             all             ACCEPT
 fw              all             ACCEPT
-net             all             DROP            info
+net             all             DROP
 # THE FOLLOWING POLICY MUST BE LAST
-all             all             REJECT          info
+all             all             REJECT
 
diff --git a/tun0.glorytun b/tun0.glorytun
index abd7ab1..a7fd471 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -1,4 +1,5 @@
 PORT=65001
+HOST=0.0.0.0
 DEV=tun0
 SERVER=true
 MPTCP=true
diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp
index a89e1a8..670bbac 100644
--- a/tun0.glorytun-udp
+++ b/tun0.glorytun-udp
@@ -1,4 +1,6 @@
 BIND=0.0.0.0
 BIND_PORT=65001
+HOST=0.0.0.0
+PORT=5000
 DEV=tun0
 OPTIONS="chacha persist"
diff --git a/v2ray-server.json b/v2ray-server.json
index 5d2b544..1fae64e 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -1,6 +1,6 @@
 {
 	"log": {
-		"loglevel": "debug",
+		"loglevel": "warning",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {

From 379b30a65e4659978873293fa8becdee10733777 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 14:16:24 +0000
Subject: [PATCH 026/164] Add omr-admin-ipv6

---
 omr-admin-ipv6.service.in | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 omr-admin-ipv6.service.in

diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in
new file mode 100644
index 0000000..9af8b55
--- /dev/null
+++ b/omr-admin-ipv6.service.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=OMR-Admin IPv6
+After=network.target network-online.target
+
+[Service]
+Type=simple
+Restart=always
+ExecStart=/usr/local/bin/omr-admin.py --host="::"
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
+
+[Install]
+WantedBy=multi-user.target

From 637e2ee08ae9a1f8359bf037747480f823bb5122 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 14:18:14 +0000
Subject: [PATCH 027/164] Add symbolic link for ubuntu

---
 ubuntu19.04-x86_64.sh | 1 +
 ubuntu20.04-x86_64.sh | 1 +
 2 files changed, 2 insertions(+)
 create mode 120000 ubuntu19.04-x86_64.sh
 create mode 120000 ubuntu20.04-x86_64.sh

diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/ubuntu19.04-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file
diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/ubuntu20.04-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file

From 91116306a13ef67223b5940b03ddae1e577eb5c6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 16:41:52 +0100
Subject: [PATCH 028/164] Add initial Debian packages files

---
 debian/changelog |  5 +++++
 debian/compat    |  1 +
 debian/control   | 14 ++++++++++++++
 debian/install   |  3 +++
 debian/postinst  | 15 +++++++++++++++
 debian/rules     | 13 +++++++++++++
 6 files changed, 51 insertions(+)
 create mode 100644 debian/changelog
 create mode 100644 debian/compat
 create mode 100644 debian/control
 create mode 100644 debian/install
 create mode 100644 debian/postinst
 create mode 100755 debian/rules

diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..1e55a02
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+omr-server (0.1025) unstable; urgency=medium
+
+    * Wireguard support and fixed
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Thu, 04 Mar 2021 14:36:12 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..9a03714
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
\ No newline at end of file
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..5f0b05c
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,14 @@
+Source: omr-server
+Section: net
+Priority: optional
+Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
+Build-Depends: debhelper (>= 10)
+X-Python-Version: >= 3.2
+Standards-Version: 0.0.1
+Homepage: https://github.com/ysurac/openmptcprouter-vps
+
+Package: omr-server
+Architecture: all
+Multi-Arch: foreign
+Depends: ${misc:Depends}
+Description: OpenMPTCProuter Server script
\ No newline at end of file
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..2595ec1
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,3 @@
+* usr/share/omr-server
+shorewall4/* usr/share/omr-server/shorewall4
+shorewall6/* usr/share/omr-server/shorewall6
diff --git a/debian/postinst b/debian/postinst
new file mode 100644
index 0000000..9631851
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,15 @@
+#!/bin/sh -e
+
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
+
+# use debconf
+. /usr/share/debconf/confmodule
+
+cd /usr/share/omr-server
+LOCALFILES=no SOURCES=no sh build.sh
+
+db_stop
+
+#DEBHELPER#
+exit 0
+# vim:set ai et sts=2 sw=2 tw=0:
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..a45cfea
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,13 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE = 1
+
+# Security Hardening
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+%:
+	dh $@
+
+override_dh_auto_install:
+	mkdir -p /usr/share/omr-server/shorewall4
+	mkdir -p /usr/share/omr-server/shorewall6
+

From 377ad59134538cd0d66afbbb624ae53bd5c95891 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Mar 2021 16:38:04 +0000
Subject: [PATCH 029/164] Fix debian package

---
 debian/install | 3 ---
 debian/rules   | 7 +++++--
 2 files changed, 5 insertions(+), 5 deletions(-)
 delete mode 100644 debian/install

diff --git a/debian/install b/debian/install
deleted file mode 100644
index 2595ec1..0000000
--- a/debian/install
+++ /dev/null
@@ -1,3 +0,0 @@
-* usr/share/omr-server
-shorewall4/* usr/share/omr-server/shorewall4
-shorewall6/* usr/share/omr-server/shorewall6
diff --git a/debian/rules b/debian/rules
index a45cfea..10d24ab 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 	dh $@
 
 override_dh_auto_install:
-	mkdir -p /usr/share/omr-server/shorewall4
-	mkdir -p /usr/share/omr-server/shorewall6
+	mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
+	find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
+	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
 

From 795c693d13cfc996169fc89e9890857a3cf95838 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 5 Mar 2021 09:09:48 +0000
Subject: [PATCH 030/164] Add wireguard interface in firewall

---
 openmptcprouter-shorewall.tar.gz | Bin 4080 -> 4106 bytes
 shorewall4/interfaces            |   1 +
 shorewall4/stoppedrules          |   2 ++
 3 files changed, 3 insertions(+)

diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index b7120120fce994d29ba0944d3beb4d99a80aeecf..f45840887cfcf10e3701975cb3de7fd86e8e40d0 100644
GIT binary patch
literal 4106
zcmV+l5cTgLiwFQQl0RSo1MNIvbE8PE^A-P!u4LZrOuaa^iS2B1<+qOjwz*(n0VkWS
zS49z<B-GmA2Y9l1Tl3#f>IRIlGoHJ#Gk5z?W(=s+Qmb1nsi9#K20;?Jli%JQ4w?Yn
zcAFjn%E#6@oVU)-TW!AG?4F&!YqnbLZucE&9<WV0EaSwD2zeKUVe%!qUFH9#a9lek
z)>9aH&+cqS>UGlal1U@ZFpWuOA2p=xhY|6EhcKGEi5~{Uy$_cO@qohjVkjZWlOK}@
zf99Q#<YnQJqq!T9oLfETb_DEx>g(o6u*q5N_)Va8EQq$EYaGW}`q&g@j+11|<~YOD
zZJm=0-GmE^9>$hza@MV4i^E#&C;x%G7sj?elvP7EE%KMY5XTX1#}>?iY%>DK5k`V0
z2@WHwiT34_H(Pkor3-y9buSH_t8@5oIbCqAX7k5p?I$mo`VU$CzHMw)en=Lpn#p9r
z@vTy|;TeCnS<e)#lEm}YMWOuX(~Gm#I_K6oUv83OikqzcXtG|h+wGp0Dr&NQrRbKU
zS)26(FS+-_xE{o%7M_*47{<0PSuDzZ0xdr)RkZ|7-mDtCfmdpKr`s)8RkjF?{l$7~
zJI!vnw=8Y6t!6MURc&?4V`y(3`($nKv1a#TRgoRPb^iN7;zbYc#EbXgO}4`h|IfGh
z?z>hS;y|}^e%5TG|L>mhmH&SWSoi;*yeLM$-ac)TI<egOV&)MgHxbeY&rZPoljJ$9
z=cYrztv~pW%ZLVrQ{X6ui<iiMd`id%@gw13`0ISL)h72Z5FxyRK-+WYG_u$jIA;ER
z<VG(9V@TwABn}^vXE*ZxN?yVxnLsFsyr~~Uw7Fj<9`O?bp0yE1P=6l6Y<NM`GMIW1
z6$8zi$0U597XxifR4<O9Y~Tf6<j#n(yr20KsI2-EFNi(j#$<uG_{p1QZS7-2th6Bz
z0D(PK^RLA7p&Vsry~dxmGHEHt69Rqp!A-FJ5eXMq@gp?)h0I)NT~_myc7X+gur7vA
zV#<Ovl24Q06WZSo%Ls*$sh7C^EQSj8y}}-1`^u9X?K`07sRF-u&d0y%noI~$G+Q?N
zf{5n`x`C;JRfAx~y@zP#C|Jl%pC*eFh#L<x_c1<+pocu@5m5Xj2;=!OdWcVA80v{f
zi+au4r$xX$CiP?){3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf{3WK3kyl^BWO=Pg
z;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#PTfnaMAF~e{pM*H}
z9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wsGgwkczNZ`()?!EU2VdWXZ
zC@>|<1?0RC<RK2vyd<HKH3<pEdvG#K2+9~8=a3nM^Fjl_NlgijJpr`$g|ef;%3ITH
z5rvPrCi3qzv$@0zjyd<9mpnDot1D5k>|X1vdCGSnrZ@4}Nz2l>&|7!?(Zi&5(fYB-
zoO~$t<SITw7BdN>=|?8N5MelWLglm5EDW&}$%C5la+ZLSpwc}{7h>p3%v^kyc`)AO
z$%PEY^PqbpA38J0MWLP?S5l69Rh>PDTSXJqu_O~_R;SRQG75sr_ns5~pI|i*hm*0x
z|3d`mmhb;{I%k#te+$S{Tj~J6cWWwmYj_K<yL0}ZZ_fYo>i++mz>Q%!f+U%}7EJ``
z|5i;OnHyNXhP2FAuoZ2yTIc=S!y=sdlb6HF*!ldg+obn@dH$U5c6prt&1Sor|8D_b
zasSt#CQ{w|t?vE4dheHck^SHIJ!TJTNe1}5mK4CyRYkm8U90+lsPc`hX4lF{u`jR2
zre)Xgwq>y{fi=(CwIGVJVQ-K<Ja3~aVM)2xD`c<8ETeIH6hSg|gWh)K=nuVwc{7wr
zUsqNAR?!AoUyR1kMOQLW1<)Dza2)+H<-f@ybV7OlN6XnEAN^6-;s4w1c6t8?kXO(D
z-UPnF|C?wc-|GHP;OxAL0e|8cKt0LcL%?@}Y_Cx6flGmCGZNt*q5{55ubaw1(S$58
z5mT_`Vtw3j)PUniFt71i)HRJpue97&Mr-s#un*jdl(&!WRVtR#%_PU<p99<kl^s7=
zA9H+J?P3!V2BtnXYCl;r>pekLR~JxKxKb5sC`&7(DXY*E1%#sA2&z&*j5XU7#OorB
zCg0X_)ub@^A;E|lKBG4Zya_emg+KXixnNHVa8}{1=Hr?Yd~#?0^aDmv)M{7YO(qLE
zHyH?%iML3Iq*(<?@k+*npSraq%w#@?5pJD>Dj!&^XMOp;f4e4!wJw)Kl`;I_k@9Y&
z>~0JVh!9=mRn9zs^#)B@9MpMT+zwTC@y=9{qHs}SdUWqjk7%F&Ul@3&r|7=PBJw_g
zmtih)7N+F)9<4bG!>Kntr4Et`&IWFC=(g#-jRqftqyt$n7b<iSMhW>Z((OQ2Lfvls
z<W9rqIGp?z)3!d&!ssPg1|$sDdI^{^scYR(7G1V1dZfbY-A?DM^AGb_PB(dcK|RYF
zX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17)1MW1brHo97?h&+@PD45vltl}f
zcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg01?!a67pUkSy_D*E=Vyn8Jbs^I
zCU+PaU(Wwqe5>2R{J-5f?{r!`=Kp-VQ$7EG6WDv+gi&Rc-`}LEac9fcf_2klHMb|B
z^f9-W;68w_$V4f-BgSv!1`GEQGW%H^g43S)0h}k~DM=QWjmGoy^XaM@c!I{9(Z{96
zojxV=+5Ycta9rwBEn*XanD9F$23*Soawl>{R5+9NF1H4Wm}!p<N7f)AlcnCB7uOD<
z9aHZHlrTXV9n@4n#k>70bR(Nrx~156z19I00We@#2B^>ebufg1Z1xV={66%)32nax
z9aN(3UxU74%D0g6A5sZea)2QX;7@@$GT6ToS1K$vV3lG!sy=Y&%|y^AU6rii@car_
zCYqF9!Q#zU1kLJcAw#U}lBWph99X+B>b|1Ny~ZauYCzK4n0s-Ij)xV|-LAc(+>c)V
zM~wfDXsIm>bWOd>gwQ1zup9|usoCgAYqfNRwbpdg0O_`DZV+3q;YVY$zllx#2;f(m
z6n6ys$tj>}HCr^CzA6l?4Ho(8ZmoU$9@S$GtwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=
zf}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|lhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bD
zn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!FDT+aVEZL?8C|*+w1jEs#F;F0vT21Ri
zW{w1`F^%}%4=x+@hf2uL@{?IOacAXAq=V)evZ?km^2Wl8W@wL=t(!6x9(i#B%77&e
zb>=%9Ybb*Uq4e<+6pXK|I}2OeJ32x`I*fCXV37M@0%I@-n;L_dnF<(3gN!J~#29t}
zQ=n@hN0R%(Shafrtc?q9C_^7zMWH*LxN*W3!6&2TEb$B1Q&@0oVPd_&S|*=N6r0}l
zD57z7E@@WeEehD98glw-iAP{9Kab_Hyx#OJDE9Q>A7Ff#0Aj*e4q-G+7)yf_VKhf{
zWO3pjU|db`dZIqU*8+P##IS6B{|6?m@n<-}<;3Uze*Z`O5+~mLGfeQQhZ|jK+WYy3
znrRISb>pYaDu9`Ub9}cD$PdzArG$a{Ok*`I4l)sR2ndQcU@7V9+M!;o$9AYffh0MK
z;Xp_hESZH{L|L$+FCj;YrdYz2C2KaEN?EdtZ*yYz0(yl=U+-KYM#8mB`CJK>B04NK
zGS2z@>>WWwKS}e0lRTWE35!EP(Hu)O!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4Ku
zAPU0-b--Qf>KJc(GBQa<BF7%e8s4qQkT#uPsJ~+1O$;VMLfusva5r6s07nX0COg$I
zSr9OJk?u5M1RAciqHN_~46r|kK3P;`D@W?4odykt>I;wwP$xz?L;7+nn3BWv!#mm_
zBI{fTK?4n({aCx!^jqjQQ(*xLYbwwMAj$^Q$6+6{&Nx;yRncVNWQ)U$662TyVl=Rh
zv>9L#sc5tyJ*d^LW!Z2{+p$+7j#1_GT}#WMi4?7zrBCaImSb&|rdZkldUJi*G!meH
zB=)#~i9n4V82P*(&<<D$SmW5x42d;`b)sX9`+en?-fu_%?opxJ&nfxXmVa^Z*1tZs
zd)+34=P`sx6Ru>(?2EWbn-bzS@saYY+-t7Rox*I=XdXy?Fl#90fb!2{NZ6hH&8L)#
zCUrD2yHS#d>&$mE;Y{_ch@wzwE5qAp_{E9Hn#?8;BeH}WXkwlOArVE<fo0dWn0K}1
z<D*E1`UOVL&Ik-sfoW>=j(BoL|M1v?KYslWa|fK6P(i;@q-+{9oH@>#Ft!Ssrn3NX
z#_$e2fS@`sPYR@9S}O!g_Q6bL%YwCB+8Jn~U>~AjK)IDq<6GUl7NA!&iB<kpHg$*f
zA-&W!na7`A{V=}Wpb5=2cy~L^c`fkm*%F<4_(QI(z%d!PFv9+zyBYEoR<R`W0;_pg
zEX}qwWDA^PS-P)cwb0oV$d)u)@UPZbtztIIR_mDU3hcQrw+!Nl-a)#?1+qZyU;xL&
z-oIF!b61Luemt8=8`pZj&lVXY!Me^$(U{qJwQclY2x7=M4=rQY`~OXL|G&8Zr`@Uc
zf4>Qo-v7(?{9q>C7`gHPF1^T|dfqo~|LImcfBwWff6#{<<%*=wR(3sCp|$996{_YO
z(8WglEA1oN^5GzE>;4~(eme*=SdqhAuJ{=t4tD_2?+pRzm2jn~ihT#21~KyIv1|$w
za82K~Xr4A3t?tSH)Id(FdjYuiI_@0ot;<k+in>75k0}{f_+$Z&3QT79oE)E<!#n`v
zqn%El(B+TP<JvJ&et4g~6Y`Pcny2)y(FB(H>mOD8{_{Ybgo}kYJ?J*zUGe{nKWE?n
zId8R^d<UQZ^VRo%-UeRV|Jy0#0tFNKr}KaoU!?$l<`ke{BL{d5<Qq5RuGjmfO|iwz
zu<7;24!ZPvKlycigQ8yIoYvUJDf=|g*K^8hY|v((5!%g#QErfBpA6c~fKhIcu}>B4
zuD-ST^jk)|>jK&4Yc3VM0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}neP<L9idMf8
zH0f56?EDo2eQd9gwZbRTIQe(>F`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z
z-<!Z!y#Mzrnn?Bfca{CWn*CEJa)7iy{WfP7jM9&xkuoUS1}Y0tU!Ci}#yk4}TlOM%
z{whoMnvB2r)Xv`-rx#W7SwRIAR8T<$6;x0`1r=0KK?N05P(cM1R8T<$6?|9tJ1<=#
I_5gSQ0DDv#?EnA(

literal 4080
zcmV<M4-fDkiwFQzb}3*01MM8`a-+y`|DvauvYp&+#rm`)pPf=J7?4DafCFTouTn)}
z3ER|3pa5E*bG7fD?ioM`$*WCP@+KGBy8?Q8x~FG)x_e+?68L@`I+I`C9S#}*-FBNE
z0gA`wIh;4o&YSI4yU{&6f7fU>+uiOv(l}t7GFV2j6B6<+41)M`bi2y`N8z|~Ow6Ys
zbf2Bsj8v<n?#7dPlw#_W)IKUm*$+bE`42%jcVaK_iE|$;W8wmZ=SEOM;wLX658li@
zCGpF`B}a3|CmFYD#_b5${m|Ep5pR*R%JG{(<(L;NSyMTVGqtfHNE|0hrp0l(p;;Oy
z>Y4!;COwQz$>7Xe*%F48$`9THIpN2aHk1@yGEDNvKN8y(EZgFZfn+fP+vZ2SD)KfX
zstDHQlRI0u;iUt8Fm*0<jjM9_Z#i9X%|_$<M&$?BpL!2z{l2AdR(^;VtD5m-!L^!&
zYQwYE*=9Y1HwzNan-{tAA8Qw9&2`Sr^H#A*vLS4;_QJ_}#csEIUZ|)_)|IT8wrXzH
z_ucs33!<tY6<T;!<f7}_x@55^_6fB7tWeeDRcW(o<oIr(?VWD7SXJI4H1Zbft?e|r
z#ojX2(YBiYyim2-EsmkJb?oD{!N;22i&aH-{Mz~N`LP>5I1@M8hd0>{JN$pEaejvW
z|GaT_)@?VM=>NNCjne<W1+4r3k8T*DUvJkMq)JR@zL>d0&P;^#!Lt)^|0I46s+s8!
zaO)4=<1(Z{p#~g<VDS=qk54gqFMJ>^82)Oj(QK3Z7l;sUPN3yFa~fGJ3>-7>K6Jtt
zf-xj?T@nQk@v{@Ue<m-%l1w0!gznUfAllq7W0!a_0nb_wLa09vU^cuUYUxkikcxrk
z%_9;#(2IdOCW;$HP&ROVH*{u1U*6BW2~<|RiR(u$aU!xnT=e8l)3)}pA!gDL2!Ozz
zs`+Q)dQgtC(_U-UnyIve<0*l@dhf*8{*VL<toQ*M{X%9Av@We#qg`NvAgqhwlNb^&
zj-*=rYfSt5VHu(@GIe9en?+Eex>wjkY+rejqkRYTELCXjo%8X}nko@OWYv<4J}=-o
zf~I4tU{)YlaVHSXY#9r=>C<F!3UT9M<~&BHA@q<7JpziK`av{bh7Zwc1VcS>X;H6H
z`MB`8$G93V{XcPBMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBUGvYP5!91+q2M}lc
z$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^<M*$finKT1?*b?G5etLiH{=h(WlYtqZ4}0
z{S4wl{KTRg@m+|S5TaZb%;XrOc(i<cbfXwbC|z2O_|6>a-n)+wR-Pe@0#mYFK+X$6
z9^&xKjbj>F<A7ki2miB#pp4OR4w*qP&ou!2*ObuM<3oF2C_5Ug+%?S>Vept~BK=A;
zn@halm~-#B@lzwYx)ONP>NU?AwN?jWdIOK0q%4UGy>-_gK1`Yy&F}Nf$@@Z2uHqwP
zF_R#ieqi!*5r$(YR6aXR!w^f6T&Ni>XE7)VD&4bmA%ecd%*A7w2jfki9LQi?7rHm}
zpfmkU6za)w1?9L`)!B2nl~q9*ixOdGRf7f<Q4n{&^_=*Bg4IAAPR0)Z4-ueSy#Lqf
zoR$9nEg(y6sRR7httsKH;Vr!G&iQ}7Isebg`~PnOH@a!_qG<G*G!dZxn-y(jY+zdz
zq-DN>t!NwN67YW>7QxJ$yc|}>&gXyK#=B-4*MaA)ZnuT=ztL!y^Zza23-15w)I`dA
zzvaE(SMU8YFS7spzQ^oAElB~N*ODCQnj#B#t7}CY5JkF?l=NC2$=2o7*f6aM-qFn0
zC9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ9Q~n}FmHwu>1&Fj-OB19
z?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w<fA_dJN$pU-7fC`0P<Gp|K9?>!2cU)
zB46wNPvPvmi~+yn7(hMA-b27Qf^@G?=79@=XfqPw9-<t+NUs_4KvwxQFcE{dq<nqc
za8!rmh&QhBTF_LLMz5sYl1FRwL$D9rij=jF?p4Z{)6FEu<Ua%41eG4&n;$ZKQSE#a
z5e9}f)+;}l66-x)QC1gFmA_JCb0~=`q#-HL6FG#e-tdZ?LyT3+;DzfvjVj$%GS$Su
z|1QRe89bvm^4$qF--S2%Ww~Ha3vgE9t>)v3?0<A--t;|2P}FKy;Eg8>IyV{clZm^C
ziKv=6NzqEigO|9qI7nqa2O(~qgDUS?tY>|B(!X7k!&;Zgp~~o<|44b)6LvSc3Pgy`
z^D1T@z<PtGC=TkpE^db^yLhLnh+(iOFg?0=rbo2T{~7pht%mNKEJF7qcp2s*XF)=K
z@6wvHAeg$-8g-CVa5`|CL$^)uZ8Z2GBpJw@xlo~tAdJahNVfx733a>ClQRvTqhRt&
zMBDl}3&NLp>65@;>m^{yq^@;CQFPI==#dJmb~~N3&cDrLIo;&(8TCwam=5P&8s2KP
zs5o&b=-6ElA*W<ztDDAz69H%+o~P*`aloA>wUm(o(LIC~(`iTtgR*EM({B6X;v&y|
zGV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte(Mzblb$)he$l`YmGr7aa_<a7~
zY&E+b%>Ub+^G>JP!u-G0?v&5}-vsuaH(^v+<@Yy9YTVhfwP4-!Sk3K8D1FTB#<&mQ
z3o=p4?uhXlIsU?Vgv@>x1>m%2o)70Sd5Yu3Wxf9V{9IdA15Z$&Gy15|xY|=ZpY8wd
z2FE2n)g%_-i2=W3qQkXBAa^2HM1eDL?{X`Uh#A&cw<Q%4GD+;+xl!d1+A;NRKnVks
z(LhZZRJ_~2LN}6erJ1sI*J~b75da;AWq|tZUk9BZNJj5~&F@3+8_@P!&_N-}{x#^!
zhI9)l{~?utB?lPN0RCi{BZK`baizdw16C=Pt!M+A-b@62l2yqX4$rS}Wul776)fH?
znODu88ZgAlE?X1<odatZM%|YcsaOB#gmp-I>vK1X(DAS$y4$sPl=;!iKScQNh?ZLX
zKvR{wR0v&y0m~6D6q=2Wv{Fe{SZhr;bdYXI#s;zZ8h$i3`kUCqj{tt9Nq$GL7uNt)
zsaS$;_Z5C%Zm`H!cWdq2_oyCoXf*;Dz6Exp5fzL{BYh611o~K9NAqA$A{@nJng~Fv
z!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39FdFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r
z^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>eP`IWR2!^AHW1v7Tm5SPj%p3_=W9rep
z=U>+850#LeWhb*>;>?PdNC(Z+B}3_@<n@Ic&d?rBOEV-YJanTNlmSZ`YRq@o=1>9;
zLg}L?C>URvcP6&BcXWh?bQtF%!XWp-1jb+v7BvPTH5D+9IvG)nfidg=ra;$1wkY-a
zv10XnSR3cuP>Mdf3Ik_4aiW+lf=@@wS?uMmr?B8wgV=n5wM;gdC^ot4kw@d|TvW}_
zUF5Jw73B2A5|6-IejH0<X}#%NQ0(c$zrpx00mOi@9KvWCFqS$ez-W%>$l}C5z_=RV
z^#pB%uLbtLi(uJ&@*5_t(I+^;<;17Ip8OWQM6o;n1QUGf;zn1R_I~=VVwl5R-RNnv
z3ScI|9N#Sj@`LnOAz`3CQ(sMsgG>Ys0)ng#SW3FOwy78Eu^p;VAd0rE+Ypj@Q)1y3
zQ6{YD3&@eI$|iqhN~#5?Vw&vY+nm_FfL<Yz*E?5;5q~XFK3BXc3pR_5jB_?Wdq)t_
zPm}!MGz({F!orZ3RofH{aKZ^!LE%UG$YeYOMdA$`TpBCVM!F(dOd!k@h{7;IZE%;G
zGRE7Uj7*e}$hL-(igzngq($c!>M!ef6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5<KA
zfrcxsC|l_#9qiAhPZnj#%#fO4B|(Fs`aEO;)QM5fkiOjVhG;YW@QyZ!NIMro&_D%e
zKUS|*?H0PtkXeAjnlf|&h_b-+aoESKGmd3dkyQyeS;8=-#5iVy7!|A|X$DwCA{s47
z^DC8WNz!e@vaOYfV^leL*V43UB1J2w>C?KQWmrq0DV92b-dtZcjd<uEkv%S8B2Z%+
zMn3BYv;$TG);QKxU1UvRooJimeqa8n_X`q$dz9(+b4ot8q@QfO^{<VsUbg|^c?==a
zfGf#1`T}m!ri8dnd?f!Y^%|>lJ2#tDng>!J%o>V0p!DMy5_UU#^C_XCNga*MP8et5
zI`!R5I8!|>q9|0_Oz{>PetsgdCbJ2|h)n(lnwTX)NJLR|VA-`LWL<4~_$ZR0eu9y+
zQUcwOVVdf_qZT=%e|T)dUu*pja|fK6P(izq#dI1ooH0(DFgA0VCbIx>`tS}s0I%3E
zPjaMSS}O!g_Q6ag(}cBL(iv!?U>^dnL%Eqv<6F(R=Al<qkyZX#GBlg@A-&X8sf9ni
z>S27lP7|7I@a|TU^P1q>(<M6f@P}Mmfn(BfVTAobcQa%wtb9r81y=JgUz%=dNEbNy
zvSeSyYN4|!kS%Gp;9sq=TE%RZt=2Ky71(oMZW+W8y@Pa(3uK<$!2phlwSTcV=dNT6
z{dhW)Hm<dPpDi**ym_6LqA|1ca@**C5k!!29$LoE_y5`b|NQ=+cBkC`{U%U&|1aJ1
zgPC-F<V62ix}h_5-LKsK(=B)Y{Em12pbt696iJ?~?0T+3YtiQ_RLwb{^Nsj#+DEkI
z!$I8E{XZQ2b`WN;0*AR={xd=x?f|0S8v@cR{z_J4>kc{%V&sow$>2rcn!Ih%s5R=%
z?&;qvAg9^A09<<=cMkT}WvEtyx<J(T2^p9BWC4x}OlJ0+9G{!RJOJaPolc+7WslOM
z$}v*DKS|#S`M`0F8vUy`fMxdjM;X6=KM=*iV&P5?x(#?&{BNBV-~VsHSsDM|0$$ty
z+sWkuITQJh^MGcnOaXq+DL~Ff4)7YtS8m2#ulH4(V)L6}lk1HgbjkOAvg_&wMYX^=
zsj-by`e~pq=akmipiMs`w3`c~+#pN8CbXLYqud~4pDNm2oi@KrGu{B=$>F~Mxa<Az
zX1DnMPpjGKl=1&9;JEnVGX~b3o<qoL^@>-;TUoTSR}8eVwL(^MpGf1RU)jfaDytO(
z$H~bTdcL*3C9DH(#Q(<c|1~?C-~Z~i%lm(C0$=d{-_K|w<?G*N_Wx@3Po2mC(*ESz
zoM|vhK88k$AgddwG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN<plzD3jC6rJ?2_=+J
iLJ1|5P(leMlu$wmC6rJ?2_=;9P2pc@jbV`hcmMz?84VQx

diff --git a/shorewall4/interfaces b/shorewall4/interfaces
index 715e62b..fa28d7d 100644
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@@ -19,6 +19,7 @@ vpn	gt-tun+		nosmurfs,tcpflags
 vpn	gt-udp-tun+	nosmurfs,tcpflags
 vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
+vpn	wg+		nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
 vpn	omr-bonding	nosmurfs,tcpflags
diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules
index aa5bfd5..203a000 100644
--- a/shorewall4/stoppedrules
+++ b/shorewall4/stoppedrules
@@ -23,4 +23,6 @@ ACCEPT          dsvpn+		-
 ACCEPT          -               dsvpn+
 ACCEPT          tun+		-
 ACCEPT          -               tun+
+ACCEPT          wg+		-
+ACCEPT          -               wg+
 

From 3cd9952c6978b977ef234a03c7b66c3d0b5658e4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 5 Mar 2021 09:10:30 +0000
Subject: [PATCH 031/164] Force use of version for binaries, enable wireguard
 by default

---
 debian9-x86_64.sh | 79 +++++++++++++++++++++++++++--------------------
 1 file changed, 45 insertions(+), 34 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 84ef712..231325a 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -27,6 +27,7 @@ UBOND=${UBOND:-no}
 UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
+WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-yes}
 NOINTERNET=${NOINTERNET:-no}
 SPEEDTEST=${SPEEDTEST:-no}
@@ -36,20 +37,28 @@ KERNEL_VERSION="5.4.100"
 KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
+GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
+GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
+MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
-OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3"
+OBFS_BINARY_VERSION="0.0.5-1"
+OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099"
+OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
+DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.34.0"
 V2RAY_PLUGIN_VERSION="v1.4.3"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203"
+SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
+REPO="repo.openmptcprouter.com"
 
 OMR_VERSION="0.1025-test"
 
@@ -78,7 +87,7 @@ elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" !=
 	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)"
 	exit 1
 fi
 
@@ -158,17 +167,14 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 fi
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
+echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
 Package: *
-Pin: origin repo.openmptcprouter.com
+Pin: origin ${REPO}
 Pin-Priority: 1001
 EOF
-wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
-
-# Add buster-backports repo
-echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list
+wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add -
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then
@@ -176,6 +182,8 @@ if [ "$ID" = "debian" ]; then
 		#echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list
 		echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
 	fi
+	# Add buster-backports repo
+	echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
 elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
@@ -302,7 +310,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -rf /tmp/shadowsocks-libev
 else
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev
+	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
 # Load OLIA Congestion module at boot time
@@ -421,27 +429,28 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 			cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
 			cd /etc/openmptcprouter-vps-admin
-			sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		fi
-		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
-		sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		[ "$NOINTERNET" = "yes" ] && {
-			sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
-		}
-		chmod u+x /usr/local/bin/omr-admin.py
-		#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
-		[ "$(ip -6 a)" != "" ] && {
-			systemctl enable omr-admin-ipv6.service
-		}
-		systemctl enable omr-admin.service
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
 	else
-		apt-get -y install omr-vps-admin
-		OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
-		OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
+		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
+		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
-
+	if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
+		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
+	fi
+	sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	[ "$NOINTERNET" = "yes" ] && {
+		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	}
+	chmod u+x /usr/local/bin/omr-admin.py
+	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
+	[ "$(ip -6 a)" != "" ] && {
+		systemctl enable omr-admin-ipv6.service
+	}
+	systemctl enable omr-admin.service
 fi
 
 # Get shadowsocks optimization
@@ -531,7 +540,7 @@ if [ "$OBFS" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/simple-obfs
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
 	fi
 	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
 fi
@@ -626,7 +635,7 @@ if [ "$MLVPN" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/mlvpn
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
@@ -718,7 +727,7 @@ if [ "$WIREGUARD" = "yes" ]; then
 	echo "Install WireGuard"
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-	apt-get --no-install-recommends -y wireguard-tools
+	apt-get -y install wireguard-tools --no-install-recommends
 	if [ ! -f /etc/wireguard/wg0.conf ]; then
 		cd /etc/wireguard
 		umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key
@@ -895,9 +904,11 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-udp
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
 	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 fi
+[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
+
 
 # Add chrony for time sync
 apt-get install -y chrony
@@ -939,7 +950,7 @@ if [ "$DSVPN" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/dsvpn
 	else
-		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn
+		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 fi
@@ -987,9 +998,9 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-0.0.35
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
 fi
-
+[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
 
 
 # Load tun module at boot time

From 8319728f56c1e43856b811229d955d13ff0fddfa Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 08:12:51 +0000
Subject: [PATCH 032/164] Fix script

---
 debian9-x86_64.sh | 44 ++++++++++++++++++++++++++++----------------
 1 file changed, 28 insertions(+), 16 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 231325a..b987c45 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -41,7 +41,7 @@ GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
-MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209"
+MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
@@ -167,7 +167,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 fi
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list
+echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
 Package: *
@@ -431,8 +431,19 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			cd /etc/openmptcprouter-vps-admin
 		fi
 		rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}
+		chmod u+x /usr/local/bin/omr-admin.py
 	else
+		if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
+			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
+			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
+			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
+			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
+			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
+		fi
 		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
+			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
+		fi
 		#OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
@@ -445,7 +456,6 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	[ "$NOINTERNET" = "yes" ] && {
 		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
-	chmod u+x /usr/local/bin/omr-admin.py
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
 	[ "$(ip -6 a)" != "" ] && {
 		systemctl enable omr-admin-ipv6.service
@@ -634,23 +644,25 @@ if [ "$MLVPN" = "yes" ]; then
 		make install
 		cd /tmp
 		rm -rf /tmp/mlvpn
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
+			wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
+		else
+			cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
+			cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
+		fi
+		if [ "$mlvpnupdate" = "0" ]; then
+			if [ "$LOCALFILES" = "no" ]; then
+				wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
+			else
+				cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
+			fi
+		fi
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION}
-	fi
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network
-		wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in
-	else
-		cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network
-		cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service
+		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	mkdir -p /etc/mlvpn
 	if [ "$mlvpnupdate" = "0" ]; then
-		if [ "$LOCALFILES" = "no" ]; then
-			wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf
-		else
-			cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf
-		fi
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 	fi
 	chmod 0600 /etc/mlvpn/mlvpn0.conf

From ea0993c781bb813d775d5d5dc044c8b158a993f9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 14:02:06 +0000
Subject: [PATCH 033/164] Add version and depends in Debian package

---
 debian/control | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 5f0b05c..b95f591 100644
--- a/debian/control
+++ b/debian/control
@@ -10,5 +10,25 @@ Homepage: https://github.com/ysurac/openmptcprouter-vps
 Package: omr-server
 Architecture: all
 Multi-Arch: foreign
-Depends: ${misc:Depends}
+Depends:
+ curl,
+ rename,
+ libcurl4,
+ unzip,
+ tracebox,
+ omr-iperf3,
+ omr-shadowsocks-libev (= 3.3.5-1),
+ omr-vps-admin (= 0.3+20210304),
+ omr-simple-obfs,
+ mlvpn (= 3.0.0+20201216.git.2263bab),
+ omr-glorytun (= 0.3.4-4),
+ omr-glorytun-tcp (= 0.0.35-3),
+ omr-dsvpn (= 0.1.4-2),
+ shorewall,
+ shorewall6,
+ iptables,
+ ${misc:Depends}
+Provides: omr-server
+Conflicts: omr-server
+Replaces: omr-server
 Description: OpenMPTCProuter Server script
\ No newline at end of file

From aacad49aa4c5619744add3b5b6777daba4fc5b9f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 14:53:06 +0000
Subject: [PATCH 034/164] Update API and fix debian mlvpn depend

---
 debian/control    | 2 +-
 debian9-x86_64.sh | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian/control b/debian/control
index b95f591..fccd12e 100644
--- a/debian/control
+++ b/debian/control
@@ -20,7 +20,7 @@ Depends:
  omr-shadowsocks-libev (= 3.3.5-1),
  omr-vps-admin (= 0.3+20210304),
  omr-simple-obfs,
- mlvpn (= 3.0.0+20201216.git.2263bab),
+ omr-mlvpn (= 3.0.0+20201216.git.2263bab),
  omr-glorytun (= 0.3.4-4),
  omr-glorytun-tcp (= 0.0.35-3),
  omr-dsvpn (= 0.1.4-2),
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b987c45..c052fbf 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -45,7 +45,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099"
+OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
 OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -174,7 +174,7 @@ Package: *
 Pin: origin ${REPO}
 Pin-Priority: 1001
 EOF
-wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add -
+wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then

From c64bed8db51e8a28009d6a3aec24d6f25b49b6f2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 8 Mar 2021 15:50:32 +0000
Subject: [PATCH 035/164] Fix script name

---
 debian/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/postinst b/debian/postinst
index 9631851..66b1e91 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 cd /usr/share/omr-server
-LOCALFILES=no SOURCES=no sh build.sh
+LOCALFILES=no SOURCES=no sh debian9-x86_64.sh
 
 db_stop
 

From 3c6e85e07fb7d6f9019e2aea7e76cf25da392401 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:23:46 +0100
Subject: [PATCH 036/164] Add a service to do update after reboot

---
 debian/postinst       |  6 ++++--
 debian/rules          |  3 ++-
 debian9-x86_64.sh     |  7 +++++++
 omr-update.service.in | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 omr-update.service.in

diff --git a/debian/postinst b/debian/postinst
index 66b1e91..3f2400b 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -5,8 +5,10 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 # use debconf
 . /usr/share/debconf/confmodule
 
-cd /usr/share/omr-server
-LOCALFILES=no SOURCES=no sh debian9-x86_64.sh
+sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh
+echo 'To finish installation reboot'
+
+systemctl enable omr-update
 
 db_stop
 
diff --git a/debian/rules b/debian/rules
index 10d24ab..4db8990 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,8 +9,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 override_dh_auto_install:
 	mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
-	find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
+	find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
+	cp omr-update.service.in /lib/systemd/system/omr-update.service
 
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c052fbf..c805f90 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -30,6 +30,7 @@ DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-yes}
 NOINTERNET=${NOINTERNET:-no}
+REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-no}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
@@ -133,6 +134,12 @@ if [ "$UPDATE" = "yes" ]; then
 	echo "Update mode"
 fi
 
+CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
+if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
+	exit 1
+fi
+
+
 echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
diff --git a/omr-update.service.in b/omr-update.service.in
new file mode 100644
index 0000000..c543d73
--- /dev/null
+++ b/omr-update.service.in
@@ -0,0 +1,14 @@
+[Unit]
+Description=OMR Update
+After=network.target network-online.target
+
+[Service]
+Type=simple
+Restart=no
+Environment="SOURCES=no"
+Environment="REINSTALL=no"
+Environment="LOCALFILES=yes"
+ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+
+[Install]
+WantedBy=multi-user.target

From 0ddc538c87294424b9c2f5b06fac9469d273c08a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:29:59 +0000
Subject: [PATCH 037/164] Add dependencie in debian package

---
 debian/control | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/debian/control b/debian/control
index fccd12e..37756a6 100644
--- a/debian/control
+++ b/debian/control
@@ -27,6 +27,8 @@ Depends:
  shorewall,
  shorewall6,
  iptables,
+ v2ray-plugin,
+ linux-image (= 5.4.100-mptcp_1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
 Conflicts: omr-server

From 96eb181b403ad71405bf3717eb476e6799bd0dbb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:30:19 +0000
Subject: [PATCH 038/164] Use Debian package for kernel

---
 debian9-x86_64.sh | 39 +++++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 14 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c052fbf..cdd7d57 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -194,22 +194,29 @@ apt-get update
 sleep 2
 apt-get -y install dirmngr patch
 
-wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
-wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
-# Rename bzImage to vmlinuz, needed when custom kernel was used
-cd /boot
-apt-get -y install rename curl libcurl4 unzip git
-rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-#apt-get -y install linux-mptcp
-#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
-#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
-if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+if [ "$SOURCES" = "yes" ]; then
+	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
+	# Rename bzImage to vmlinuz, needed when custom kernel was used
+	cd /boot
+	apt-get -y install rename curl libcurl4 unzip git
+	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
+	#apt-get -y install linux-mptcp
+	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
+	#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
+	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+		echo "Install kernel linux-image-${KERNEL_RELEASE}"
+		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+		dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
+		dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+	fi
+else
+	cd /boot
+	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
 	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
-	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+	apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE}
 fi
-
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."
 if [ "$LOCALFILES" = "no" ]; then
@@ -594,7 +601,11 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	if [ "$SOURCES" = "yes" ]; then
+		wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+	else
+		apt-get -y install v2ray=${V2RAY_VERSION}
+	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
 	fi

From cf1eca052a1107562c6d0980857c65330864c442 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:33:15 +0000
Subject: [PATCH 039/164] Fix kernel package version

---
 debian/control | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/control b/debian/control
index 37756a6..17c4b9b 100644
--- a/debian/control
+++ b/debian/control
@@ -28,7 +28,7 @@ Depends:
  shorewall6,
  iptables,
  v2ray-plugin,
- linux-image (= 5.4.100-mptcp_1.18+9d3f35b),
+ linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
 Conflicts: omr-server

From 605acd1ffdda1154e0233b02dec267a3f450ae14 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:35:54 +0000
Subject: [PATCH 040/164] Fix kernel package version in install script

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 72760df..30cb01c 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -222,7 +222,7 @@ else
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	echo "Install kernel linux-image-${KERNEL_RELEASE}"
 	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE}
+	apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
 fi
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."

From 95453a801372c2db4b608fd84e6250ef2e694ee6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 09:51:50 +0000
Subject: [PATCH 041/164] Fix sed in debian package

---
 debian/postinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/postinst b/debian/postinst
index 3f2400b..03edb58 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -5,7 +5,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 # use debconf
 . /usr/share/debconf/confmodule
 
-sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh
+sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
 echo 'To finish installation reboot'
 
 systemctl enable omr-update

From 382fc59a4f87cc6789a7dd18641a46fa733a1ad0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:30:05 +0000
Subject: [PATCH 042/164] Fix v2ray

---
 debian9-x86_64.sh |  4 ++--
 old-v2ray.service | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 debian9-x86_64.sh
 create mode 100644 old-v2ray.service

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
old mode 100644
new mode 100755
index 30cb01c..bc28a86
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -610,14 +610,14 @@ if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+		dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+		rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	else
 		apt-get -y install v2ray=${V2RAY_VERSION}
 	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
 	fi
-	dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
-	rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
diff --git a/old-v2ray.service b/old-v2ray.service
new file mode 100644
index 0000000..9ed715a
--- /dev/null
+++ b/old-v2ray.service
@@ -0,0 +1,25 @@
+[Unit]
+Description=V2Ray - A unified platform for anti-censorship
+Documentation=https://v2ray.com https://guide.v2fly.org
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
+#Type=exec
+Type=simple
+# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
+# This service runs as root. You may consider to run it as another user for security concerns.
+# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
+# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
+User=root
+#User=v2ray
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=yes
+ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
+Restart=on-failure
+# Don't restart in the case of configuration error
+RestartPreventExitStatus=23
+
+[Install]
+WantedBy=multi-user.target

From f573c43ce0f1a587b9452aa10641d5dd4cb97342 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:30:32 +0000
Subject: [PATCH 043/164] Fix omr-update service script install

---
 debian/rules | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 4db8990..d411dc4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,5 +13,6 @@ override_dh_auto_install:
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
-	cp omr-update.service.in /lib/systemd/system/omr-update.service
+	mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system
+	cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service
 

From 2dbc4e4f0fab5a029a4693a0bab2740e34b3beb0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 10:31:20 +0000
Subject: [PATCH 044/164] Fix output of omr-update

---
 omr-update.service.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/omr-update.service.in b/omr-update.service.in
index c543d73..1a21135 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -9,6 +9,8 @@ Environment="SOURCES=no"
 Environment="REINSTALL=no"
 Environment="LOCALFILES=yes"
 ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+StandardOutput=file:/var/log/omr-update.log
+StandardError=file:/var/log/omr-update.log
 
 [Install]
 WantedBy=multi-user.target

From 8e795b035b46cb5175131a7e2d047ab110c8d82e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:00:31 +0000
Subject: [PATCH 045/164] Reboot not needed after install

---
 debian/postinst | 2 --
 1 file changed, 2 deletions(-)

diff --git a/debian/postinst b/debian/postinst
index 03edb58..bd08d7f 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,8 +6,6 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
-echo 'To finish installation reboot'
-
 systemctl enable omr-update
 
 db_stop

From 5bfd42770dfd6cb9d304ffccda4bdd2ebb52b197 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:00:54 +0000
Subject: [PATCH 046/164] Fix get previous pass for omr-admin

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bc28a86..837d4d6 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -450,9 +450,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
 			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
-			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
+			[ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
-			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
+			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		fi
 		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
 		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then

From 269b986cbe12f4cb8166fe88ed0f9f29ca800da9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:04:17 +0000
Subject: [PATCH 047/164] Install omr-server debian package at end of install
 script

---
 debian9-x86_64.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 837d4d6..b7e98d2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1219,6 +1219,10 @@ else
 	echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd
 fi
 
+if [ "$SOURCES" != "yes" ]; then
+	apt-get -y install omr-server=${OMR_VERSION}
+fi
+
 if [ "$update" = "0" ]; then
 	# Display important info
 	echo '===================================================================================='

From 7ce28a948188cfc8b3a40b30fc68d7e0f714bf8f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:43:18 +0000
Subject: [PATCH 048/164] Fix script for kernel binary install

---
 debian9-x86_64.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b7e98d2..f8b3f97 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -199,14 +199,14 @@ fi
 echo "Install mptcp kernel and shadowsocks..."
 apt-get update
 sleep 2
-apt-get -y install dirmngr patch
+apt-get -y install dirmngr patch rename curl libcurl4 unzip
 
 if [ "$SOURCES" = "yes" ]; then
 	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
 	# Rename bzImage to vmlinuz, needed when custom kernel was used
 	cd /boot
-	apt-get -y install rename curl libcurl4 unzip git
+	apt-get -y install git
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 	#apt-get -y install linux-mptcp
 	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
@@ -220,9 +220,11 @@ if [ "$SOURCES" = "yes" ]; then
 else
 	cd /boot
 	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-	echo "Install kernel linux-image-${KERNEL_RELEASE}"
-	echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-	apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+		echo "Install kernel linux-image-${KERNEL_RELEASE}"
+		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+		apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+	fi
 fi
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."

From a713d44645de0311a8289bd0b9a8b77ef5c2163d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 13:46:55 +0000
Subject: [PATCH 049/164] No error if omr-server not installed

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index f8b3f97..8c2fb45 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1222,7 +1222,7 @@ else
 fi
 
 if [ "$SOURCES" != "yes" ]; then
-	apt-get -y install omr-server=${OMR_VERSION}
+	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
 fi
 
 if [ "$update" = "0" ]; then

From e70303ba3f1be88a0259ee94e4d90037bcde0cec Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 14:11:54 +0000
Subject: [PATCH 050/164] Change version

---
 debian/changelog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 1e55a02..33cf21b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-omr-server (0.1025) unstable; urgency=medium
+omr-server (0.1025-test) unstable; urgency=medium
 
     * Wireguard support and fixed
 

From 8856fece584efb8c4244899d43a24461e98ffefb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Mar 2021 14:38:35 +0000
Subject: [PATCH 051/164] Use v2ray_plugin debian package

---
 debian/control    |  3 ++-
 debian9-x86_64.sh | 52 +++++++++++++++++++++++++----------------------
 2 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/debian/control b/debian/control
index 17c4b9b..0da3629 100644
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,8 @@ Depends:
  shorewall,
  shorewall6,
  iptables,
- v2ray-plugin,
+ v2ray-plugin (= 4.35.1),
+ v2ray (=4.35.1),
  linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
  ${misc:Depends}
 Provides: omr-server
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8c2fb45..fd83af2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -50,8 +50,8 @@ OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
 OMR_ADMIN_BINARY_VERSION="0.3+20210304"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="4.34.0"
-V2RAY_PLUGIN_VERSION="v1.4.3"
+V2RAY_VERSION="4.35.1"
+V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
@@ -574,29 +574,33 @@ fi
 # Install v2ray-plugin
 if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	echo "Install v2ray plugin"
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	#wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	cd /tmp
-	tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
-	cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
-	cd /tmp
-	rm -rf /tmp/v2ray-plugin_linux_amd64
-	rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+	if [ "$SOURCES" = "yes" ]; then
+		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
+		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		cd /tmp
+		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin
+		cd /tmp
+		rm -rf /tmp/v2ray-plugin_linux_amd64
+		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 	
-	#rm -rf /tmp/v2ray-plugin
-	#cd /tmp
-	#rm -f /var/lib/dpkg/lock
-	#apt-get install -y --no-install-recommends git ca-certificates golang-go
-	#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
-	#cd /tmp/v2ray-plugin
-	#git checkout ${V2RAY_PLUGIN_VERSION}
-	#git submodule update --init --recursive
-	#CGO_ENABLED=0 go build -o v2ray-plugin
-	#cp v2ray-plugin /usr/local/bin/v2ray-plugin
-	#cd /tmp
-	#rm -rf /tmp/simple-obfs
+		#rm -rf /tmp/v2ray-plugin
+		#cd /tmp
+		#rm -f /var/lib/dpkg/lock
+		#apt-get install -y --no-install-recommends git ca-certificates golang-go
+		#git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin
+		#cd /tmp/v2ray-plugin
+		#git checkout ${V2RAY_PLUGIN_VERSION}
+		#git submodule update --init --recursive
+		#CGO_ENABLED=0 go build -o v2ray-plugin
+		#cp v2ray-plugin /usr/local/bin/v2ray-plugin
+		#cd /tmp
+		#rm -rf /tmp/simple-obfs
+	else
+		apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
+	fi
 fi
 
 if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then

From 47df28fdc67b2f5927da84924d18edd8c4ec1133 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 11 Mar 2021 08:07:55 +0000
Subject: [PATCH 052/164] Fix symbolic link for v2ray config

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index fd83af2..3706227 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -630,6 +630,7 @@ if [ "$V2RAY" = "yes" ]; then
 		rm /etc/v2ray/config.json
 		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	ln -sf /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json
 	rm -f /tmp/v2rayError.log
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then

From 83e81cfd9ffb14d8495a8f210d3a9854e52d84bb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 11 Mar 2021 14:48:12 +0000
Subject: [PATCH 053/164] Go to openmptcprouter-vps-admin dir before creating
 key

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3706227..4be25a4 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -464,6 +464,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		#OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 	fi
 	if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then
+		cd /etc/openmptcprouter-vps-admin
 		openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps"
 	fi
 	sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json

From 8e738a8f197f823f1ac6a0cee5e1b81f16fcf21f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 06:46:05 +0000
Subject: [PATCH 054/164] Fix
 https://github.com/Ysurac/openmptcprouter-vps/issues/46

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 4be25a4..2d1af03 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -579,7 +579,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 		rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz
 		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		#wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
-		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
+		wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cd /tmp
 		tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz
 		cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin

From fd10d9ac2002dbf1eade75fd113b683893fc2201 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 13:21:25 +0000
Subject: [PATCH 055/164] Force update repo key

---
 debian9-x86_64.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2d1af03..60966c2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -139,6 +139,10 @@ if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
 	exit 1
 fi
 
+[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
+	echo "Update ${REPO} key"
+	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+}
 
 echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock

From 5291876fe682ca6404944030cae2235c90016a26 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 16:57:04 +0000
Subject: [PATCH 056/164] Fix mlvpn source install and use binary by default

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 60966c2..0a3520b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -28,7 +28,7 @@ UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
-SOURCES=${SOURCES:-yes}
+SOURCES=${SOURCES:-no}
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-no}
@@ -657,6 +657,7 @@ if [ "$MLVPN" = "yes" ]; then
 	if [ -f /etc/mlvpn/mlvpn0.conf ]; then
 		mlvpnupdate="1"
 	fi
+	mkdir -p /etc/mlvpn
 	if [ "$SOURCES" = "yes" ]; then
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
@@ -691,7 +692,6 @@ if [ "$MLVPN" = "yes" ]; then
 	else
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
-	mkdir -p /etc/mlvpn
 	if [ "$mlvpnupdate" = "0" ]; then
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 	fi

From 69df502cb9eff01699e1a037b568689da3613086 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Mar 2021 17:13:56 +0000
Subject: [PATCH 057/164] Keep old config

---
 debian9-x86_64.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 0a3520b..136053e 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -330,7 +330,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -rf /tmp/shadowsocks-libev
 else
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
+	apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
 # Load OLIA Congestion module at boot time
@@ -460,7 +460,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		fi
-		apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
 		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 		fi
@@ -624,7 +624,7 @@ if [ "$V2RAY" = "yes" ]; then
 		dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 		rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 	else
-		apt-get -y install v2ray=${V2RAY_VERSION}
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
 	if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then
 		wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service
@@ -690,7 +690,7 @@ if [ "$MLVPN" = "yes" ]; then
 			fi
 		fi
 	else
-		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION}
+		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$mlvpnupdate" = "0" ]; then
 		sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf

From 507f49413cd3a7bdefe45a9d122e3b3f2d97d67a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Mar 2021 19:12:01 +0000
Subject: [PATCH 058/164] Update API

---
 debian9-x86_64.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 136053e..90a710b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9"
-OMR_ADMIN_BINARY_VERSION="0.3+20210304"
+OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7"
+OMR_ADMIN_BINARY_VERSION="0.3+20210315"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"

From 454046f830402050b6c7143eac494520ec4b46f1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Mar 2021 19:40:17 +0000
Subject: [PATCH 059/164] Update API

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 90a710b..540473f 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,7 +46,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7"
+OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7"
 OMR_ADMIN_BINARY_VERSION="0.3+20210315"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"

From 9a764d0eaf95b27a750e6a910e6531e9345ad9a8 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 12:36:53 +0000
Subject: [PATCH 060/164] Fix LAN default route, fix
 https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 4b8e54d..0711abc 100755
--- a/omr-service
+++ b/omr-service
@@ -52,7 +52,7 @@ _lan_route() {
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c '.lanips //empty' | 
+			echo "$c" | jq -c '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null

From 98ee07f6a6cd7e8bc7f4559788b018b9e641747a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:41:26 +0000
Subject: [PATCH 061/164] Add a test for a China compatible script

---
 debian9-x86_64.sh | 46 ++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 540473f..8cf27d3 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -60,6 +60,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
+CHINA=${CHINA:-no}
 
 OMR_VERSION="0.1025-test"
 
@@ -176,16 +177,45 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
+
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
-echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
-cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
-Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
-Package: *
-Pin: origin ${REPO}
-Pin-Priority: 1001
-EOF
-wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+if [ "$CHINA" = "yes" ]; then
+	echo "Install git..."
+	apt-get -y install git
+	if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
+		git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+	fi
+	cd /var/lib/openmptcprouter-vps-debian
+	git pull
+#	if [ "$VPS_PATH" = "server-test" ]; then
+#		git checkout develop
+#	else
+#		git checkout main
+#	fi
+	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
+	cat /var/lib/openmptcprouter-vps-debian | apt-key add -
+	if [ ! -d /usr/share/omr-server ]; then
+	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
+	fi
+	cd /usr/share/omr-server
+	git pull
+	if [ "$VPS_PATH" = "server-test" ]; then
+		git checkout develop
+	else
+		git checkout master
+	fi
+	DIR="/usr/share/omr-server"
+else
+	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
+	cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+		Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
+		Package: *
+		Pin: origin ${REPO}
+		Pin-Priority: 1001
+	EOF
+	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+fi
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
 if [ "$ID" = "debian" ]; then

From dae3133a1d308601b718b59911e2c052f185cd7f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:44:43 +0000
Subject: [PATCH 062/164] Fix

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8cf27d3..c8722ba 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -194,7 +194,7 @@ if [ "$CHINA" = "yes" ]; then
 #		git checkout main
 #	fi
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
-	cat /var/lib/openmptcprouter-vps-debian | apt-key add -
+	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
 	if [ ! -d /usr/share/omr-server ]; then
 	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
 	fi

From 31d4712c8314283508475a4f0fb0b4cb11145c9e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:49:12 +0000
Subject: [PATCH 063/164] Fix

---
 debian9-x86_64.sh | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index c8722ba..bd715f1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -142,7 +142,11 @@ fi
 
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
-	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	if [ "$CHINA" = "yes" ]; then
+		wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+	else
+		wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	fi
 }
 
 echo "Remove lock and update packages list..."
@@ -195,17 +199,17 @@ if [ "$CHINA" = "yes" ]; then
 #	fi
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
-	if [ ! -d /usr/share/omr-server ]; then
-	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server
+	if [ ! -d /usr/share/omr-server-git ]; then
+	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
 	fi
-	cd /usr/share/omr-server
+	cd /usr/share/omr-server-git
 	git pull
 	if [ "$VPS_PATH" = "server-test" ]; then
 		git checkout develop
 	else
 		git checkout master
 	fi
-	DIR="/usr/share/omr-server"
+	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref

From cedb65670e46ea680bddb3304e2f842569251be4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:53:25 +0000
Subject: [PATCH 064/164] Add missing files and use localfiles for china

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bd715f1..6045365 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -209,6 +209,7 @@ if [ "$CHINA" = "yes" ]; then
 	else
 		git checkout master
 	fi
+	LOCALFILES="yes"
 	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list

From 07e23b78512794d7902387fe92151e4ee0488cca Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:57:16 +0000
Subject: [PATCH 065/164] fix

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6045365..a9c2151 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -192,7 +192,7 @@ if [ "$CHINA" = "yes" ]; then
 	fi
 	cd /var/lib/openmptcprouter-vps-debian
 	git pull
-#	if [ "$VPS_PATH" = "server-test" ]; then
+#	if [ "$VPSPATH" = "server-test" ]; then
 #		git checkout develop
 #	else
 #		git checkout main
@@ -204,7 +204,7 @@ if [ "$CHINA" = "yes" ]; then
 	fi
 	cd /usr/share/omr-server-git
 	git pull
-	if [ "$VPS_PATH" = "server-test" ]; then
+	if [ "$VPSPATH" = "server-test" ]; then
 		git checkout develop
 	else
 		git checkout master

From 1d2887c747f7fc3d0c3aa8a2fd5cfa77c0d226dc Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 23 Mar 2021 19:58:37 +0000
Subject: [PATCH 066/164] Add omr-test-speed

---
 omr-test-speed | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100755 omr-test-speed

diff --git a/omr-test-speed b/omr-test-speed
new file mode 100755
index 0000000..fa95ff2
--- /dev/null
+++ b/omr-test-speed
@@ -0,0 +1,42 @@
+#!/bin/sh
+# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
+INTERFACE="$1"
+
+echo "Select best test server..."
+HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+bestping="999"
+for pinghost in $HOSTLST; do
+	domain=$(echo $pinghost | awk -F/ '{print $3}')
+	if [ -z "$INTERFACE" ]; then
+		ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+	else
+		ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+	fi
+	echo "host: $domain - ping: $ping"
+	if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+		bestping=$ping
+		HOST=$pinghost
+	fi
+done
+
+[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+
+echo "Best server is $HOST, running test:"
+trap : HUP INT TERM
+if [ -z "$INTERFACE" ]; then
+	curl -4 $HOST >/dev/null || echo
+else
+	domain=$(echo $HOST | awk -F/ '{print $3}')
+	hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
+		for ip in $hostip; do
+			ipset add ss_rules_dst_bypass_all $ip
+		done
+	fi
+	curl -4 --interface $INTERFACE $HOST >/dev/null || echo
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
+		for ip in $hostip; do
+			ipset del ss_rules_dst_bypass_all $ip
+		done
+	fi
+fi

From 5023d5cf33a4381d85e0b2d804c552a1591f2834 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 24 Mar 2021 14:02:18 +0000
Subject: [PATCH 067/164] Fix

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 0711abc..6fe97bf 100755
--- a/omr-service
+++ b/omr-service
@@ -52,7 +52,7 @@ _lan_route() {
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c '.lanips[] //empty' | 
+			echo "$c" | jq -c -r '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null

From fd915dfbb974675fa7e7f38db7aa0ab08ea5abb2 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 25 Mar 2021 09:19:08 +0000
Subject: [PATCH 068/164] Update API version

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a9c2151..6a3e7e2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7"
-OMR_ADMIN_BINARY_VERSION="0.3+20210315"
+OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5"
+OMR_ADMIN_BINARY_VERSION="0.3+20210325"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"

From db95630ef98657da896dcdeefa212224b2ef9357 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 29 Mar 2021 14:32:39 +0000
Subject: [PATCH 069/164] Disable TLS from let's encrypt in China

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6a3e7e2..a7f8d39 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -210,6 +210,7 @@ if [ "$CHINA" = "yes" ]; then
 		git checkout master
 	fi
 	LOCALFILES="yes"
+	TLS="no"
 	DIR="/usr/share/omr-server-git"
 else
 	echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list

From 950b704495a080ee65b4f39554aca34a97102916 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 14 Apr 2021 19:16:45 +0000
Subject: [PATCH 070/164] Update server API

---
 debian9-x86_64.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a7f8d39..34e2969 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5"
-OMR_ADMIN_BINARY_VERSION="0.3+20210325"
+OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5"
+OMR_ADMIN_BINARY_VERSION="0.3+20210414"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
@@ -1295,7 +1295,7 @@ if [ "$update" = "0" ]; then
 	echo 'Your glorytun key: '
 	echo $GLORYTUN_PASS
 	if [ "$DSVPN" = "yes" ]; then
-		echo 'A Dead Simple VPN port: 65011'
+		echo 'A Dead Simple VPN port: 65401'
 		echo 'A Dead Simple VPN key: '
 		echo $DSVPN_PASS
 	fi
@@ -1342,7 +1342,7 @@ if [ "$update" = "0" ]; then
 	EOF
 	if [ "$DSVPN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
-		A Dead Simple VPN port: 65011
+		A Dead Simple VPN port: 65401
 		A Dead Simple VPN key: ${DSVPN_PASS}
 		EOF
 	fi

From 180a3fc0acc21e51b906ebde2f1dccf8139eb939 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 19 Apr 2021 19:15:43 +0000
Subject: [PATCH 071/164] Remove bad dsvpn ipv6 route

---
 omr-service | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/omr-service b/omr-service
index 6fe97bf..ff51abe 100755
--- a/omr-service
+++ b/omr-service
@@ -40,6 +40,11 @@ _glorytun_tcp() {
 	fi
 }
 
+_dsvpn() {
+	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+}
+
+
 _omr_api() {
 	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Restart OMR-Admin"
@@ -109,6 +114,7 @@ ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
+	_dsvpn
 	_multipath
 	_omr_api
 	_lan_route

From c39b07eaa57fdd0c86652b80f3b42ddadf5388f5 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 27 Apr 2021 08:24:10 +0000
Subject: [PATCH 072/164] Doesn't download each firewall file for update

---
 debian9-x86_64.sh | 53 ++++++++++++++++++++---------------------------
 1 file changed, 22 insertions(+), 31 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 34e2969..2d6ddf7 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1157,38 +1157,29 @@ if [ "$update" = "0" ]; then
 else
 	# Update only needed firewall files
 	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces
-		wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat
-		wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules
-		wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces
-		wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf
-		wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy
-		wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params
-		wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn
-		wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net
-		wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params
-		wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net
-		wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn
-		wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces
-		wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules
-		wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat
-	else
-		cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
-		cp ${DIR}/shorewall4/snat /etc/shorewall/snat
-		cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
-		cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
-		cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
-		cp ${DIR}/shorewall4/policy /etc/shorewall/policy
-		cp ${DIR}/shorewall4/params /etc/shorewall/params
-		cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
-		cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
-		cp ${DIR}/shorewall6/params /etc/shorewall6/params
-		cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
-		cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
-		cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
-		cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
-		cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
+		mkdir -p ${DIR}
+		wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz
+		wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
+		mkdir -p ${DIR}/shorewall4
+		tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4
+		mkdir -p ${DIR}/shorewall6
+		tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6
 	fi
+	cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces
+	cp ${DIR}/shorewall4/snat /etc/shorewall/snat
+	cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules
+	cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces
+	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
+	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
+	cp ${DIR}/shorewall4/params /etc/shorewall/params
+	cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
+	cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
+	cp ${DIR}/shorewall6/params /etc/shorewall6/params
+	cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
+	cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
+	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
+	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
+	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules

From df637bb0c455c4a3bf8360d6eca0407cd68cf4c9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 8 May 2021 06:46:40 +0000
Subject: [PATCH 073/164] Fix VPS update via web and update omr-test-speed

---
 debian/postinst       |  3 ++-
 debian/rules          |  4 ++--
 debian9-x86_64.sh     | 11 +++++++--
 omr-test-speed        | 51 ++++++++++++++++++++++++---------------
 omr-test-speedv6      | 56 +++++++++++++++++++++++++++++++++++++++++++
 omr-update            | 11 +++++++++
 omr-update.service.in |  9 ++++---
 7 files changed, 116 insertions(+), 29 deletions(-)
 mode change 100755 => 100644 omr-test-speed
 create mode 100644 omr-test-speedv6
 create mode 100755 omr-update

diff --git a/debian/postinst b/debian/postinst
index bd08d7f..57ee50d 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -6,7 +6,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
 sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
-systemctl enable omr-update
+systemctl daemon-reload
+systemctl restart omr-update
 
 db_stop
 
diff --git a/debian/rules b/debian/rules
index d411dc4..9a69cc6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -13,6 +13,6 @@ override_dh_auto_install:
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
-	mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system
-	cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service
+	mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
+	touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin
 
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2d6ddf7..a75b4a4 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5"
-OMR_ADMIN_BINARY_VERSION="0.3+20210414"
+OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
+OMR_ADMIN_BINARY_VERSION="0.3+20210508"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
@@ -582,6 +582,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then
 	systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
 fi
 
+if [ "$LOCALFILES" = "no" ]; then
+	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
+else
+	cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
+fi
+
 # Install simple-obfs
 if [ "$OBFS" = "yes" ]; then
 	echo "Install OBFS"
@@ -1260,6 +1266,7 @@ fi
 
 if [ "$SOURCES" != "yes" ]; then
 	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
+	rm -f /etc/openmtpcprouter-vps-admin/update-bin
 fi
 
 if [ "$update" = "0" ]; then
diff --git a/omr-test-speed b/omr-test-speed
old mode 100755
new mode 100644
index fa95ff2..863232f
--- a/omr-test-speed
+++ b/omr-test-speed
@@ -1,30 +1,43 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-INTERFACE="$1"
+OVH=false
+if [ "$1" = "ovh" ]; then
+	OVH=true
+	INTERFACE="$2"
+else
+	INTERFACE="$1"
+fi
 
-echo "Select best test server..."
-HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
-bestping="999"
-for pinghost in $HOSTLST; do
-	domain=$(echo $pinghost | awk -F/ '{print $3}')
-	if [ -z "$INTERFACE" ]; then
-		ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
-	else
-		ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
-	fi
-	echo "host: $domain - ping: $ping"
-	if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
-		bestping=$ping
-		HOST=$pinghost
-	fi
-done
+[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
+	echo "You must use a real interface. You wan find them using 'ip a' for example"
+	exit 0
+}
+
+if [ "$OVH" = false ]; then
+	echo "Select best test server..."
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	bestping="9999"
+	for pinghost in $HOSTLST; do
+		domain=$(echo $pinghost | awk -F/ '{print $3}')
+		if [ -z "$INTERFACE" ]; then
+			ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		else
+			ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		fi
+		echo "host: $domain - ping: $ping"
+		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+			bestping=$ping
+			HOST=$pinghost
+		fi
+	done
+fi
 
 [ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
 if [ -z "$INTERFACE" ]; then
-	curl -4 $HOST >/dev/null || echo
+	curl -4 -o /dev/null $HOST || echo
 else
 	domain=$(echo $HOST | awk -F/ '{print $3}')
 	hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
@@ -33,7 +46,7 @@ else
 			ipset add ss_rules_dst_bypass_all $ip
 		done
 	fi
-	curl -4 --interface $INTERFACE $HOST >/dev/null || echo
+	curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
 		for ip in $hostip; do
 			ipset del ss_rules_dst_bypass_all $ip
diff --git a/omr-test-speedv6 b/omr-test-speedv6
new file mode 100644
index 0000000..ca3d64d
--- /dev/null
+++ b/omr-test-speedv6
@@ -0,0 +1,56 @@
+#!/bin/sh
+# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
+OVH=false
+if [ "$1" = "ovh" ]; then
+	OVH=true
+	INTERFACE="$2"
+else
+	INTERFACE="$1"
+fi
+
+[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
+	echo "You must use a real interface. You wan find them using 'ip a' for example"
+	exit 0
+}
+
+
+if [ "$OVH" = false ]; then
+	echo "Select best test server..."
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	bestping="9999"
+	for pinghost in $HOSTLST; do
+		domain=$(echo $pinghost | awk -F/ '{print $3}')
+		if [ -z "$INTERFACE" ]; then
+			ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		else
+			ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
+		fi
+		echo "host: $domain - ping: $ping"
+		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
+			bestping=$ping
+			HOST=$pinghost
+		fi
+	done
+fi
+
+[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+
+echo "Best server is $HOST, running test:"
+trap : HUP INT TERM
+if [ -z "$INTERFACE" ]; then
+	curl -6 $HOST >/dev/null || echo
+else
+	domain=$(echo $HOST | awk -F/ '{print $3}')
+	hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
+		for ip in $hostip; do
+			ipset add ss_rules6_dst_bypass_all $ip
+		done
+	fi
+	curl -6 --interface $INTERFACE $HOST >/dev/null || echo
+	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
+		for ip in $hostip; do
+			ipset del ss_rules6_dst_bypass_all $ip
+		done
+	fi
+fi
diff --git a/omr-update b/omr-update
new file mode 100755
index 0000000..33b3fa6
--- /dev/null
+++ b/omr-update
@@ -0,0 +1,11 @@
+#!/bin/sh
+if [ -f /etc/openmptcprouter-vps-admin/update ]; then
+        wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
+        rm -f /etc/openmptcprouter-vps-admin/update
+        reboot
+fi
+if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
+        LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
+        rm -f /etc/openmptcprouter-vps-admin/update-bin
+        #reboot
+fi
diff --git a/omr-update.service.in b/omr-update.service.in
index 1a21135..231803a 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -4,11 +4,10 @@ After=network.target network-online.target
 
 [Service]
 Type=simple
-Restart=no
-Environment="SOURCES=no"
-Environment="REINSTALL=no"
-Environment="LOCALFILES=yes"
-ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+Restart=never
+ExecStart=/usr/bin/omr-update
+#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
+AmbientCapabilities=
 StandardOutput=file:/var/log/omr-update.log
 StandardError=file:/var/log/omr-update.log
 

From 4b8a9432cd91f68f38d26ad56e33b170715cc0b4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 9 May 2021 08:35:34 +0000
Subject: [PATCH 074/164] Replace gitee by gitlab

---
 debian9-x86_64.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a75b4a4..9e9b397 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -143,7 +143,8 @@ fi
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
 	if [ "$CHINA" = "yes" ]; then
-		wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+		#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+		wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
 	else
 		wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 	fi
@@ -188,7 +189,8 @@ if [ "$CHINA" = "yes" ]; then
 	echo "Install git..."
 	apt-get -y install git
 	if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then
-		git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+		#git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
+		git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian
 	fi
 	cd /var/lib/openmptcprouter-vps-debian
 	git pull
@@ -200,7 +202,8 @@ if [ "$CHINA" = "yes" ]; then
 	echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list
 	cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add -
 	if [ ! -d /usr/share/omr-server-git ]; then
-	git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
+		#git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
+		git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git
 	fi
 	cd /usr/share/omr-server-git
 	git pull

From a02b30624347dfc4d056c180c2f0300cff61a615 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 9 May 2021 08:35:55 +0000
Subject: [PATCH 075/164] Check wireguard ip

---
 omr-service | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/omr-service b/omr-service
index ff51abe..d6d751d 100755
--- a/omr-service
+++ b/omr-service
@@ -44,6 +44,10 @@ _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
 }
 
+_wireguard() {
+	[ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+}
+
 
 _omr_api() {
 	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
@@ -115,6 +119,7 @@ while true; do
 	_glorytun_udp
 	_glorytun_tcp
 	_dsvpn
+	_wireguard
 	_multipath
 	_omr_api
 	_lan_route

From c19bade451c2e9380edaf539f38208af962370b4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 8 Jun 2021 17:42:39 +0000
Subject: [PATCH 076/164] Add latest omr vps script changes

---
 debian/control                   |   4 ++--
 debian9-x86_64.sh                |  20 ++++++++++++++------
 omr-service                      |  11 ++++++++++-
 openmptcprouter-shorewall.tar.gz | Bin 4106 -> 4136 bytes
 shadowsocks.conf                 |   3 +++
 shorewall4/snat                  |   9 ++++++++-
 6 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/debian/control b/debian/control
index 0da3629..72af96a 100644
--- a/debian/control
+++ b/debian/control
@@ -17,8 +17,8 @@ Depends:
  unzip,
  tracebox,
  omr-iperf3,
- omr-shadowsocks-libev (= 3.3.5-1),
- omr-vps-admin (= 0.3+20210304),
+ omr-shadowsocks-libev (= 3.3.5-2),
+ omr-vps-admin (= 0.3+20210508),
  omr-simple-obfs,
  omr-mlvpn (= 3.0.0+20201216.git.2263bab),
  omr-glorytun (= 0.3.4-4),
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 9e9b397..99f120a 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -31,7 +31,7 @@ WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
-SPEEDTEST=${SPEEDTEST:-no}
+SPEEDTEST=${SPEEDTEST:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
 KERNEL_VERSION="5.4.100"
@@ -53,8 +53,8 @@ DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.35.1"
 V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a"
-SHADOWSOCKS_BINARY_VERSION="3.3.5-1"
+SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
@@ -100,6 +100,13 @@ if [ "$ARCH" != "amd64" ]; then
 	exit 1
 fi
 
+echo "Check virtualized environment"
+VIRT="$(systemd-detect-virt 2>/dev/null || true)"
+if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
+	echo "Container are not supported: kernel can't be modified."
+	exit 1
+fi
+
 # Check if DPKG is locked and for broken packages
 #dpkg -i /dev/zero 2>/dev/null
 #if [ "$?" -eq 2 ]; then
@@ -269,6 +276,7 @@ else
 		apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
 	fi
 fi
+
 # Check if mptcp kernel is grub default kernel
 echo "Set MPTCP kernel as grub default..."
 if [ "$LOCALFILES" = "no" ]; then
@@ -280,7 +288,7 @@ fi
 rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
-sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
 
 echo "Install tracebox OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
@@ -1240,9 +1248,9 @@ if [ "$TLS" = "yes" ]; then
 fi
 
 if [ "$SPEEDTEST" = "yes" ]; then
-	if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then
+	mkdir -p /usr/share/omr-server/speedtest
+	if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then
 		echo "Generate speedtest image..."
-		mkdir -p /usr/share/omr-server/speedtest
 		dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576
 		echo "Done"
 	fi
diff --git a/omr-service b/omr-service
index d6d751d..e1eaa5e 100755
--- a/omr-service
+++ b/omr-service
@@ -44,8 +44,15 @@ _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
 }
 
+_shadowsocks() {
+	[ -z "$(pgrep ss-server)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
+		systemctl restart shadowsocks-libev-manager@manager
+	}
+}
+
 _wireguard() {
-	[ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+	[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
 }
 
 
@@ -113,11 +120,13 @@ _openvpn_bonding() {
 	fi
 }
 
+sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
 modprobe bonding 2>&1 >/dev/null
 ip link add omr-bonding type bond 2>&1 >/dev/null
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
+	_shadowsocks
 	_dsvpn
 	_wireguard
 	_multipath
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index f45840887cfcf10e3701975cb3de7fd86e8e40d0..356841434047882f570e6ccb2c8c8c84ccfd1e9a 100644
GIT binary patch
delta 4121
zcmV+!5a#cSAgCaJABzY8l5?7100Zqje{-YAj`J`66kW;O+nKr~HpD+RdF9(9fNd@q
zSis3<>#8VXlZ0B^_yA8fw>97Wq;9|%JL7pfcILf3lo<nRwbbfXOKNBshx2(7dE?*S
z9S#}*?Pil60m?_d1LypChi?kaM*F<;uEF!ocKaP^9I#D)IV|JEiwJoag<<j~x?Sb}
zqHtV0CiYVp`On^TN={En-A~5#IK$M(nSIodvKK}qm_LNk%u9lBPQ3eYnGhc+0zZZl
zk~{@5c?hQd2}xcSJ~^6sbCPpA&AA-`yPtZ7H546kUORphs2z)vqZ&HLakeqCB!%N-
z#dbK(v<%08;AGRV;KHVdk*!#qeXBaspjP`Scp&e^kz))L%~UL#{OxbVbtT7jM60hj
zjKFopp{UEE%ZO@{bNS>?7k+f<K_5)KOVi*^IsCVrEI7W=__0y@$)8Vxhpc|jF*hqe
zB#TweWW3-6zEo{+E}U=HvqZZjvBO^!%6~q)IOo@YIrAN%+$7bKHdzPJc)en~-R_hs
z>WXuv8n&z3oAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^x
zb&JqASgg0U)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=!
z$#&R(;r|6*Xuso|5C__=&UvGW{=a=LRQ~@hVBP<J@}n62dh@J7PKoW!7E_<7xrvY-
zcy<ErpCr%WX>K|M-1<ZCxQu8}I0KGSxOj<z$ESpRkUkOthW}J(@J(|60ujP52y}dJ
zMk9-ZfnyrnM_%+oFos0FPvY<)dG;dz@8l(aT#_+_lE|L~F+`jDW#W?{A>di-VFdMO
zA<TvsL@nnNKcZrwd9#>=5A>q1kBH{SF_iWFxgU8`VlMBe!5AuQ!PuY2KJj9*KwSLf
zPqMc5upxHZ5D0+4o~rqG;s;QUva?<j&iG7P%JGCiUw!ZrY=1<;1y=kBjea3h4_cRh
z)jXqJV1pp6i{X=4iYO12v*h=L_V>dwLSba$Ctfg(p~C52VGpr=<w=hA9nkYsLD)Oz
z<6jM3A%v*9qgXvr!gB<}#8knqL9pW9Lo{<$EaWCn<HZTYjfbiC7@tJYLq7BfD1I^z
z<JmHLh)-e|>akCYx{cbW#hiOgPLt(-{NFh)r^z^E#o*f+$##m_6n<Z=|0UkfkFOR@
z;x93MjQrCjOqSQ06wad4`w&9V{BaA#_x5TPd@U@z$eSH7_9N_C{|Q2~wEk;!I*ls+
zzXj}C|1tZZ@kxy1;Bii)*C#Iuy!$D{h2)7vH!}AjW<rSaSuj%*jN<X~@zIZe6DXl{
zSv4~EW>ELue}u5|3}F<QlH~$&UI_9Kho^p$(8!vE1mit8nI!~ejE*zN48mEV0pO%2
zgvOpZwD*Owqru8w(`*rikGUqw?=-Wy#0!o&_pYBjHPWjqNwl3Vf8IC~S`gD4cx<I*
zX<X>8yZ-25%wO<77MYU|rJh`W#Yf0u#$h!1$mACy498BWe0G|JA(kTfP%~am6HpRV
zx@YM^41I~2OTaP@#+y8OkiqyqbZ-<uXU=m`s3*sjl;d7iXV2kQ)g^5tD}<TV88oPj
zg5dJK=fwXfSPjJCWbE+&5CPid`+u$0dFB7#0`k<BI>7JUnhM?;-oopD?wtRf&H3M{
z?*G3D+?cj2%CgnvX(B-X^EG2=ZD55O(lTGcR<w<3o%b&fi*Oo@Uk)o{=kvdIgWmrY
zgpSZ|3poE9jb=6f-vYkk{;x?*q`LQ8-TQs@-Y@ea`@ipd%pTN|4Dfj^DS&Bcs&u!y
z){H*Ulp96MuGOLHTwaZTEZeE!ZOdX^0&AYNYf+LE)7c<<c-}@;!jf{WSIAzGSw`dZ
zD1vMmCcW*-(I0vV^Jbuso}p>Rt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&<W-FA1$Yc
zeDp_QhyQOjo8|o<KwdrndlUEy|8Jp*e5?CEfwN8(1OCD>fO?XDy@!DB1leAp+yj>a
z(PkvVJwye3nclF}zN(8^U?P_2D8>4?;iwMBp=e#>wPffzjb3TFqYl^T2Vft#6)A5Y
z-K$hAr<+NR$)5w<1eF~>*dKFzS?yvI5&D)fGHXBC3hO;l(^eNyRlL$vd!WcGq@`%k
z69t5---w!8K#X*M#}cLMB8{%x)^gS4aQ;Jr5i@*7Z#4JE)O;7g__yVPJuSdlg}0iI
zYwG-yHw`8qFoL31y8>@AUeLM8Kpc<#MM7lVE=Y=3G9H4|ttDY5^Er%g>l{@1z+ye?
z%lEz8H94$xxg4sD8O$Fk?|RDa#?*lb(M4Y6%mY|&(3Hi0L7msd?NDVG?@Sdr3Ku1&
zNB7?3i1zvahI9Yy4Ba<bME)o6GR#Fz!<78qr!}WxIPoWE)In0g*}!cM-8Q|q(cpuS
zbRY}nLWM5EC?Wqr+AYXRsN0R7yh->RhvVO3+SbQu7`-IRISJ=$y#!2|)U|FXi!NIh
zJyKz(?N;l5y!8+BSWY&1d_g_i9%RG0mxc?1K*h-e$;9r02st4uTirA!oCrYs@I1)|
zi39F5sill8i0%=zm`+1F7?cH%Oxw+ii;E)n@iaiQDNgXzLXTx#bU6C73t3;j&u(Y2
z&4Q<t)fcGf9=(+6d*^3|hCF_sVJ3GN8DGx-d4X?#w=n;2wmPjAFJS&JG+Wj4|2KiX
z=S>(@R{8x+ni{vZY%N$fJyvsj5=tL)`w8v?_=-%FvO8k@hTeSPJwj$bjYDwS(_jwg
z33*DA#bv$z{QP{jss^5*K4bK8sc~md$!xm+yBi#r`c#`ZL?jmcj))1@3W3~-ToDb<
z<h{#(twADYIV00mbV$e)xqIiwwL@sf)Vl#CEKtS(HC0gYZvP71DAtu>tIl1QKcFH2
zCJaj-_1V7;rr1}k?g5+MgWk8G?YE$VMzsBF&{Hkt7E=C0DgjFlFr+^GsW3<S`&Z&h
zgT)4{QXE$^`Yyeh2>PU}k~JKjU*XC`m(weMSiCu^sM}pVWQdhr3KRjI18WyX-BUHC
zTmR%mbx3;aGe3^e@vtJg+qHX?`_apPi}BwPEp^1cp=)=U5V`~dmP1i0H5(mit(LB^
z)|zgaAl*@{4PyH>{BUITHnFK60sKmn;*Q`TIRjL!=18X7)5N~L!6IMXt+j98qk7DL
zq18xW_zu{OL3A)CgY-C@66j-b9W8=A$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)*
z*A$&W_vrl}cqyya=T%o;zW>7>h?cUB1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJ
zB}FyqkF7Y=0HtecfnYd>JOT>jQmg5IJ;=<FfHkHb-v{%{I{l#%^0WM88jihb`4Z`%
zd8T4%-Hg1x@S`c(qwN@$LWM_uoPaW5NdtrV4%Z$i;6W&T`~(G~EBnsI)^?AM(2x$}
zTx1yJ9+<!g%)z0?AZ4Zk#!)9jim@<;9l#XmTF8}^o;cE+?i|*}1viwTkFKJB(3_0C
zIAM$6li_lj1cmDfEV%VBv0q><lTRj!P49XX(YQL7bvyDG1?*7`IeoRnBe0gAN6JW9
zZ~7J#d;0JXFg{EGv0y9*Fq#&OrO8P!nnOCWIPniKt`>Mb$r$2mf!!ZsST?`^1C!SH
zGo0XZ;`4vL|08~h6Myy@CiujE$BnKu?fv{i&9VoDy7ALy6~K(c8NOQx<Ok`mQo=xe
zrn#CH2bl;41O!#@vy^mo?NTq+Wjj=%K$czAbRi^*w!*?KqHI{vmyknMS8egiR&)nW
z<t*97w>hzU0lh+`uXnBxL-AUne6B=Wm0T7Z8RvX{c8?&UpQQQ0NgmFB(1fLdsOqjQ
zS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1uDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtY
zWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t;m@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&N
zik%}3%SnR<L-j<+1gH~#qnsgqxfLzhW%}VAZ4i-lE`*@I4$gk0U+cy#bepBJ0EIPG
z=mHSsfa&9~k633MtGcG@3UG3yK}Lyj%mpzzSV!6nu!vMNT97fX)vguAbS=kqRw9m3
z<@8-k+og#Vt(>J#>xPzN9gU_~dLMdoec3b=p?_rdxPXa3ja?Xj`Me*{4p<3T<H*!a
znKgxVqHB+OJ@uFFZ%6>{QKj3@Df!4zesS^EzcF&U?FNMB5rjw!t`yhmNw`Uy65=-T
zq57-RZLH4S!feuM9!PyKYbfS`%FiQ6*xmfir<95&bu==2QId!2%y%>4O!cgYqEKl&
z!#imB#fiw8%q9?jBeKOCXkwlOArVE<fo0c@ly|iq;G;-}`UOVL$p}nKg=uPbj|6f~
z|M1AepRoRixdYBjs9@ZvayE?_&KhM+7}*6)(^-Hxb8rV9K-65ACk0Y4trdbL`(UPu
zZNpkF?F=+gun$Qzq1?`=@vUK9i_j~&%qst?Scc2`kX{-fx+36D_w+En-J}W4HF$R?
z&3SF`?b#BYdiX=Gt-vvvlY|X8e~{imy2b^vNbX<&N5t8`Se$cLs)K$!n@JnjMz6;f
z8AH*&&Pvgk*?F~X^q&Y~$T$xzW7qrt=e&UXKb!4lhi|g|Kh0LP|MN|t^!{JA=La+C
z`p}F2XX!`Y#P`2(`%k;t`STav`GY>>C|4wXwzBKF3av$-t57v(fG#%Tf1ha|(UuPf
zaa;HQaP-?jn88XM=5oc)2ywUrh<<MfNUy{zRa2ci=ro9tKaUhkl!0sZwnejZ)~E~3
zlmD)91>}!gkgdixB)<(QY(t)JLpHY|TSa91f{_7^Z>P8pOoBE;2`TCVQ9q_+T;V$k
zXe!`g*u#5#m=BW^W(2hafBM)kf4(2rj*;@i`|L%Pj~v%Hqkr`Vu*}~{sgjC61#uEC
z7XIX*+kkh*f1$&^|I^|5hS0+2|3dZspSOY6_W!mDxj?~0{&XI|3snm6S55&6HgbU1
zK)!J^?s~m%+7w&d44YnW?4V1(_mf|rZcv<-IHxtXamqdo^!1#we;OOK*=K}yb77Pl
zWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH|cfJ43x6AMU2z;wm#s9Z}
z<MM~k7&v!k0io)rSE4T8s<M;6VqlD%6|z?NL>j03&OXLdTP5clr>0-%`QG|gunxEp
z|2x0`$G0}W|J80*Z{L4-6Znev|9(Xisb2rCvj11Jf9gaIkoKqF=FEao`Y|+8236lc
zWg+UTbN$zNXCGk8UgXYSWyxNX2^OE4`8(tEqDnq1sGx!hDyX1>3M#0ef(k0Apn?i2
XsGx!hDyX1>?+X71gZNS90C)fZ9&A2V

delta 4091
zcmV<X4+QY2Ac`P=ABzY8F_J%E00ZqjVRNHMuJaZDimqhd?M%Hmwu$X*a^<&=0Jgbc
zU;!tatye`6n<UiQ;0JiJd0X?}PwEDYu``~#u`_r3P-YCM)l#clEvcbl5(YsMxs%`C
z9S)iR-FBNE0m{eLIh?o7&RcE1-Rz#7ziYNy?QZuSX&$hDO*t&%#El4f7lmQ+CAwYZ
z|E6$UJ0{js7<td`Y)0yJ((sZ=BhE05NoF54r0j<g@q>pjn!AY~2E@G&mkIHJ!uMh*
zA<2^;lLvq1osi^Z;gO@c8<3n^J?C}=?0)L&=18!~S?%~upmr>XwxVks$65N=6lIQ+
zWXt9_!_;kmos$gRgbRxv#+Gby)~#ZT!&>bp|AD+0#<o6`RYNu{@|V95#}RGE7R-Tc
zGXlpEMuH{@4kN0G_T`f|TX@l>3w<zkFAbfmbNFvLU2v^t^T%fGCoh=#4_W=bZERM4
zNEWM_$z;Lttx~n&8Gp7}&lIeZ#Pilgq5S95i?h~$I_K6oUv83OikqzcXtG|h+wGp0
zDr&NQrRbKUS)26(FS+-_xE{o%7M_*47{<0PSuDzZ0xdr)RkZ|7-mDtCfmdpKr`s)8
zRkjF?{l$7~JI!vnw=8Y6t!6MURc&?4V`y(3`($nKv1a#TRgoRPb^iN7;zbYc#EbXg
zO}4{-4*$=$`0l$_8{$B>bAHxrqyO)o@s<C73t0F6pS&nWzurD=k~*>6`C{e~B{vb$
z2hUEx{gdQ5tmmdfz^y;{kIRS#g;U@thKrZTe|$>F2k|4}VfgEOv(+Z|FAyQTf<W7I
z=QOg|7&vDBedI<j1Y=0#c_a=Wl4m#a{z_hd!X=qND2cqOA49acUnU;$69S&K5k^pd
z9>Q#RLDVvsdJz=^&6~$0e4rNtZA?@zj-hPe1zzONh_Sq%`4gzD`V%jRJ>te>fw=g|
zn`Uk8V?(U8ArJt8Jyr9s#PgvXWoNy{pSCh-DaR86ef7aju>BDU7g+HlH2Q_iTxeZ?
zR`Zm0fdzuFE{0EH%7QeKPm|vh+TRb$2!)ZUm$?2ch6?q)!X9G#%99-JJD}&O0>5|8
z$G_^DObAglTQ>WGi025pfvJL3gJ8wIhiK*~SjbJECW{k@8xJ%0F+Pc)hdk&JQ2Zna
z<M}drh)-e|>WN2-dd=FWMZi5K^<)`;{3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf
z{3WK3kyl^BWO=Pg;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#P
zTfnaMAF~e{pM*H}9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wr)poG$8
z)kxsZq3*r+2w~+J!YD8$%LU}T5ab~a&%7j|ku?bk#(QuwO9;vs9p{i4g!4iJz)4LB
zjXeRh_l2^f!OC0HY!QWzxhC@OG_$$H3ywMWo|il|)2k~{u<Tyzta-|JAf`9**h$OM
zxX@d7{n5jub<z5<$eesA_2eplK0+2V38U#pCchA2ICetiv(qdLu@uRJn(=a$fRdon
zJxdp2=u6C8e3p4I-sH)J494@Idm|q@Gss1uo*Y+Fj(b&|J%?LG6V<UK6J}PY(4aC3
zg3I@w6aSxJH4ulBvBUpE1n8FU|8+WNmH&SW$WvSD0Ka!@DtK#n3$MF>bN-)i&j0i3
z{{Nf6jbS;0B$>SyO$6xwR!tw78(6-Ew9Hqq6>YOx=l$EmBAoe?m&3}~`TVcjr1yV$
z{+#c2d7S^vX1kjIZvkI%|JR@<Qr-Kl?)|=c@0WRz{onUJW)Esf2Kc;|6u{6`MZ8;G
ztNMVb@{O!!*UCt-FR#Xbre)Xgwq>y{fi=(CwIGVJVQ-K<Ja3~aVM)2xD`c<8ETeIH
z6hSg|gWh)K=nuVwc{7wrUsqNAR?!AoUyR1kMOQLW1<)Dza2)+H<-f@ybV7OlN6XnE
zAN^6-;s4w1c6t8?kXO(D-UPnF|C?wc-|GHP;OxAL0e|8cKt0KS-b285f^4r)?tx2z
zXfqPw9-;!iOs|{DK+%LOFcDL*<zju@aMXa~NHDMQTGTa-Mz6HoRz_>|L$D9rij=pH
z?o}$5)6FEu<evlF1eF~>SRZqIS?yvI5eB9{HfldvGV47-RaX~KRk%_WYbZ-Aq$#V=
z69t5#-3Y2uK#Vni+Z4p>B8?{B)^gRPF!&+Ch#5YkHwwH7HQ$9l`E9viPYZBX;jQN5
zni70+Xa4j9Mo`phSKv)13pzI$2$PAoNQk6a1xfKr#)F@_wIs}BK8F!*or5YLSgdD#
z`M!U<CWo~ymqV2?{NR!DZlvsP3=N17UF22HJb?8EO<5d&)OlUp4pnyX&Qy`2a8Y7<
zbni}&XrKRI7<i|r=)TD!@;-r=VJ>nOrsVe?tvL(BsW&~P4w4Ga25xicw&}f%1|Ni^
z16eQ^Ds&M>3HdM5?LbyS-EREkPQ&LooctEkwm#0n=p|VOBn;Mi379geYu!*5UA8QG
zq{8amPUozD^AGb_PB(dcK|RYFX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17)
z1MW1brHo97?h&+@PD45vltl}fcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg0
z1?!a67pUkSy_D*E=Vyn8Jbs^ICU+PaU(Wwqe5>1k!Ti77Iq!5@Jm&v=yHh>?e-qey
z-h@$QmEYf_sc~n^)`E4@V>P!Yq4Y7gm*75tugF9xyCcSL<OU1(5i<K(9D>uH`2n0K
z<S9uOmyO2r^YiJd8hC=noYBXn#+^PT^V$CIZg5=cQ!Qc>ftc_+CI(!~1ac>GMN~MG
z_Aa-728ozyj}1rGAR&{b-klfM4xt@W?*^1GK^Yy?R6xbM{VQ}Mn^(G}*mu3w0Tlr-
zU|0sI&;E5Vgn?}K4%qxY^u7sgzXcssqV8XVzGBL^kn$f=30QJ~Ar0V9fjKhRzY<p}
zEH+@3VmqonaOllM&?jA$tl{wd3RfnYlwQGq;>}hB&FX0(L#*tQrwHgASi3OlzM{&#
z#wRywK+@ZodvT18hZWJ?uDzq&k6!*qjQ@^ksVxk2O})#6&?OkK90_8n+2}}XwRDBG
z)^yVV>9%Zc5L>U|M`N?UiB0_o;8&UycLe*%DWGaKTQr=$Dh#X*7WwLKt$q6*)ng8S
ztwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=f}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|l
zhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bDn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!F
zDT+aVEZL?8C|*+w1jEs#F;F0vT21SJLuQTytTB!F-VZJt^oL5w&+?O5IB{p?OQeJ5
z8M3MNGV;d4i)Lt#maUsI6&`tU0?L3T4Rz)_9BU|p2ch)w6BLZEtUC)^+dDc!LpqFe
zkzkPfU;<+>2b&s$n3)O~M}v$g#>5zQ08^lAAxDz?!dSI?0j!M+ZYV<^T}7dPJDs?3
z!WO|Nqvb5|3)fRvaBE>=y}()~pG*{+-t{P=adj?fR^%-T*rOV9`f7<sU@bq7<*~fp
z^erg%^x+?1e3$@Y!dMPrG))*wgA-viM|5Oy;vZmKP4If6KEl@mdq2dmY<~X-Cav*j
zIKkz_=l_2HNBj~e-uyF6@TrG?8(nGI`}v2OX$=c?<EPCkfSH7Ie76wD57J+ygn{}@
zV>K-fG7)qL2#PjfDe3Ckp<b-VcBn#uBsq%VKu8uWnT1<KS+JrnAxDa)Si+ShYc`xp
zS+a|7b7J=bdWA?|?_429!nI8KTnUyUIxIFa&iVZ89YI7tN%Mn~Je;9_35!EP(Hu)O
z!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4KuAPU0-b--Qf>KJc(GBQa<BF7%e8s4qQ
zkT#uPsJ~+1O$;VMLfusva5r6s07nX0COg$ISr9OJk?u5M1RAciqHN_~46r|kK3P;`
zD@W?4odykt>I;wwP$x!zIYat#E0~hQ^us&aAR_Br2tfl4oc&n4*7RHGHdA2%3TrCR
z1t7`>)5l>Sv(7kHG*!`L;AD%#j1uFR17b9=j<gwI5vgdjAU&wnu4UP9Oxv+nB92kz
z^j%BKp@|f&oTX3ehL&S(m8MwQ0D5zM*)$TMe<b#}fQdkj9T@q4ydTgGSP59;*w74#
zHHCGeV~zWL<(J-XNC56pq1(?X`Pi0!aq!l^KDK+^CWPlPgh&&vWXJ4_xJjE5;x_S-
z@~hlyuFjppY|>~RNPRGCDCU6j&tpi~o&3$Gl!_*GG%~wUl85WecQfHk^{j}ZP-!c}
z+i3X3iO8DFCJ-ZkvV<FGVx9yc5k=8~W!JWtceUl?qezDO1xC)!2n<t!X=?P2cydPn
z@YsSse*F(~2b`HuLBCO?Y#KA1InJ6ewhEf2vjB0%@D4nHpgJ&53Z!6KD+EjS!Axb#
zg0)=Q8EB$lAEIDDxs^}jTiv`CpjR}BRsK~rb%*sKz0@@yna7`A{V=}Wpb5=2cy~L^
zc`fkm*%F<4_(QI(z%dz<g$+1=h~7cE#s#uK?qC4N#NNMHoO4%-jeb0vNgLOCzt0vK
zBf+}PO3|3vd9`iyUkGBzI1epj*ZcoXcK^S)|EJxl_J6+#l-~c#_WWQb-59y?|1Q1A
zoqFCkZvW|4JAeMfJAcrJ9Oa6n&sKIlSE04&a}}!Q9MHu^{44Dv+VbIlAa3jaAC7)I
z2s2ob!(6WT86ggL0MYLa0qK=+rKpO12b~5n^5?N^3KDQl-?nI;HXE(($^X<qPOEzX
zxb`~k9PF*jP<)EIK-7;Z8CUpZ0gehxX7-#MpPR!x0OO;bPM^@_kJ97XF;aebpS=_E
zk>i@D^smtbmig-+Rs8;c^FW-0i-k8m=r-V8@&AlJXW#!hZ?&3y2cQ4*)%Sni2436$
z+bQG%1rzzF^MDp#r2v2C6rf-u2Y3zS8#m*w*ZZbTvBk}>>Gj4Ay7YTL`E`ARqF&;h
z*4V}=`!vwkbINLL&}N?z+RcSgZjfc44BE|rQErg2PZjO1zP0&(^jk)|>jK&4Yc3VM
z0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}neP<L9idMf8H0f56?EDo2eQd9gwZbRT
zIQe(>F`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z-<!Z!y#Mzrnn?Bfca{CW
zn*CEJa)7iy{WfP(7L3x5p^-8u+6F2MQD2?wzs5WJ09*DVcm66%_L_{p_|(qd8K)Oj
t@>xLz6;x0`1r=0KK?N05P(cM1R8T<$6;x0`1r>Z(_&YCMBK81y001LV57qzx

diff --git a/shadowsocks.conf b/shadowsocks.conf
index 302bbe0..5fb5da0 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1
 #net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
 net.ipv4.tcp_fin_timeout = 80
+# Increase max orphans
+net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
 net.ipv4.tcp_keepalive_time = 7200
 # outbound port range
@@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 131072
+net.netfilter.nf_conntrack_tcp_timeout_established = 86400
 
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.default.log_martians = 0
diff --git a/shorewall4/snat b/shorewall4/snat
index a240a09..8435e40 100644
--- a/shorewall4/snat
+++ b/shorewall4/snat
@@ -15,7 +15,14 @@
 ###########################################################################################################################################
 #ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
-MASQUERADE		10.255.0.0/16,\
+MASQUERADE		10.255.247.0/24,\
+			10.255.248.0/24,\
+			10.255.250.0/24,\
+			10.255.251.0/24,\
+			10.255.252.0/24,\
+			10.255.253.0/24,\
+			10.255.254.0/24,\
+			10.255.255.0/24,\
 			169.254.0.0/16,\
 			172.16.0.0/12,\
 			192.168.0.0/16		$NET_IFACE

From 33cf1b4718ad8ff70e1b0f6a451a4906808e0fe9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 14 Jun 2021 05:46:38 +0000
Subject: [PATCH 077/164] Update to 0.1026

---
 debian/changelog  | 6 ++++++
 debian9-x86_64.sh | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 33cf21b..12a86ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+omr-server (0.1026) unstable; urgency=medium
+
+    * Many changes
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Mon, 14 Jun 2021 07:43:42 +0200
+
 omr-server (0.1025-test) unstable; urgency=medium
 
     * Wireguard support and fixed
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 99f120a..098148c 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1025-test"
+OMR_VERSION="0.1026"
 
 DIR=$( pwd )
 #"

From a5cf11a449aaec4090e691486b5201f4ddc5c27d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 14 Jun 2021 05:47:42 +0000
Subject: [PATCH 078/164] Update server script

---
 debian9-x86_64.sh | 12 +++++++++---
 omr-service       | 26 ++++++++++++++------------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e3c515e..02baec9 100644
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -123,6 +123,11 @@ if [ "$UPDATE" = "yes" ]; then
 	fi
 	echo "Update mode"
 fi
+# Force update key
+[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
+	echo "Update OpenMPTCProuter repo key"
+	wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
+}
 
 echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
@@ -211,7 +216,7 @@ fi
 rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
-sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
 
 echo "Install tracebox OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
@@ -1157,7 +1162,7 @@ if [ "$update" = "0" ]; then
 	echo 'Your glorytun key: '
 	echo $GLORYTUN_PASS
 	if [ "$DSVPN" = "yes" ]; then
-		echo 'A Dead Simple VPN port: 65011'
+		echo 'A Dead Simple VPN port: 65401'
 		echo 'A Dead Simple VPN key: '
 		echo $DSVPN_PASS
 	fi
@@ -1204,7 +1209,7 @@ if [ "$update" = "0" ]; then
 	EOF
 	if [ "$DSVPN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
-		A Dead Simple VPN port: 65011
+		A Dead Simple VPN port: 65401
 		A Dead Simple VPN key: ${DSVPN_PASS}
 		EOF
 	fi
@@ -1227,6 +1232,7 @@ if [ "$update" = "0" ]; then
 		Your OpenMPTCProuter Server username: openmptcprouter
 		EOF
 	fi
+	systemctl -q restart sshd
 else
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
diff --git a/omr-service b/omr-service
index 1aa788f..6074fb6 100755
--- a/omr-service
+++ b/omr-service
@@ -60,19 +60,21 @@ _lan_route() {
 
 _gre_tunnels() {
 	. "$(readlink -f "/etc/shorewall/params.vpn")"
-	for intf in /etc/openmptcprouter-vps-admin/intf/*; do
-		if [ -f "$intf" ]; then
-			. "$(readlink -f "$intf")"
-			iface="$(basename $intf)"
-			if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
-				ip tunnel del $iface 2>&1 >/dev/null
-				ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR
-				ip link set $iface up
-				ip addr add $LOCALIP dev $iface
-				ip route add $NETWORK dev $iface 2>&1 >/dev/null
+	if [ -n "$OMR_ADDR" ]; then
+		for intf in /etc/openmptcprouter-vps-admin/intf/*; do
+			if [ -f "$intf" ]; then
+				. "$(readlink -f "$intf")"
+				iface="$(basename $intf)"
+				if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
+					ip tunnel del $iface 2>&1 >/dev/null
+					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
+					ip link set $iface up 2>&1 >/dev/null
+					ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
+					ip route add $NETWORK dev $iface 2>&1 >/dev/null
+				fi
 			fi
-		fi
-	done
+		done
+	fi
 }
 
 _openvpn_bonding() {

From e063e29ff98e1b494de23d1691d033add6a64266 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 15 Jun 2021 05:04:25 +0000
Subject: [PATCH 079/164] Fix vpspath for release

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bdbff00..cbb7d33 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -57,7 +57,7 @@ SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server-test"
+VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}

From ce4516fac273a6de7384c11fa045e6601741eed7 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 23 Aug 2021 13:50:00 +0000
Subject: [PATCH 080/164] Commit latest small changes in script

---
 debian9-x86_64.sh                 |  12 ++++++++----
 omr-pihole.sh                     |   5 +++++
 omr-service                       |  25 ++++++++++++++++++-------
 omr-test-speed                    |  12 ++++++------
 omr-test-speedv6                  |  12 ++++++------
 openmptcprouter-shorewall6.tar.gz | Bin 3780 -> 3803 bytes
 shorewall6/params.vpn             |   1 +
 7 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index cbb7d33..444a169 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -629,6 +629,8 @@ if [ "$OBFS" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/simple-obfs
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
 	fi
 	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
@@ -662,6 +664,8 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 		#cd /tmp
 		#rm -rf /tmp/simple-obfs
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
 	fi
 fi
@@ -1188,11 +1192,11 @@ else
 	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
 	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
 	cp ${DIR}/shorewall4/params /etc/shorewall/params
-	cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
-	cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
+	#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
+	#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
 	cp ${DIR}/shorewall6/params /etc/shorewall6/params
-	cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
-	cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
+	#cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
+	#cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
 	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
 	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
 	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
diff --git a/omr-pihole.sh b/omr-pihole.sh
index 20a023f..0981789 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
         echo "This script doesn't work with Debian Stretch (9.x)"
         exit 1
 fi
+if [ "$(id -u)" -ne 0 ]; then
+	echo "You must run the script as root"
+	exit 1
+fi
+
 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
 echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
 echo "Don't apply Pi-hole firewall rules."
diff --git a/omr-service b/omr-service
index f388c5d..c94e748 100755
--- a/omr-service
+++ b/omr-service
@@ -42,6 +42,15 @@ _glorytun_tcp() {
 
 _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
+		localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.251.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
+			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
+			systemctl restart dsvpn@dsvpn0
+		fi
+	fi
 }
 
 _shadowsocks() {
@@ -66,13 +75,15 @@ _omr_api() {
 _lan_route() {
 	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
 	while IFS=$"\n" read -r c; do
-		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
-		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c -r '.lanips[] //empty' | 
-			while IFS=$"\n" read -r d; do
-				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
-			done
+		if [ -n "$c" ]; then
+			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
+			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
+				echo "$c" | jq -c -r '.lanips[] //empty' | 
+				while IFS=$"\n" read -r d; do
+					network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+					[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+				done
+			fi
 		fi
 	done
 }
diff --git a/omr-test-speed b/omr-test-speed
index 863232f..15666e1 100644
--- a/omr-test-speed
+++ b/omr-test-speed
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -13,9 +13,9 @@ fi
 	exit 0
 }
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/omr-test-speedv6 b/omr-test-speedv6
index ca3d64d..3db10fe 100644
--- a/omr-test-speedv6
+++ b/omr-test-speedv6
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -14,9 +14,9 @@ fi
 }
 
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index d5769fae4f168217f983a780a6bdd3be7bb4e23a..eeb36f255423786ff3502b03dab8b9a259e435a2 100644
GIT binary patch
delta 3749
zcmV;W4qEZV9oroTABzY8C#?OE2Sk4}Ju^K|_Y93@zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-90^Rb-SmnUi($6-99<(y&|nW%9PV8itUh)SE296pDOoU{{JZ*)DDPo?}yHV
zy;$@~qd}TZJZnaIQgfDRNDa#l{gAlctsgG!*!4YP-}tMTI8efMBFG`}y&Hd#TX*3c
zk@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmtl;cEdm>j3+s;P3K
zrs^hVu+OPMb<VhwOkrHB{ovk`Lw;(iV=8M@H^?{N5X%xw%jESDHIo9C#ZP!e<gKJo
zO)$^yokie;XEyYGZl7r?*WiEfe>D%dcB}PWtM-HA&E4CKe`spk%(ro{=8R_n*J+p7
z#@$YLn@{JBQj4eUw}t#4kKcCNn>DvjJ7tk1UD&SL4QHE-{eJ(n#Hdj7Tv827F}C?V
zC%$q0sNqE=3A^Q5H0`M&34-#NfaKj0tHCRDn>DgMrzCr?-!HRDPc(lTxxuEiy;i?G
zT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x?<sl~|GT|1{$o;w
z|1Urr_)p$BVT7oDa@-;fV%W=I;SecT5i$f^CjkB=e()Q)>JY&6Tla1iGLvu&H41+4
z7`k`&F?lV#Asv|hMyG$(J|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7T9D9jNaWwf4|eE$
zPagdhnSmh*ow*x<t+`pn4sl}w_}cVC;9vT%CLS?q<;|UtH3Q-;BjVq(n~^dlvJ*v+
zH*!2Dv=>BM-7MT0Fw5@D@gj%V5eYCYx_9Q8tV0yUNCg4&2i1SGZhlW37xJ;~Y}7i(
z?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5TOLXYELV>aHms}LI_
zb0@alMFb3uozmA^_O&`h^<7)@+)wE2yyk<SRfQ5lB*moqkQeY8N!8F_Flu13xI?gM
zmQ=`OG{2t(M__+QZWs1lbQA_KGB5x~Fo2*b^FjM4gz<B3&~bVfc$~is8-3S1X{<m6
z|DIKn^FPJ5BZ&Vb1$JmJ_lW&S&*6W&(=XwF3vMd>e+hct|4%f8Arv1)?w!Z*>zy6C
z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-ZH<f%nF_17LXoAcacFDgfUH
zU>=Zo;lwe+*4QVA_^x-i0$4_TT!L-zmjwY}LCpz69}fh6WYsaaayI)Gg#KOL75XbP
zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f
zFhr|G43d9?NxVs{Km-GX2FXnfN>U}cx4|$u4vbmo!U%bJ3n)8Qza{XF@lsL*c`8zp
zXvHx!T}}e9dkNsGXeYFu$NjbO4F2N|pzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^
z{|@Z`Pr&EvcKR(W2kXD`|6YdFiEi<ts1I(P?^=InXLhS~)~U?*UxxyJ;m#iS+s3o!
ze_-rk{rB7bZs(-i$MxT8omT7rCFnEG|1_o|)!AQl_V>}VzXU~gf9`jXJgv*m-0-1Y
z@eEE=Wl6YR-^=QV$n=uR*}XK8%(L^UZkRPZg)8zB)WIV0f<QI1cKbj+rx@&*K3PoE
zRSkc2drZktm1XrxQbw7)lPPrLoD!J_xyp>?d!7D^3g*5J1H;u~pO1bRJ%j%zC!JRL
z{IB1w@c%{VGw@$W75Q5DKZ2{%$_D(2Z2&`(otuE)iL!u^9ED4UXxkEDAW0#;Twc|s
zk)-gMVIn$jZahuGu#+ZyPk8+T?*&y+nDu{3^G#{8QGN{ifdMJGd@N$6n9o8A4#<}g
zhQeguuZ=f(db!(05s^l^I@M}F7&I9@UY6H4z{;P?k};;@I#H)Gj6@+pQZ9K}DkMx5
zQ|E<?Vi|>A)$*>1zV~g6R?~k#H1eDoQ{TXy{jv&@X9c*b@TB^nCVB7dg*$(Z)){|$
z^_&%tX8~KA3GuU;6U0PRj6zG%x{X^mg|*nv+I;Xs44eX%*NNkhjOF3*YNMS*y1X6M
z8O`<XSl!LEx=T%gLP<3ohYuAwsE6a+;9bAr&X&Pu9zGU$B9F1K0_(hwHvLSuHtH<3
zhjogfACxMq-`Mjy8~6YEo^yPR5Ke!B(0K<)lfdM{PmA9;jC0}pb7y|cKoaMTwX`vM
z9~lKEP$>_em!#8JP!`r);D<5!2kG~~Ct;u)-P?2jA@XOxL`=%Ng&#h~E06fz#<=7I
zu`!=z3CnuLzFA|9ey`W<{pLDW^X)o5(LKW$XA`&+!8@G}Yfc;s8c82tleK@QZmUmO
zUziTEfU52jikoI&3pyD65W2!vCz~Z!cN<&lpS*qhw%F`!;i4uL*L|w22cp7fS^@2x
zwOhyd*GU4&8my+j+|k$i0p>Bfa(ijx)Bb<E-9IhIe|37@cIE%S1nt~!LQAst?=Mr=
zxc5|KK}q)#-lyGA_C(x?F%Ey=bE1q{ef6ZmiR}gU9XR)k$Oq(JxE@@`m~$V;!CABU
z@bGY)v*MG`<}zW4wnRL>kC%(xpK@?qimnDR2~TwRoDvQ0DFGjfoD&(Y#GSWW1BXmE
zr<z3-aLlMUxOSr2K6;mQ?-DwpLuXXzrUYHQ-hGEIseY~+l6gI7@3DU)KpITT2>Y}9
zK4|=i>VrLsKZMcOLG~-?gG}Vz_h2aL^a@=6eRcx29-v4g_>*9bjCS9Na~U=ruv;-L
zSshvIP!al*?oKw+@cJBgD2kZgt<|u@5@0M~%aUXcC7BMI@9eM%er|K=L=hrQlEs1?
z2lX62&;AzSf1TyBtyX_hhslprMZO*=eyuj)g_4wrp0!%KvD%PS*PwNi>RW}4kEKth
z`fxing$+nw_oVQOhwHiVF{IUMrl46vnI9Qjb>zFc4FPvOiw7KPi2#ajf}W^E0p(H2
zki#W_n2P&n9`r|qZ!ujK0+dzZO2Yiz>lJM5htkN>cym0cAHILbTT#+K6vpqYxr#!#
zw?n6xdidTL^E%xu45~4rs-!{cpuqNPY~4A&8#HAKI;-_@<4q0JUyXejG|?pCf~g~D
zkt$B11Xfe4DMN6_v4BQ(IjQ!>^_qbbE)bqj@MZ)lXHE9On$55Bi-kY47v)<lS4ZVE
zOjW0>@z9B4=na3U)mTk%!!pJc(1SG^-9yIo+_*MS+CjaJO0^$g5n;lIpbk?|4U;K`
zkf{wQN|Q`jijMYc_iB-BfGm*?`KfFUJlGo-ASg?&v+cPgOtk3eJoN4P%#PyZFym;l
zTEuSQehzzY#gC0g@9Z#NV=Og21SuxtMqN~l&<P5u^%{TH^d*hgL5F^v(kb2S&=X0?
z(~U1{V?WkKhshqpbn7tL8YjSXPuSEWO6+0cb%01go!}c}gKs0)T_3(jzc%^+7r5v6
z@Xy2d(PI=l%MSnna|dH#nP>dr+nR2S3%t?&HVdT8{3X7I2F3R>UL|jW0j#!OH+xwr
zDp(Im86|)I>iXVdFgHj7@gYN;NQz|e=LS_wxD+!F7hmYZVT0s#Li&c^I$^?JP-bDz
zc|#Jc#6lWLO13Zub+GG4sZ(&2+cZ#3Va!X4WeB>YnQ5hh%ulq5kyIhbl-DhQGIpa*
zG?|)7bFdV^62oG&03}s<iYJ~)1tP^lmN}*h#_WHjiK>FepGV(AyjJ)L$hww~6`?<A
zpdl7}_$W~$PgHd?#r-5{$b)5PIK%`2cjSuKMJo{%52ll1*+_vQ87TnSQ{_TYuV4&x
zDKRt1EJ2T;H52p`=VqGpO;Th@p-`78jI)Ahj4WtKff-B%k-%$68pl~yy;|*pQq9s$
zD>Z*)*NMl(i|MO#hQ<6LmYg|6o63-<n&@Z1iW$jtbKip<v|!HiZsQClE*2Xk%a{&_
z(och5FlB1epDa9+SEuHn->TIxqI)9!OmX9pU0VfJRhUc0ur7JBfbJOmaSE=omA`wE
zmSX-Dvx{~Z=f={~p)HD1ru{egOW?)fOGbav6!H#bw?DzynAx4COQ6)+pxz-}_J`kX
z`0H%`p@~I31_t#~5;LVw()4LI!&4)Na+sM!BuvxB*RWoA*#ccG6otuKCnOFsC;~MM
z*zTkqLM2dTQQ$SmH*&SVQuPZSI<JTc^UqXQtz;b7t*X!teheD>K{$=s{R_Z2Gj)Fx
z4M4bT7t3&NpW6>nGBn&w;CQg0f_xKF%*mG7TGNZUSqwq8DJbTp@eKJMV7tA1+pwLL
zY!J57*N*>o-rDtlx&u2N%O@sr!VXz3a1Y6oYnZ?(F?ZiAuDNr`M4-%8($>8?945Z_
zgf}j-TvX=d8i3^hgG30zCLW=QplpAtNpw0<FX=80t0QnGc2LbH>6!SCPODWu|81R|
zRPi4#LYwg)dCZ5Q@Md#jNB>zlp*?q;uMGd_SCJoo;>Zugkb2&c^i=)n6ZPgM7dua9
z-CRO)QHVcM9LW>E9>P5t|G}|e5J8tr;Lt%S{+I}d5g_bGN1*6Ae=f<Ac@2Mq2EY&7
zVx1SE)+7eM*=`;Ey9RCC&Rcl<9ane*83!5GX7YR!pLc><gD$Z#WDi{ON1##d0874J
z2llt$a2(Xv;z}<g|K%QfR+Li|`$6E$_ZkNJT>O8pSAPGm(>bYr|KmmIWAUH8f-g`|
zkuUZG+MUV;_%piz1s&PLYXE;=8H~Bf_f<iW#bC(v9>q(dmol@;HP&g3b@Ge+pvP|{
z48r@J<Nw>e&dFB%e}(@qL!S}<|1+vc_4-$Z{vSnu1|oZa{q(n)%xjH-efp~@TevJK
zTS<)6srlJh|FOEWUuwzT3d@68vp`u4EzVypV>f?5l&`3wiYlt8qKcEL4iA%`4iOFL
P&r1ITPlA_20C)fZM6_PA

delta 3704
zcmV-;4u|pE9mE|6ABzY8V0I~y2Sk58Ju^K|_Y8w(zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-92rebWU3R?&+&myM1!ne??k*)G4P`6x$&ouR`CCKUMCz{Qpxrs2vdF-VdDz
zd$H(~MuRk+c-D;aq~<KMkQ$a9`XO<>TR&XdvFm%pzVTNvaiE0jM36(`dpCa~x9-9@
zBJpG3kowa0$XZ+@7gq;)KMYlU!keU9JJ>7L4tT+oRE6U>L!IgZ<v5WVCdX;IYO0*5
zsk+G->~m^RoinZ^QyAB3Ke)H#ke{0Bn93T}4f4%5#Igj_GI@PO&7^>3@e^JVc`GSY
z6U?)FXAwBznGJ29+h>}}H8_9#U(Exq-D-W;s{P=2bN4pmADY@W^KBfgIpbNtb=oDi
zaktam=F@qjRO4y;Z6W{1<G0=RrsVc%r>v5s3)`aIaJI?V@Apqjj0!c+CDpJLW1HV|
z;v3hG8eUY=uv?a*X-{=Y5S04_H1C#J4PK$!tdZ?GCEa`dewkHzqSAlJ4K}sywfg1W
zGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0-|trV
z|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>FQSgJu
z(7n5l$!p;a>A>(eI<0^93AuR$|KJoVG#z`%{ECTgW8vO}cKArpgM^MlBL6miutVp2
z^60O~3>-=5%-sll&CM!yh#M2Y*QOr=|I&v!@rX$)Z|;Pw8c=T;5&xFmjFc&nohX95
zk>fd`y&&4^X5r3&S$1cR7dga^NPub4y)(~r9ik#estCA05YK;_`8{!5$j7>~Uh5pU
zv)WRLM+ExnwH>4WA@Kubd;>~9l7$W0Wt_*X3k;|TdC_?io$}&@9>>4NtiNwpAy!7_
zPHel22pAeWrLXtwYjcR|yY}XJoY2|1<b$78g%Uy}#iaU>7w{TM)i7Q#YT&ZCL-1*q
zRLEpBzn=w1;7EUN7xrCr6b8^U&;du#fnX`~LHj6#{&Q|HaC#SboWBekeb+l_tiS~S
zo(akMpJLk)#D9_kJG7U3#D1jb@W0*Zm+-%JdfKk=|0U@8_&>1_hERMIxpyAJuXlFn
z+BXY8hWI|gH{v;fngCKx0%uZ;I3BI;?wlxw99Ax4Bc6Y~1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXVwW5^oYO5J3l_Lvj;`l87YtHaI57fj$de=piq!0d+_5TMF+OFC|5gry?bZ
zRUAXr<s<;RmjJGcc0%iM++Q8f;6JVa%JF}%*RAmXB`6PV82bI*+Enz?v<B_{)$#27
zhwJkE?^p5Pi%{Uh68Leybv(QO)9buypS0SY&S`(Q)#)bj|4B9eFF~KN|D!PzsrG)V
zy`PWn{Uj)|`+c8-<Y`U5=YkJyihD4cDoeuk`d(H?M5dQi&hDj&WS*T*b;GRTE=-Y^
zpbZv@7X+%Awc7{sImIAi{$w#xS2eWlF(pG)mengs8D;uTrqGOYN@O1NDl?Yvb^0$V
znEQX)3<_6^eQy0TdItYbPC8}(55-#*{=Wo$2L9`4B3}#tM{spo`G7yM4`4{La~JSC
zQFdS;N8yqq+V(_vkf4xWF0bm+NK*LBF%g|NH=ZWov4bXjPk8+T?*&y+nD<KaO=+@G
zehl`32NH7q*olQ=K6|8mK)#IdC`9)C+IWAHr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbH
zEE!`et`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg
z*(=6bg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=YxMA
z;=vhUd7T6fNnaiguQuvQw9D&ZjnQ21j>&GO;x07>3MFDV4j(FUAcy1J;9bAr&X&Pu
z9&QUik;hnAfpy+TtA3_g8!}7vp-eIKgOafNjXkfke*drUImgEc;Uoy1cYrhrOfLMi
z_>IFj7rsAt=En>qaoku<8@>0DUSNL;mGW@EJRQb@v9Rg_Ka9ygNWTX$2?O2e-k$pp
zkw5z-Vp`rU{O~bedBpcN`X%p(jqxmNShg$n%_?j3d%bS&H_KSfw`F{yd4@6025={e
zcRC$boj4XWl0Lp9YfIfWpR&C$8)OG+x=$Exnt?Uw;PgXi3Y(p5l$h)`*4BSNdHeQl
zvD(?fMN2Bq`_xzuM1{|+0_r(yw~q0zlN=;!FiC&8Cl~7nSjQO3?WK-S$N%ki|FnGm
zr_<|ps`&pUXy<VgdXjZ~f0>5Hy{DcmmuxTLeL4(fPeh#<p96o+DN`n|o(P=SUSQur
zaKDIrK<<U>!F7x|_i-GYHJg7A4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5t
zDbe7b5{RM5Ig#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx
z>gTE<nb(8%9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLV3yuORf_XCq+g
z0fsb!KMCf@X!ngcmtoNXs}<9d)se+E6`?)p>SQAgug`IXqKN6;+6+4^0r~=#EJ@~2
zlIfuN&JLRp=Qfv46d}?iS?rM8pq|6$+211kud`gX)JkNS{76;g>w)6eY7<^4X^H4r
ztECI84NY|oYB#CARoH*{So&nD54TfO*nsqPOA1H)UC)h=A+1(31<e}D{K(jnk+14D
z6x{VF9&l(S0vNgpcA^pmj7KFy4yOQODz2Y-upbe=#dKN-P*#O23G;VvSFo@jN+V0-
z&GDdq_#SUXN&isjzq95l3gO-konq?Ydt=P&bh9v+#)ztt2C0980^6^#b?5kQ(3C0I
ztk%bcH#N|HHTGf9#FB&yW{zM*syKxbD5h3Zh7gWp0gdW%BKF4hnt>B85S~!+W&|l`
zP4>a6&9Cx{g+H?w<y$OQN8>b1Ri~`-(1~Jb4VcwfO>o09#uU(lRT|wx#`N5{Hc;C^
zy^cn;A7Bw-z=wZe4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h
z<+&tGwCLzO^zHe~j^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w8
z8cO<-%Ijc5KTheCZZ_zNq~z(wm({T!@1nzCk72lV7;Jxy6JWR}Z0Hds_Au}|K%}5f
z@C~BDw-Kza58q>48-0KaTyuQ*=i&S4F^Zk#2Y`UNgJ&UGWc=aVnr@5>ywUwO3#82a
zCBB9P#rM)*rD%cythSyvdzmRJcn?V#CGqO|-eNE}NDg8{hB%QF$>7fos+e#oW)UvF
z(1qOw$?JcF^bN0d!i2w|%)_4Zh9p>thcuFuY+?@T;Mb4Rpx`L?X<(Ydn3ojG5Ohg1
zQ=x*)Pqc}Vh!AAT>lQ#6yHO{aOwFV^m<r&DVKQ2PlBzt#9nVC7NU@M*j;UhtV%iu{
zRnYnK7<-7<3O@l|*ZQ#{^d}80#9|L0C2Hh}s&0R#xSu2qdGPEEhnOM|j$HA&XeFxR
z#&l9F>nU&~BLyIPs$3}Q74(5FC2j_pC1?@UW`cd<*i4hQNs25f6l9sgI4g+G$byO#
z7{OE#38IFiavWvVtJN+j)hyk#Qb%^3L`=MxzB*-CEFNOXSwOUD40)=FaR$tokxVz&
zJ=lLh3&t#OHjZEtVzExLjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y
z3Jb{?)+J9CFdU;lP9apb@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LE
zC+Hh9yVG<Dj9MGiJEY70@VgCvoy|XVv1otCz@T1AVrKM7nm)}&cxvQO4kMGOglXFN
z8s-ZxTVRWYqA+;tgd{))L!gEM%bm1AXauS(3cLpSMsD_3s(!&k;}tPs{+a5kmGlF<
zRTbL7k3nNU2&XZ>e*qY0reUH12$!v58P4r<`5{V%hKmX84|b>^UxXBMvT3%q^kRQ*
zc7`BZ6cqE)^9=bKV7tD2*|43JED*NS*Ma|b-a7Pux&b@x%O?hL!Zukha1F_mYZ$;O
zF?U}r&bf2RM4-%O($>8?944{&gf}j-Tr}q78i3^h4~Y<jP255g!Pr!j=yal9(p_v;
zM-WWxK+GrUne!i=R;#@K+dAo0=Rbd5gf`EA<Yzt%g*TfMJNnPc3GKP#eC6?ves%KW
zPkizNF{GY1B;8eidPlvv$;I~5Su>ZATvXzZbdKbSUytCPJpaM5Uy#6%OyDp;DgKxQ
zhbKVTk4`|*bN*bCCG#3O4S*k(#X2v7)LZAf*4bIJ-8%Yr4eGd^xA68muJC^bDt0o=
z&E)weKJNsx23ul%$R4=lk3gf^0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~C
zpwFHE@Ab;>e|0)1)$c#N2z~7QXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{a
zk;TK1={>5KoL<V@D%V)2HP%$gFY<#9zmf0|-tT<=zuoJcY@h$H@c%{VGtU42j3!dO
z{#Bv>N70{w$R1!n{cRreT4P|J{%Xb+E=$T*5+ikLem2&BOm_B59obu9`C-=Vpe!Df
WoDMP%sG^GgjPySSZ@`TJcmM!)=v)v0

diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn
index e69de29..a7a7058 100644
--- a/shorewall6/params.vpn
+++ b/shorewall6/params.vpn
@@ -0,0 +1 @@
+OMR_ADDR=fe80::a00:2

From d7dacc3e728fa9747bbf629d5ef51052d017ec85 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 23 Aug 2021 13:51:22 +0000
Subject: [PATCH 081/164] Update ubond

---
 debian9-x86_64.sh | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 098148c..f970370 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -43,7 +43,7 @@ GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
 MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
-UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
+UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
 OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
@@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1026"
+OMR_VERSION="0.1026-test"
 
 DIR=$( pwd )
 #"
@@ -1189,11 +1189,11 @@ else
 	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
 	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
 	cp ${DIR}/shorewall4/params /etc/shorewall/params
-	cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
-	cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
+	#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
+	#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
 	cp ${DIR}/shorewall6/params /etc/shorewall6/params
-	cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
-	cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
+	#cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
+	#cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
 	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
 	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
 	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat

From 16e01d1120f6f9baf13ab5e80b601fec12e6e739 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 19 Nov 2021 21:03:15 +0000
Subject: [PATCH 082/164] Various fixes

---
 debian9-x86_64.sh |  8 ++++----
 omr-service       | 10 ++++++----
 shadowsocks.conf  |  2 +-
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 444a169..d71a6e9 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -166,7 +166,7 @@ echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
-apt-get update
+apt-get update --allow-releaseinfo-change
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -179,7 +179,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:stretch:buster:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
@@ -189,7 +189,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:bionic:focal:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
@@ -252,7 +252,7 @@ elif [ "$ID" = "ubuntu" ]; then
 fi
 # Install mptcp kernel and shadowsocks
 echo "Install mptcp kernel and shadowsocks..."
-apt-get update
+apt-get update --allow-releaseinfo-change
 sleep 2
 apt-get -y install dirmngr patch rename curl libcurl4 unzip
 
diff --git a/omr-service b/omr-service
index c94e748..a51b564 100755
--- a/omr-service
+++ b/omr-service
@@ -73,15 +73,17 @@ _omr_api() {
 }
 
 _lan_route() {
-	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
+	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' |
 	while IFS=$"\n" read -r c; do
 		if [ -n "$c" ]; then
 			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-				echo "$c" | jq -c -r '.lanips[] //empty' | 
+				echo "$c" | jq -c -r '.lanips[]? //empty' | 
 				while IFS=$"\n" read -r d; do
-					network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-					[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+					if [ "$d" != "" ]; then
+						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+					fi
 				done
 			fi
 		fi
diff --git a/shadowsocks.conf b/shadowsocks.conf
index 5fb5da0..d6d760a 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -60,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 2
 net.mptcp.mptcp_scheduler = blest
-net.ipv4.tcp_ecn=1
+net.ipv4.tcp_ecn = 2

From 2b5afea3a1a3fd2b1eeb7d7c9f7aaf4c42ac3e92 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 11 Feb 2022 15:54:58 +0000
Subject: [PATCH 083/164] Fix

---
 debian9-x86_64.sh | 128 +++++++++++++++++++++++++++++++++++++---------
 multipath         | 123 +++++++++++++++++++++++++++++++-------------
 omr-pihole.sh     |   1 +
 omr-service       |   6 ++-
 shadowsocks.conf  |   2 +-
 ubond.network     |  17 ++++++
 ubond0.conf       |  42 +++++++++++++++
 ubond@.service.in |  16 ++++++
 8 files changed, 273 insertions(+), 62 deletions(-)
 mode change 100644 => 100755 multipath
 create mode 100644 ubond.network
 create mode 100644 ubond0.conf
 create mode 100644 ubond@.service.in

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 27938fc..3fcf1bc 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -6,6 +6,7 @@
 # See /LICENSE for more information.
 #
 
+UPSTREAM=${UPSTREAM:-no}
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@@ -29,32 +30,47 @@ OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
+if [ "$UPSTREAM" = "yes" ]; then
+	SOURCES="yes"
+fi
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.100"
-KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
+KERNEL_VERSION="5.4.132"
+KERNEL_PACKAGE_VERSION="1.19+4f508aa"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
+if [ "$UPSTREAM" = "yes" ]; then
+	KERNEL_VERSION="5.15.13"
+	KERNEL_PACKAGE_VERSION="1.5"
+	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
+fi
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
-GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
+GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
-MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
-MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
+MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
+MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
 OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
+if [ "$UPSTREAM" = "yes" ]; then
+	OMR_ADMIN_VERSION="2a8f642f89a982d2c26c3e176f6c4c1e3e91ffcb"
+fi
 OMR_ADMIN_BINARY_VERSION="0.3+20210508"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="4.35.1"
+V2RAY_VERSION="4.43.0"
 V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
-SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
+SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
+if [ "$UPSTREAM" = "yes" ]; then
+	SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
+fi
+IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
@@ -62,7 +78,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1026-test"
+OMR_VERSION="0.1027-test"
 
 DIR=$( pwd )
 #"
@@ -82,14 +98,14 @@ if test -f /etc/os-release ; then
 else
 	. /usr/lib/os-release
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then
-	echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)"
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
+	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
 	exit 1
 elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
 	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
 	exit 1
 fi
 
@@ -166,7 +182,7 @@ echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
-apt-get update
+apt-get update --allow-releaseinfo-change
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -179,7 +195,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:stretch:buster:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
@@ -189,7 +205,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:bionic:focal:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
@@ -235,6 +251,17 @@ else
 		Pin: origin ${REPO}
 		Pin-Priority: 1001
 	EOF
+	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
+		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
+		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+			Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
+			Package: *
+			Pin: origin ${REPO}
+			Pin-Priority: 1002
+		EOF
+	else
+		rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
+	fi
 	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 fi
 
@@ -252,9 +279,9 @@ elif [ "$ID" = "ubuntu" ]; then
 fi
 # Install mptcp kernel and shadowsocks
 echo "Install mptcp kernel and shadowsocks..."
-apt-get update
+apt-get update --allow-releaseinfo-change
 sleep 2
-apt-get -y install dirmngr patch rename curl libcurl4 unzip
+apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
 
 if [ "$SOURCES" = "yes" ]; then
 	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
@@ -267,7 +294,7 @@ if [ "$SOURCES" = "yes" ]; then
 	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
 	#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
 	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
-		echo "Install kernel linux-image-${KERNEL_RELEASE}"
+		echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
 		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
 		dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
 		dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
@@ -300,6 +327,32 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
 echo "Install iperf3 OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 
+if [ "$UPSTREAM" = "yes" ]; then
+	echo "Compile and install mptcpize..."
+	apt-get -y install --no-install-recommends build-essential
+	cd /tmp
+	git clone https://github.com/Ysurac/mptcpize.git
+	cd mptcpize
+	make
+	make install
+	cd /tmp
+	rm -rf /tmp/mptcpize
+	echo "Compile and install iproute2..."
+	apt-get -y install --no-install-recommends bison libbison-dev flex
+	#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
+	#tar xzf iproute2-5.16.0.tar.gz
+	#cd iproute2-5.16.0
+	git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git 
+	cd iproute2
+	git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
+	make
+	make install
+	cd /tmp
+	rm -rf iproute2
+	echo "MPTCPize iperf3..."
+	mptcpize enable iperf3
+fi
+
 apt-get -y remove shadowsocks-libev
 
 if [ "$SOURCES" = "yes" ]; then
@@ -347,6 +400,7 @@ if [ "$SOURCES" = "yes" ]; then
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
+	apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
 	sleep 1
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
@@ -469,9 +523,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		apt-get -y remove python3-jwt
 		pip3 -q install pyjwt
 	else
-		apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
+		if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then
+			apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
+			pip3 -q install uvloop
+		else
+			apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
+		fi
 	fi
-	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil
+	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
@@ -534,6 +593,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		systemctl enable omr-admin-ipv6.service
 	}
 	systemctl enable omr-admin.service
+	if [ "$UPSTREAM" = "yes" ]; then
+		mptcpize enable omr-admin.service
+		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
+	fi
 fi
 
 # Get shadowsocks optimization
@@ -687,14 +750,17 @@ if [ "$V2RAY" = "yes" ]; then
 	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
-		rm /etc/v2ray/config.json
-		ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	fi
+	rm -f /etc/v2ray/config.json
+	ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
 		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
 	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
+	if [ "$UPSTREAM" = "yes" ]; then
+		mptcpize enable v2ray
+	fi
 fi
 
 if systemctl -q is-active mlvpn@mlvpn0.service; then
@@ -717,7 +783,8 @@ if [ "$MLVPN" = "yes" ]; then
 		rm -rf /tmp/mlvpn
 		cd /tmp
 		#git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn
-		git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
+		#git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn
+		git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn
 		#git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn
 		cd /tmp/mlvpn
 		git checkout ${MLVPN_VERSION}
@@ -936,6 +1003,9 @@ if [ "$OPENVPN" = "yes" ]; then
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
+	if [ "$UPSTREAM" = "yes" ]; then
+		mptcpize enable openvpn@tun0
+	fi
 	systemctl enable openvpn@bonding1.service
 	systemctl enable openvpn@bonding2.service
 	systemctl enable openvpn@bonding3.service
@@ -1047,6 +1117,9 @@ if [ "$DSVPN" = "yes" ]; then
 		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
+	if [ "$UPSTREAM" = "yes" ]; then
+		mptcpize enable dsvpn-server@dsvpn0
+	fi
 fi
 
 # Install Glorytun TCP
@@ -1068,8 +1141,15 @@ if [ "$SOURCES" = "yes" ]; then
 	apt-get -y install build-essential pkg-config autoconf automake
 	rm -rf /tmp/glorytun-0.0.35
 	cd /tmp
-	wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
+	if [ "$UPSTREAM" = "yes" ]; then
+		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
+	else
+		wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
+	fi
 	tar xzf glorytun-0.0.35.tar.gz
+	if [ "$UPSTREAM" = "yes" ]; then
+		mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
+	fi
 	cd glorytun-0.0.35
 	./autogen.sh
 	./configure
diff --git a/multipath b/multipath
old mode 100644
new mode 100755
index cee0743..e92d0c6
--- a/multipath
+++ b/multipath
@@ -6,9 +6,8 @@
 # Released under GPL 3 or later
 
 if [ -d "/proc/sys/net/mptcp" ]; then
-        if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then
+        if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
                 echo "MPTCP is disabled!"
-                echo "Please set net.mptcp.mptcp_enabled = 1"
                 exit 1
         fi
 else
@@ -26,7 +25,7 @@ case $1 in
         echo "  multipath device {on | off | backup | handover}"
         echo
         echo "show established conections: -c"
-        echo "show mullmesh info: -f"
+        echo "show fullmesh info: -f"
         echo "show kernel config: -k"
         echo
         echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
@@ -43,12 +42,28 @@ case $1 in
         cat /proc/net/mptcp_fullmesh
         exit 0;;
    "-k")
-        echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
-        echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
-        echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
-        echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
-        echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
-        echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
+        if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+            echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
+        elif [ -f /proc/sys/net/mptcp/enabled ]; then
+            echo Enabled: `cat /proc/sys/net/mptcp/enabled`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
+            echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
+            echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
+        else
+            echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
+            echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
+            echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
+        fi
+        if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
+            echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
+        fi
         echo
         echo See http://multipath-tcp.org/ for details
         exit 0 ;;
@@ -65,38 +80,74 @@ TYPE="$2"
 #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
 
 [ -d "/sys/class/net/$DEVICE/" ] || {
-        echo "Device '$DEVICE' can't found!"
-        echo "Use the hardware name like in ifconfig"
+        #echo "Device '$DEVICE' can't found!"
+        #echo "Use the hardware name like in ifconfig"
         exit 1
 }
 
-FLAG_PATH="/sys/class/net/$DEVICE/flags"
-IFF=`cat $FLAG_PATH`
+if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+        FLAG_PATH="/sys/class/net/$DEVICE/flags"
+        IFF=`cat $FLAG_PATH`
 
-IFF_OFF="0x80000"
-IFF_ON="0x00"
-IFF_BACKUP="0x100000"
-IFF_HANDOVER="0x200000"
-IFF_MASK="0x380000"
+        IFF_OFF="0x80000"
+        IFF_ON="0x00"
+        IFF_BACKUP="0x100000"
+        IFF_HANDOVER="0x200000"
+        IFF_MASK="0x380000"
 
-case $TYPE in
-        "off")          FLAG=$IFF_OFF;;
-        "on")           FLAG=$IFF_ON;;
-        "backup")       FLAG=$IFF_BACKUP;;
-        "handover")     FLAG=$IFF_HANDOVER;;
-        "")
-                IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
-                case "$IFF" in
-                        $IFF_OFF)       echo $DEVICE is deactivated;;
-                        $IFF_ON)        echo $DEVICE is in default mode;;
-                        $IFF_BACKUP)    echo $DEVICE is in backup mode;;
-                        $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
-                        *) echo "Unkown state!" && exit 1;;
-                esac
-                exit 0;;
-        *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
-esac
+        case $TYPE in
+                "off")          FLAG=$IFF_OFF;;
+                "on")           FLAG=$IFF_ON;;
+                "backup")       FLAG=$IFF_BACKUP;;
+                "handover")     FLAG=$IFF_HANDOVER;;
+                "")
+                        IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
+                        case "$IFF" in
+                                $IFF_OFF)       echo $DEVICE is deactivated;;
+                                $IFF_ON)        echo $DEVICE is in default mode;;
+                                $IFF_BACKUP)    echo $DEVICE is in backup mode;;
+                                $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
+                                *) echo "Unkown state!" && exit 1;;
+                        esac
+                        exit 0;;
+                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
+        esac
 
-printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
+        printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
+else
+        ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
+        IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
+        IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
+        [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
+        case $TYPE in
+                "off")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        exit 0;;
+                "on")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
+                        exit 0;;
+                "signal")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
+                        exit 0;;
+                "backup")
+                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
+                        exit 0;;
+                "")
+                        case "$IFF" in
+                                "")          echo $DEVICE is deactivated;;
+                                "subflow")   echo $DEVICE is in default mode;;
+                                "backup")    echo $DEVICE is in backup mode;;
+                                "signal")    echo $DEVICE is in signal mode;;
+                                "fullmesh")  echo $DEVICE is in fullmesh mode;;
+                                *)           echo "$DEVICE Unkown state!" && exit 1;;
+                        esac
+                        exit 0;;
+                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
+        esac
 
+fi
 
diff --git a/omr-pihole.sh b/omr-pihole.sh
index 20a023f..8310b72 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -33,6 +33,7 @@ cat >> /etc/pihole/setupVars.conf <<-EOF
 PIHOLE_INTERFACE=gt-tun0
 IPV4_ADDRESS=10.255.0.0/16
 IPV6_ADDRESS=fe80::aff:ff01/64
+RATE_LIMIT=0/0
 EOF
 
 grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf
diff --git a/omr-service b/omr-service
index f388c5d..b55a9c4 100755
--- a/omr-service
+++ b/omr-service
@@ -7,7 +7,11 @@ _multipath() {
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
 			if [ "$intf" = "$NET_IFACE" ]; then
-				[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
+				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
+				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
+					multipath $intf signal
+					ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
+				}
 			else
 				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
 			fi
diff --git a/shadowsocks.conf b/shadowsocks.conf
index 5fb5da0..d6d760a 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -60,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 2
 net.mptcp.mptcp_scheduler = blest
-net.ipv4.tcp_ecn=1
+net.ipv4.tcp_ecn = 2
diff --git a/ubond.network b/ubond.network
new file mode 100644
index 0000000..814ae03
--- /dev/null
+++ b/ubond.network
@@ -0,0 +1,17 @@
+[Match]
+Name=ubond*
+
+[Network]
+Description=UBOND tunnel
+Address=10.255.248.1/24
+DHCPServer=yes
+IPMasquerade=yes
+
+[DHCPServer]
+PoolOffset=2
+PoolSize=50
+EmitDNS=no
+EmitNTP=no
+DNS=9.9.9.9
+DefaultLeaseTimeSec=12h
+MaxLeaseTimeSec=24h
\ No newline at end of file
diff --git a/ubond0.conf b/ubond0.conf
new file mode 100644
index 0000000..b6063fd
--- /dev/null
+++ b/ubond0.conf
@@ -0,0 +1,42 @@
+[general]
+tuntap = "tun"
+mode = "server"
+interface_name = "ubond0"
+timeout = 30
+password = "UBOND_PASS"
+reorder_buffer = yes
+reorder_buffer_size = 64
+loss_tolerence = 50
+
+[wan1]
+bindport = 65251
+bindhost = "0.0.0.0"
+
+[wan2]
+bindport = 65252
+bindhost = "0.0.0.0"
+
+[wan3]
+bindport = 65253
+bindhost = "0.0.0.0"
+
+[wan4]
+bindport = 65254
+bindhost = "0.0.0.0"
+
+[wan5]
+bindport = 65255
+bindhost = "0.0.0.0"
+
+[wan6]
+bindport = 65256
+bindhost = "0.0.0.0"
+
+[wan7]
+bindport = 65257
+bindhost = "0.0.0.0"
+
+[wan8]
+bindport = 65258
+bindhost = "0.0.0.0"
+
diff --git a/ubond@.service.in b/ubond@.service.in
new file mode 100644
index 0000000..18f8be6
--- /dev/null
+++ b/ubond@.service.in
@@ -0,0 +1,16 @@
+[Unit]
+Description=UBOND connection to %i
+PartOf=ubond.service
+ReloadPropagatedFrom=ubond.service
+After=network.target network-online.target
+
+[Service]
+Type=notify
+NotifyAccess=main
+ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
+ExecReload=/bin/kill -HUP $MAINPID
+WorkingDirectory=/etc/ubond
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

From a8553ba64f47afe4b544b093952b6b8c55919aae Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 11 Feb 2022 15:56:10 +0000
Subject: [PATCH 084/164] Add missing package

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index d71a6e9..e846ce2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -471,7 +471,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	else
 		apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 	fi
-	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil
+	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U

From 4fbb8d08f3a3e39cea587602954e4ff9f02743a4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 9 Aug 2022 18:36:09 +0000
Subject: [PATCH 085/164] Push latest scripts changes

---
 debian9-x86_64.sh                |  81 +++++++++++++++++++++++++------
 multipath                        |   2 +-
 omr-service                      |  51 +++++++++++--------
 openmptcprouter-shorewall.tar.gz | Bin 4136 -> 4192 bytes
 shorewall4/interfaces            |   1 +
 shorewall4/policy                |   2 +
 shorewall4/shorewall.conf        |  10 ++--
 shorewall4/stoppedrules          |   2 +
 shorewall4/tcinterfaces          |   2 +-
 shorewall4/zones                 |   1 +
 10 files changed, 108 insertions(+), 44 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3fcf1bc..232e25d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -38,12 +38,12 @@ REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
-KERNEL_VERSION="5.4.132"
-KERNEL_PACKAGE_VERSION="1.19+4f508aa"
+KERNEL_VERSION="5.4.207"
+KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 if [ "$UPSTREAM" = "yes" ]; then
-	KERNEL_VERSION="5.15.13"
-	KERNEL_PACKAGE_VERSION="1.5"
+	KERNEL_VERSION="5.15.57"
+	KERNEL_PACKAGE_VERSION="1.6"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
 fi
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
@@ -55,15 +55,12 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
-if [ "$UPSTREAM" = "yes" ]; then
-	OMR_ADMIN_VERSION="2a8f642f89a982d2c26c3e176f6c4c1e3e91ffcb"
-fi
-OMR_ADMIN_BINARY_VERSION="0.3+20210508"
+OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024"
+OMR_ADMIN_BINARY_VERSION="0.3+20220715"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.43.0"
-V2RAY_PLUGIN_VERSION="4.35.1"
+V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 if [ "$UPSTREAM" = "yes" ]; then
@@ -73,6 +70,7 @@ IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
+VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
 VPSPATH="server-test"
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
@@ -182,7 +180,11 @@ echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
-apt-get update --allow-releaseinfo-change
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
+	apt-get update
+else
+	apt-get update --allow-releaseinfo-change
+fi
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -283,6 +285,18 @@ apt-get update --allow-releaseinfo-change
 sleep 2
 apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
 
+if [ -z "$(dpkg-query -l | grep grub)" ]; then
+	if [ -d /boot/grub2 ]; then
+		apt-get -y install grub2
+	elif [ -d /boot/grub ]; then
+		apt-get -y install grub-legacy
+	fi
+	[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
+		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
+	}
+fi
+
+
 if [ "$SOURCES" = "yes" ]; then
 	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
@@ -317,6 +331,7 @@ if [ "$LOCALFILES" = "no" ]; then
 else
 	cd ${DIR}
 fi
+[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
 rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
@@ -430,7 +445,7 @@ if [ "$SOURCES" = "yes" ]; then
 	rm -f /var/lib/dpkg/lock-frontend
 	cd /tmp
 	#dpkg -i shadowsocks-libev_*.deb
-	dpkg -i omr-shadowsocks-libev_*.deb
+	dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
 	#mkdir -p /usr/lib/shadowsocks-libev
 	#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
 	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
@@ -530,8 +545,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 		fi
 	fi
-	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests
+	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
 	echo '-- pip3 install needed python modules'
+	echo "If you see any error here, I really don't care: it's about a not used module for home users"
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
@@ -901,6 +917,34 @@ if [ "$WIREGUARD" = "yes" ]; then
 		EOF
 	fi
 	systemctl enable wg-quick@wg0
+	if [ ! -f /etc/wireguard/client-wg0.conf ]; then
+		cd /etc/wireguard
+		umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key
+		cat > /etc/wireguard/client-wg0.conf <<-EOF
+		[Interface]
+		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
+		ListenPort = 65311
+		Address = 10.255.246.1/24
+		SaveConfig = true
+		
+		[Peer]
+		PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n")
+		AllowedIPs = 10.255.246.2/32
+		EOF
+	fi
+	if [ ! -f /root/wireguard-client.conf ]; then
+		cat > /root/wireguard-client.conf <<-EOF
+		[Interface]
+		Address = 10.255.246.2/24
+		PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n")
+		
+		[Peer]
+		PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n")
+		Endpoint = ${VPS_PUBLIC_IP}:65312
+		AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24
+		EOF
+	fi
+	systemctl enable wg-quick@client-wg0
 	echo "Install wireguard done"
 fi
 
@@ -964,7 +1008,7 @@ if [ "$OPENVPN" = "yes" ]; then
 			make-cadir /etc/openvpn/ca
 		fi
 		cd /etc/openvpn/ca
-		./easyrsa init-pki
+		./easyrsa init-pki 2>&1 >/dev/null
 		./easyrsa --batch build-ca nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass
@@ -1024,6 +1068,7 @@ fi
 if [ "$SOURCES" = "yes" ]; then
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
+	rm -f /usr/bin/glorytun
 	apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
 	rm -rf /tmp/glorytun-udp
 	cd /tmp
@@ -1068,7 +1113,8 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-udp
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
+	rm -f /usr/local/bin/glorytun
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
 	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 fi
 [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
@@ -1138,6 +1184,7 @@ if [ "$SOURCES" = "yes" ]; then
 	fi
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
+	rm -f /usr/bin/glorytun-tcp
 	apt-get -y install build-essential pkg-config autoconf automake
 	rm -rf /tmp/glorytun-0.0.35
 	cd /tmp
@@ -1172,7 +1219,8 @@ if [ "$SOURCES" = "yes" ]; then
 	cd /tmp
 	rm -rf /tmp/glorytun-0.0.35
 else
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
+	rm -f /usr/local/bin/glorytun-tcp
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
 fi
 [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
 
@@ -1281,6 +1329,7 @@ else
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
 fi
+[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then
 	apt-get -y install iptables
 	update-alternatives --set iptables /usr/sbin/iptables-legacy
diff --git a/multipath b/multipath
index e92d0c6..41c3880 100755
--- a/multipath
+++ b/multipath
@@ -117,7 +117,7 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
 else
         ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
         IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
-        IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+        IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
         [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
         case $TYPE in
diff --git a/omr-service b/omr-service
index b55a9c4..9f8bb57 100755
--- a/omr-service
+++ b/omr-service
@@ -20,26 +20,32 @@ _multipath() {
 }
 
 _glorytun_udp() {
-	[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
-		logger -t "OMR-Service" "Restart Glorytun-UDP"
-		systemctl -q restart 'glorytun-udp@*'
-	}
-	for intf in /etc/glorytun-udp/tun*; do
-		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
-	done
+	if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
+		[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
+			logger -t "OMR-Service" "Restart Glorytun-UDP"
+			systemctl -q restart 'glorytun-udp@*'
+			sleep 10
+		}
+		for intf in /etc/glorytun-udp/tun*; do
+			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
+		done
+	fi
 }
 
 _glorytun_tcp() {
-	for intf in /etc/glorytun-tcp/tun*; do
-		[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
-	done
-	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
-		localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
-		[ -z "$localip" ] && localip="10.255.255.1"
-		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then
-			logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
-			systemctl restart glorytun-tcp@tun0
+	if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
+		for intf in /etc/glorytun-tcp/tun*; do
+			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
+		done
+		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
+			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
+			[ -z "$localip" ] && localip="10.255.255.1"
+			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
+				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
+				systemctl restart glorytun-tcp@tun0
+				sleep 10
+			fi
 		fi
 	fi
 }
@@ -49,19 +55,22 @@ _dsvpn() {
 }
 
 _shadowsocks() {
-	[ -z "$(pgrep ss-server)" ] && {
+	[ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
 		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
 		systemctl restart shadowsocks-libev-manager@manager
 	}
 }
 
 _wireguard() {
-	[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+	if [ -n "$(systemctl -a | grep 'wg')" ]; then
+		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
+		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null
+	fi
 }
 
 
 _omr_api() {
-	[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
+	[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Restart OMR-Admin"
 		systemctl -q restart omr-admin
 	}
@@ -71,7 +80,7 @@ _lan_route() {
 	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
 	while IFS=$"\n" read -r c; do
 		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
-		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
+		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then
 			echo "$c" | jq -c -r '.lanips[] //empty' | 
 			while IFS=$"\n" read -r d; do
 				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 356841434047882f570e6ccb2c8c8c84ccfd1e9a..67d46c4e05633e7be5618a85267cacb4c9a732fd 100644
GIT binary patch
literal 4192
zcmV-m5TEZKiwFP<!|!4M1MM7ZbE8IbzoK6;CHs=yI?EF175hq;Lx3dC2nZlMPF)p+
zC2UiXKnG|YUuysR^~?Z5NM3ESlAX)Z-W5zwPxm}}x_e-TY2f>D=uCfpcRXkSbXqNP
z1t?zGF5I&%uG4I`n%yq<uEDY`xS+-n>y*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p
z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BP<U<xIVgVgB6RP~-7^$F
zFI`k!I6lg_)iQ2XVE6q%Gse7ynw67RfyxOlShA)v3}b2&Ly#ColuV0ZbVIW=M$|O}
z5+=D!Ovzx(8`%;@mCE<tJv!wlmNt?UT{2Ac%{R!l1<SU0V<=gaz_$4@uZp})i7JA1
z`RLA<Zg}ZHAIzLfU1Mqt{<oSf8Me{*u2K2k^=ICFT7F>Z+lBAr<+@}%T{0Y7C^l+x
z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD
zL^VGu)Ua9PqU*c5WVtN%3Dmq<C~ESmv|TiEe78{dcBfM;D(?^)dCSe(wi}&dZ<*?N
zS4n?SD9Uz<V`%Lh`*>sUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z
zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS
zIE8cIC<M#r(0h1{(R<+o;$Zk|T!U?)yJzqaZcd=(It$`iEbKVu-d*T~&j|aF&~;H1
z+{aH&=>82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg
z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw
zvFx<hxN|m@mT){n&{yxB7}q~U!4enz0F{15a|dddmOLk2V1giA7Q0VmNW3_f&f{NV
z(%<*15DP;yH+H;v1O;jbg#-BZwI!(@+M#Em0(WrECqHSbgb<QdOELz$fbTJAIt~@g
z3OFm~6ug-&<4k7uI9;BB-?*PU57Ai&J>)`<K*P`cAX==#`{*o!p`N-VtJkP}T>8vI
zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$
z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa
zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp
zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_<Cu8XI6&Cng9TZEQ^wwL0g*wl$W;I=&<qjZ
z<3oL)2|MDf+>Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{}
z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^
z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm
zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p
zT<fOIi=xqENgzP}vlVS@Y+<<yrlq!mu4o(OBJO`4mciVcJ|9=czURLUu9H3g<(lOE
zU!zg_|5t%8c>b#s6)B(nmd}1)eD+JN$l;&+p3oPyC<Xk!7Ue+K6j``krxk686zN)0
z(zHC5t;_zzFs%xHCYdjbV9m3U<^@60tu3<qr(IM9EGm|If$RmDMKqosc@PavC(l$F
z@{=Z~^8~T3IzeE3f`ZvKlF&d?6zxV<hiQ+EC(x072`N1E3`k=b@?%K<lmzIix3)?p
zycUG3`7vMp64>MaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV
zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN?
zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x
zktD8>hNM7G<PfrY%`0*aF;Ojp7q0R&s&rGynkEMRw=s^Gf+uW^e0NIJcj--kUM=a{
zB0Q_`tA>+`?0<CT-t0Y&pm3}91zz!VN#-U6emZrRF%nfXCn;LXxc3sX76+-!ry#^z
zC!xrD8j;byJRRI@$f32%<dDYbp8r62*AsTvx(Y-Xo#$1IJc0EVO;H?_d0E_^rtIUL
zHbo4BWr1n+&Y4w7pZ_QD-Scy7zR@ytKZ2E^CUPDm<aaJ9IS+!FJ3A)^k_b)*ZhPo<
zwR;y0ei4=oWKLa(&}9(D=<lf0hNy&?-RRMo1y4~h{W&6aeV7N~bG-6V;BWL2Fr`vA
zx}hk#s9EGngw;CjcC-DPd8}sJJU-Jr(;TJ4d60^897n{7BSFXA1s-yS*1Ec_On4#y
z?fug%9V7<0lO+pbWPo=Mp~hqylEEM>Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs
zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ
z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1=
z_c3~m<K<<&{`B;8zAgrqpuV8=QK53@kMUxD_@`S8lh{-fS%^ml{7#S#X$e8>g!)K<
zJMrLhD-eho)<m}@6#_Cz?A^Li<ruA_&AWz17|<9EnkhpQZx7#~Ysu(qrfl8z*dsOs
zK!;%&;`SWA4LU!RjNTEeKY-phpzb%&1_ddHZ^1w|q#FqNkJ$)Va)2TY;ZKG+GCX`E
z`U)&IV3lIoiZ-;#!(?brvMSlY;rl*bnW$otg2kI9^QzfX1BzJdB}Wj@Ik0x2)B{<O
zdi9S^ScjmuzHp-m8y=cPc02c~nH|0SON9SbNv_2YHC4Gyg^(o}upIM3q1xDxRw~H~
zYoqFh4$>{j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs
ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH-
zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$Z<lq{!45>xPiB<D-tN~
zT8gZbA5*f30t#0|13_^#aRL;WOQoU?ATq}Uv@-SR&hszp<cCPe?y{SCFm>j|B&LJv
z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~
zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU
z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S
z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ<!2*60)5
z;N`@pf1LgrJx8&-_yiMt=HiXcB<%h4ZN)H0xw6sYb`ii#g9ScY3gk!WuR_2;Y^J`R
z7Dt%~8aM=59nz3=owkV;>(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX
z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C<
zlS&a3eyop8%0o~j-mt-<k%TtZ70IIVV4i>vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x
zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?<lU<L7}~pTBM~kA
zsDm=v<OQ-UnHf?uti*#*)PRSufLJsl31XQW-VkltTKsq$EO^?};E#qXSpJE6rD`|O
ziH1zQ6)q`5kANr(<^k4$3GJH`Syg0J0#24NN-42Zvq6jss*+R#)FTm%)k*U!l`Bco
zZNsvywTKhk1<Ao%(<V_BDV)Yqn_8D)ErrBe>JWN&a}71-p?^gB?tqHGEw(`qvVOo?
zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9
z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjN<T~>dbhJ<a0wNO@Q9ms!Z`EYsUfGr
zY17jzg2Ih9Q@n+zL4H=!D%0siiA??)s+dJYn24arz|yoOWL=#me}qx9(v)t<Fk$sx
zl|xPPhp#OBahrcQh`@6c3TW4|m`-SlGbX9{iJ5C<G6OJ9AKij2;1wI@NRAZLYK@>#
zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQ<armcKJC2dpNn~>c
zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx
zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK
z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR
zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F
z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V
zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m>
zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di
z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?#
zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M*
zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX|
zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG
zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ!
z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLj<Tf3WW43aR`$(+G%=m0i9de?
qSwaaVlu$wmC6rJ?2_=+JLJ1|5P(leMlu*JS5&jDq0=BLIcmMz{V-n&3

literal 4136
zcmV+@5ZCV?iwFRcbDCfP1MNJ2bEC+P^Dq7sUCG?rnYtu4#6LE9<=Z2GZ7vvCz{zIo
zswiTUgj(D908cizHQ)WDZon8j<9R!F=Dj_X83Ssy)aq7CYG@dT^LY|^<KNyL4jKUM
zW|JNP%16Ef=lpqxZwk#u`@Hk6!Sl^_`yFW<uuVBE<HU;yc^8FY@+G=m<^Q5^TstQA
zQyBTr-gHV%Pf6WR#`QSE)W?~9)R3|lMkJU&gwf1Pf^bf}`*4{MA1DGph7yuI1u=OD
zrv3>@UKTz%nt5}Qb34ts9Ra(adWJO=9dcefeiNu2i;|-nI>&LgF|s6u<7CBlIL@>T
z$KYhsu;9X`hmoyVoPDc0(x6uRDR?07#gStS6wOpDoBZu>#C0XdbwsPLIE=t`#i6Ln
zqRWVCl5_dwPZxf4=|LY%yi3#IPC5LyoGduL(fF}Z`^leAf`_br&oMVEKO~D)&1Agb
z1in;la4wv0*0V&rB(cL^6v}@-yEy09IrAN%+$7bKHdzPJc)en~-R_hs>WXuv8n&z3
zoAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^xb&JqASgg0U
z)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=!$#&S`{{>!X
zzvG(_2imR9d83K`zkM!L{{Jmt-T!~`qZs{q^Q=KmiS5l6Q=h20iI5(6b^`97B+ub#
zZaM_q`a|%zjA&3e1CCO-c!`3?r-XcvJ`w?j|5Rx3O>+MN5yCGBbbN0{Ba4H9V;bB?
zUi3mRhD5$k;_xAP_9Fl9<Rx5^F@%!Hp9C>PoBL(rlOQ4BS?gg0^=Bc>h8ILF=Mz7o
zVxW1mn1m1XqOXsL=EpIV_5HaYc~fF8@29~SDr>>mpT|D&VzNM7{Nzuvw)U_gcG?gK
zfWV%r`FG+6P>!;*UK7svOj^qEgg{??@Dgl)M8XAD{0NPHAyW@pm(@I@U0{PCtc&53
zSc)hQm9ymcg!cEtGD2Zw;wN4(jiJKnUSSWhedS4x_8rjkR6*D~=i^@uT_J?1x}#V<
zQNnWs!^Bj<u0gQk-a|BVRV?HtPvgZ2#Eplk_ZXi<&_h1-2q=Cs598S~dWcVA80xW4
zi@J^4r^TFmOiq*K{NFh)r^z^E#o*f+$##m_6n<Z=|0UkfkFOR@;x93MjQrCjOqSQ0
z6wad4`w&9V{BaA#_x5TPd@U@z$eSH7_9N_C{|Q2~wEk;!I*ls+zXj}C|1tZZ@kxy1
z;Bii)*C#Iuy!$D{h2)7vH!}AjW<rSaSuj%*jN<X~@zIYHD4}#&H8S^RQ1{+{gs}1q
zVHB8><pOeE2=Wkzr+$*q$eM%%<2^W;B?M)Rjx)#%!damK;G`ym#-2H}_l2^f!OCCL
zY!QWzxhBf*G_$$H3ywMWuAe+L(yJ>;w4E-0-Z&Fl5YroYY^7ysT<EU5{^()MU+_N`
znUfEto?OL8$YRD}H2KKn7a|PDPN;l#nuQ^jBKc4=UQQEG5>&cp=|T*BiJ42lG7rX^
zJb948_&#)R6hLRrb5W=#$CZ@hUR7t$;a1fpZ6qs%nbjFIsEmT(^1bK8|0h@t#NlM@
z@c$42+U5Iyt=4(v|K9@g)RsEH@7<aT-WuM*>+YQYoz3~*sqX*33EY^rE6TFf<!K^7
z|MN9tXl-DH8qzXf!B(`5YMu8l4~uXbj9(5bW9Rd~c7xvk6@-q^ZVNd78;xc)|K9?>
z;{LBmO{BW_TiyG8_1-V@BKyDZd(0lxk__;9Eh&I$XsUF#y4H+7(UcoS%dXX->Reup
zEZeE!ZOdX^0&AYNYf+LE)7c<<c-}@;!jf{WSIAzGSw`dZD1vMmCcW*-(I0vV^Jbus
zo}p>Rt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&<W-FA1$YceDp_QhyQOjo8|o<Kwdrn
zdlUEy|8Jp*e5?CEfwN8(1OCD>fO?X>hk)+{*<PXC1D68PW+cKrL<M}A-muiZs*71*
zB9`bV#rnA6s1C=WXkFvAWav7LUTL|b4%g@hU>~>@DQ_R$t5htfn@Ntzp99<kl^s9W
zA9H+J?P3!V`j#;=Yd_fv>pfA^Ru@oJywX&ApvWtvrD)I-1%#^Kh?-hJjC98mrRyS%
zuH4pg)#PygLxK@Ad`53H_s7(H7s2?q<$^sez*&X2nvZMh{F65gCLb_@qE@>CZ!%uc
zxye8rkNrhLWZf=EidQlog4C@gVJ7oAjBx85RQbSSJ?qQ&z1uZ8taZ5@s*D-TA1Uv8
z%I?P0fe6t>UggXKSZ~mj#X+6d#qCgK7w=3JISLmgrbqYQ<cRk9|Auq_><ryESw#LP
z@G{IrPQ#S^-lsLEVL0(8XVgJb!P&rV4&64rx6$B(kaQpm=0b%o!YCpCLE0_IN~qh7
zpS(%<9EaoIV%pZnX&AjE%Q*?>YrO<anbfszD2pyz7Clm7r|nkjy!8+BSWY&1d_g_i
z9%RG0mxc?1K*h-e$;9r02st4uTirA!oCrYs@I1)|i39F5sill8i0%=zm`+1F7?cH%
zOxw+ii;E)n@iaiQDNgXzLXTx#bU6C73t3;j&u(Y2&4Q<t)fcGf9=(+6d*^3|hCF_s
zVJ3GN8DGx-d4X@YF#m71I;|EjVE!*OTh;UbH-Ww9O&C>H`Tb3r8n?D=Em$`_R&#q2
zN*{Ck3GM^<icFNUJ7WBX-hAObLS{dWLvY&DU=HUAc}kMSWxf9V{Cu{m2A-fkWAt&U
zac57-Y`Xuu8yuJVRGT<NBo_RRhzZvUf!v8)5e?4dz00jZB4#-w(^Ygx$P~GI=f|}}
zXvfsM0VOO@#sD={Q1Nd63f(Bym0_#SU6((gA^;`~OCR;wzYeC@SFG*<o8N=px1jB}
zpo2!V{cF%uE#($c{zEDOOAaukKK!XLNBa9$;!1<X2CPyXS2Ox9y_pF5q^puO9G+j{
z%0!pbD_Fcas;JvtJ!FWLT?!NdodatZM%`02rCa~xMRiDe>oY%&(ebb%y4$sTl>5=k
ze~a<o5iNDZzM*S(nGm`J1C~QkDm5D&X|0y7u-2MxnIPR!tPNuOHT-a7^)|7o9|8PI
zlj4rxAUOk6t>#Fk+tb9py}=@1-L186-=liWq18xW_zu{OL3A)CgY-C@66j-b9W8=A
z$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)**A$&W_vrl}cqyya=T%o;zW>7>h?cUB
z1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJB}FyqkF7Y=0HtecfnYd>JOT>jQmg4b
z$jp&|HKrcl2lLB1{h<=_v;1Tlj=gF566v6MrebN`jJ&?^qbb^>?HHCqg-3pzfHGi7
z1B3Yv*B&U~K`4Fv1O=lj`_9JJc8`wGkPhQqWEkWgn7|0k!J)<=Wu^kgQ71!+u`q@m
zz!d0O$d#3zIMST%9M;AKH<Y1|uA<PJjJ-Hvi{O*ta+(B%>j^Bl^)RttU@enRCW=k(
zdKA&PI+t}j@)rf{Q4KkLwZtQ^mY+w;NLg?C78HB>@DDIPOaQT9EC(=}7L29INidp2
zI<h$N4=}D4cs<D&;%kB3A7WTGzyAZ1*7!4=;Bw;gf4=`Ceu)!*_8BJl#K(=UH0}NT
zL(Q@Wg}U+6W);AU!x_F?2;>LpuTsK5eWtmZ76+LK1_T6E@3WM2b?s6w)@3_Xp+J^h
z)pQ{wi?+hTEuw5#(U*`zRab5C%2sp-PUS4w#kV=JdjY*dq_20b5JT}=p?t1HTa{cE
z8yV+(es+%_qMxMs!ATy@(1fLdsOqjQS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1u
zDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtYWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t;
zm@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&Nik%}3%SnR<L-j<+1gI0EoFRR=6)o9i`r#dI
z5Rr8*grL3-&VHm{>&7i~o29Y<g*8>^0ubeZ>Ep1ESZ5rox~A$1aB`$UMu~CE1u;5U
zN7@Xqh*UIMkTI{-t`)^}Eys0MB92kz^j%BarHK@+oTX3ehL&R;jiy+7A9{0r*)$ZP
ze`NN!fQdkjT^RYiAJ7h130ULE)J>T+g>|B9k9s}zm+o&!0Pazx+s`Ta$WeZA@z%dF
za=PsXgy#{2NDHnM*Xl{QNt+VlHu0hQtI}<(&fUUn(rF$@eK2b%=77r2BS_fY{LQD7
ziY9e5GJ8>yhwIFDGvQ42tcapeX*<I^X!ym6$ePS15F@h18)#yl1R)Vc(Sc>xj+A$`
z9pIx#hWZ6Y&dCT&OND7_c8>&dPXF-8!=JGJhq(jJOsHVosB$)q8O|DIO&Hk)P19L`
zICF3Z9zfJwm?s5NFs&7WCHr8eifzMMF6|67QLqn5G@;zir}3>}U5n5wy38v7s#u20
z`jB24x+36D_w+En-J}W4HF$R?&3SF`?b#BYdiX=Gt-vvvxG=*0pt~9J6;`n%^8%}R
zSS-!9G-L~$Vp+PcVztoO6v&n|Tkx;eSgm3<%U0`{?F#I<FSiWhklsPM#s#uS?qC2%
z#M!@CoO4&IgMK`lNgLNjug4Y{L(#s@O3|3vd9`iyp9o^eI1epj*ZcqHyny>Zo9$+Y
zZ?gSA%~rMl^G%@i{$IA|2Q%sV(2M_P=||qg_rG!bPrKUr^B3OvgFfUaS0sJ5vg^4D
ztwo=!P&H?OE;izyX&=#+4+n8u_y2J8+d-JYN*v~L#m@+FxC4lOZwN@Q#4A-(ojd3>
zh><^!6ibwWYxcH9vvby{3(b@Nu5ktAk6Vzf#x^9s4Jm9xo^L}ow;@|aWcz}V0gi8{
zxDHH$HbV(1>H<+eres{<I|^tj;9=OqdwiG=lM`kHwFLUuFn_)u*N&0$!~5(-m5&_P
zIHP~{2C&TENvV>GKLv3TE*Adepxc0V#($y1zW>wV`G(NK=l??W{hzmi*Y^Lm3b{bR
zME-OhzzbCh@K;U&3N~_p*Fe5;Gwyo5Z`u@F+zgvuZ|tB;zxR`0pKef`mN=(1wsFcn
z4fOS#vKkw-*=K}yb77PlWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH|
zcfJ43x6AMU2z;wm#s9Z}<MM~k7&v!k0io)rSE4T8s<M;6VqlD%6|z?NL>j03&OXLd
zTP5clr>0-%`QG|gunxEp|2x0`$G0}W|J80*-+y=$_=@-cenk_hUjMGL|5vkr>O>BZ
z_NU+G%z{z+F*H&JRo_5mA?mAh{nvPBA7IN~<j!AZ$zGEQ7N45=JLB}CN<J&7pn?i2
msGx!hDyX1>3M#0ef(k0Apn?i2sGx%H3jYU#_)+BmcmM$Jc}Y+J

diff --git a/shorewall4/interfaces b/shorewall4/interfaces
index fa28d7d..bb8b644 100644
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@@ -20,6 +20,7 @@ vpn	gt-udp-tun+	nosmurfs,tcpflags
 vpn	mlvpn+		nosmurfs,tcpflags
 vpn	tun+		nosmurfs,tcpflags
 vpn	wg+		nosmurfs,tcpflags
+vpncl	client-wg+	nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
 vpn	omr-bonding	nosmurfs,tcpflags
diff --git a/shorewall4/policy b/shorewall4/policy
index 2e5fe13..910acb0 100644
--- a/shorewall4/policy
+++ b/shorewall4/policy
@@ -19,6 +19,8 @@ fw              vpn             ACCEPT
 fw              net             ACCEPT
 net             all             DROP
 vpn		vpn		DROP
+vpncl		vpn		ACCEPT
+vpn		vpncl		ACCEPT
 # THE FOLLOWING POLICY MUST BE LAST
 all		all		REJECT
 
diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf
index 11bd54a..be836d4 100644
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
 
 AUTOCOMMENT=Yes
 
-AUTOHELPERS=Yes
+AUTOHELPERS=No
 
 AUTOMAKE=No
 
@@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
 
 CLAMPMSS=No
 
-CLEAR_TC=Yes
+CLEAR_TC=No
 
 COMPLETE=No
 
 DEFER_DNS_RESOLUTION=Yes
 
-DELETE_THEN_ADD=Yes
+DELETE_THEN_ADD=No
 
 DETECT_DNAT_IPADDRS=No
 
@@ -163,7 +163,7 @@ DISABLE_IPV6=No
 
 DOCKER=No
 
-DONT_LOAD=
+DONT_LOAD=nf_conntrack_sip
 
 DYNAMIC_BLACKLIST=Yes
 
@@ -233,7 +233,7 @@ SAVE_ARPTABLES=No
 
 SAVE_IPSETS=No
 
-TC_ENABLED=Simple
+TC_ENABLED=No
 
 TC_EXPERT=No
 
diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules
index 203a000..30eeac9 100644
--- a/shorewall4/stoppedrules
+++ b/shorewall4/stoppedrules
@@ -25,4 +25,6 @@ ACCEPT          tun+		-
 ACCEPT          -               tun+
 ACCEPT          wg+		-
 ACCEPT          -               wg+
+ACCEPT          client-wg+	-
+ACCEPT          -               client-wg+
 
diff --git a/shorewall4/tcinterfaces b/shorewall4/tcinterfaces
index 106fbc6..376cc36 100644
--- a/shorewall4/tcinterfaces
+++ b/shorewall4/tcinterfaces
@@ -1,3 +1,3 @@
 #INTERFACE             TYPE          IN-BANDWIDTH        OUT-BANDWIDTH
 $NET_IFACE		External
-$VPS_IFACE		Internal
\ No newline at end of file
+#$VPS_IFACE		Internal
\ No newline at end of file
diff --git a/shorewall4/zones b/shorewall4/zones
index 62fff26..095a8e6 100644
--- a/shorewall4/zones
+++ b/shorewall4/zones
@@ -16,4 +16,5 @@
 fw      firewall
 net     ipv4
 vpn     ipv4
+vpncl   ipv4
 

From ade517b142296b99e5ee6de93c23346ba21f922b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 12 Aug 2022 05:56:12 +0000
Subject: [PATCH 086/164] Fix shorewall configuration on update

---
 debian9-x86_64.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 232e25d..edec086 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1316,6 +1316,7 @@ else
 	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
 	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
 	cp ${DIR}/shorewall4/params /etc/shorewall/params
+	cp ${DIR}/shorewall4/zones /etc/shorewall/zones
 	#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
 	#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
 	cp ${DIR}/shorewall6/params /etc/shorewall6/params
@@ -1328,6 +1329,12 @@ else
 	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
+	if [ "$LOCALFILES" = "no" ]; then
+		rm -rf ${DIR}/shorewall4
+		rm -rf ${DIR}/shorewall6
+		rm -f ${DIR}/openmptcprouter-shorewall.tar.gz
+		rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz
+	fi
 fi
 [ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then

From c232d34169194820a1d65237dc5a2ccd2f428484 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 14 Aug 2022 04:45:44 +0000
Subject: [PATCH 087/164] Fix WG client port

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index edec086..1b2badf 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -923,7 +923,7 @@ if [ "$WIREGUARD" = "yes" ]; then
 		cat > /etc/wireguard/client-wg0.conf <<-EOF
 		[Interface]
 		PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n")
-		ListenPort = 65311
+		ListenPort = 65312
 		Address = 10.255.246.1/24
 		SaveConfig = true
 		

From 657c2b386c436d78de152b85683c492c402a0fc1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 16 Aug 2022 19:47:12 +0000
Subject: [PATCH 088/164] Add Ubuntu 22.04 support

---
 debian9-x86_64.sh | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1b2badf..879f751 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -99,11 +99,13 @@ fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
 	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
 	exit 1
-elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then
-	echo "This script only work with Ubuntu 18.04, 19.04 or 20.04"
+elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
+	echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
+	echo "Use debian when possible"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+	echo "Use Debian when possible"
 	exit 1
 fi
 
@@ -278,6 +280,10 @@ if [ "$ID" = "debian" ]; then
 elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
+	[ "$VERSION_ID" = "22.04" ] && {
+		apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
+		echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list
+	}
 fi
 # Install mptcp kernel and shadowsocks
 echo "Install mptcp kernel and shadowsocks..."

From 3dc18b63b83a68c31475a465043ebb757d9b8aa6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 16 Aug 2022 19:48:58 +0000
Subject: [PATCH 089/164] Add Debian 11 symbolic link

---
 debian11-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)
 create mode 120000 debian11-x86_64.sh

diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/debian11-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file

From b3ef329cd0e415d56907baad464d2a438307d459 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 21 Aug 2022 18:25:29 +0000
Subject: [PATCH 090/164] Littles fixes on VPS script

---
 debian9-x86_64.sh | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e846ce2..f792944 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -256,6 +256,16 @@ apt-get update --allow-releaseinfo-change
 sleep 2
 apt-get -y install dirmngr patch rename curl libcurl4 unzip
 
+if [ -z "$(dpkg-query -l | grep grub)" ]; then
+	if [ -d /boot/grub2 ]; then
+		apt-get -y install grub2
+	elif [ -d /boot/grub ]; then
+		apt-get -y install grub-legacy
+	fi
+	[ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && {
+		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
+	}
+fi
 if [ "$SOURCES" = "yes" ]; then
 	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
@@ -290,6 +300,7 @@ if [ "$LOCALFILES" = "no" ]; then
 else
 	cd ${DIR}
 fi
+[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] &&  grub-mkconfig -o /boot/grub/grub.cfg
 rm -f /etc/grub.d/30_os-prober
 bash update-grub.sh ${KERNEL_VERSION}-mptcp
 bash update-grub.sh ${KERNEL_RELEASE}
@@ -471,7 +482,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	else
 		apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 	fi
-	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests
+	apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
 	echo '-- pip3 install needed python modules'
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
@@ -901,7 +912,7 @@ if [ "$OPENVPN" = "yes" ]; then
 			make-cadir /etc/openvpn/ca
 		fi
 		cd /etc/openvpn/ca
-		./easyrsa init-pki
+		./easyrsa init-pki 2>&1 >/dev/null
 		./easyrsa --batch build-ca nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass

From 7a7a4a277828d8ea059fdb72c9a4fdc7d35f9b65 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 14 Oct 2022 07:01:41 +0000
Subject: [PATCH 091/164] Add current 0.1028 release

---
 debian9-x86_64.sh                |  25 +++++++++++++++++--------
 multipath                        |  12 +++++++++---
 omr-service                      |   2 +-
 omr-update                       |   2 +-
 omr-update.service.in            |   2 +-
 openmptcprouter-shorewall.tar.gz | Bin 4192 -> 4154 bytes
 shorewall4/shorewall.conf        |   4 ++--
 7 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index aa273c8..e65d32b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -55,8 +55,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024"
-OMR_ADMIN_BINARY_VERSION="0.3+20220715"
+OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b"
+OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.43.0"
@@ -76,7 +76,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1027"
+OMR_VERSION="0.1028"
 
 DIR=$( pwd )
 #"
@@ -563,10 +563,15 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	fi
 	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
 	echo '-- pip3 install needed python modules'
-	echo "If you see any error here, I really don't care: it's about a not used module for home users"
+	echo "If you see any error here, I really don't care: it's about a module not used for home users"
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
-	pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U
+	pip3 -q install netjsonconfig
+	pip3 -q install fastapi -U
+	pip3 -q install jsonschema -U
+	pip3 -q install python-multipart jinja2 -U
+	pip3 -q install starlette
+	pip3 -q install starlette
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
@@ -578,7 +583,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
 		cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/
-		if [ -f /usr/local/bin/omr-admin.py ]; then
+		if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d  "\n")
 			[ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2
@@ -695,8 +700,12 @@ fi
 
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
+	wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update
+	chmod 755 /usr/bin/omr-update
 else
 	cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service
+	cp ${DIR}/omr-update /usr/bin/omr-update
+	chmod 755 /usr/bin/omr-update
 fi
 
 # Install simple-obfs
@@ -1375,8 +1384,8 @@ fi
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
-	apt-get -y install dnsutils socat
-	if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
+	apt-get -y install socat
+	if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
 		if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then
 			echo "Generate certificate for V2Ray"
 			set +e
diff --git a/multipath b/multipath
index 41c3880..608f08a 100755
--- a/multipath
+++ b/multipath
@@ -126,15 +126,21 @@ else
                         exit 0;;
                 "on")
                         [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
+                        done
                         exit 0;;
                 "signal")
                         [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE signal fullmesh
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE signal fullmesh
+                        done
                         exit 0;;
                 "backup")
                         [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
-                        ip mptcp endpoint add $IP dev $DEVICE backup fullmesh
+                        for i in $IP; do
+                            ip mptcp endpoint add $i dev $DEVICE backup fullmesh
+                        done
                         exit 0;;
                 "")
                         case "$IFF" in
diff --git a/omr-service b/omr-service
index e8de038..3898c5d 100755
--- a/omr-service
+++ b/omr-service
@@ -6,7 +6,7 @@ _multipath() {
 	source /etc/shorewall/params.net
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
-			if [ "$intf" = "$NET_IFACE" ]; then
+			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
 				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
 				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
 					multipath $intf signal
diff --git a/omr-update b/omr-update
index 33b3fa6..ff2e201 100755
--- a/omr-update
+++ b/omr-update
@@ -1,6 +1,6 @@
 #!/bin/sh
 if [ -f /etc/openmptcprouter-vps-admin/update ]; then
-        wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh
+        wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh
         rm -f /etc/openmptcprouter-vps-admin/update
         reboot
 fi
diff --git a/omr-update.service.in b/omr-update.service.in
index 231803a..99120f8 100644
--- a/omr-update.service.in
+++ b/omr-update.service.in
@@ -4,7 +4,7 @@ After=network.target network-online.target
 
 [Service]
 Type=simple
-Restart=never
+Restart=no
 ExecStart=/usr/bin/omr-update
 #ExecStart=/usr/share/omr-server/debian9-x86_64.sh
 AmbientCapabilities=
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 67d46c4e05633e7be5618a85267cacb4c9a732fd..92957efcab04f4eca8eb09a1b98a997dd26d155f 100644
GIT binary patch
literal 4154
zcmV-A5XJ8wiwFRpt_foR1MNKhbE8JG`z!h@rewd%Zk_c3`igy}%OOA#&j<)0J5F5{
zg(YlLkw6d7I)17B->+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE)
zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm
z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_
zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt
zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ub<l3}91`~}&zVA&RLj3kQ^*fu}mRgt$T
zQAMz>p4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW
z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8
z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av`
zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_
zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t<!a#~Ia3id1j~-V{G<3esAZ~yz^p%b
zkL!>)g*tE)g4IjtJwC<gz3>5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp
zx+n@B;%6sx|At<IHJX7d3EjCDfw#F|$1d_>1eUcCgiwANz-)NIsI@<LLm~#Mw~SEm
zKoTQ$iWE1BAaCUQZs;tKzP?|0GbpThGuMw?<V0wNanX}IPwP6w6)}^FfCB{fq?vz1
zt_S&8cG_!PolT`B94`>`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z
z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi
zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S<vM(bE+QD}nM<<z&C17>
z&pgJpc<uj{VKSPOLz)e?os#UQST5lA)$*U?{rvb^)@;Gd79I?54b$u|J&!&o_c3&9
zYnV^3l@69+?LGi6<v;GB_|}H61Oh83be1Rd{TL3d|2VE)SpPM9-CpVc-vSP;|EPWt
z|HMa;_vjPv_0b7E=Y9cxA%3FX4f!tkOmI;yb!Kvmy?C^Kd~~B2atK{o4EfFy%HF$=
z;8vc&jRI4&UO~(YP9FU5!i{6%S>pg<e-9R94Ne(*$0bAt!7^6?ut0M}e2)+HeIe|K
zvvRjuwhDvCtR>Q~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3
zOZNLbbM(H@lN<jCQOqm|=O3v2oQGlP4Utc8Q#V9IBo|6X>qQKWgeKk7a3O-e#F2|f
zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN
zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy
zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`<IwZpCf6-I|80UXDChrMz!yCK
z)rpFf&wk5izpp;~rB>wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F
z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$
zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_
z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu
zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSs<KL-84ThX%mk-cj9
ze6pG74E;X9o8Z#xd-FqvFE%@0MGPZDo9dMxOo{d$uPB=Y6y*nsY>p*ygES-sdLoCA
z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFng<mzCRb>C8
zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT
zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l
zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv
z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK
zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n-
zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gw<!L
z$R5pv>RZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc
z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db
z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by
z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I
zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f
z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2<RMGyHM((tVsRFM<;AR(A!wL
zQG^W-%_6&<`_;^jUj0vm|5Zt@#g8;qxl4tRB^a=r@Is;5*pOB#$qH+$>V^)|Ey>s+
zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g
z%A}zogQo<xv3MQLgFcCH6_aTq0IddhGR{A~p7Dl`m&1|?&4tDOP#)PjZ;kua^WSh%
zl#NfDuDm+`%^dTFw2cLI7)hF}1Ge8-M<L`mq1*U1wjbTVTQw936n7&<*2#}4SwsPa
zYodXmIGQ*G3e2TaQHKzjV**;4Ms)A_R}Jz*BxHBl%_5jNi((SfLG^UWQ2Hr(W95bm
ztdFLp84?j5x={>`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs
zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+
z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0
z7%-M&7)=AlQfCAh%?TM<Jn>I3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO
zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%?
zkaUx_i52V99m<d)ingrV;F5V$qV5)>OjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$
zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!<D3Va&^_Z3+e$;e@N8@DqJvQXYaL
z@rDg1jU=>*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*`
z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z
zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN
zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe*
z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI
zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-<DYc#A$E#D@eX^3PJgxw*G<b4evp
zAhE!-qBsJSew;$MZfED-5-JkX5x?w&aptU3%T0yTrl(m1g&S?Acnhn2ej3s$)9FKr
zO#TL{n1w)?h@i;8(zGRHU7aR>f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$
zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2
zRx_@7=n++<g@2X|&8GcFlA0=U_@`exjaAo4D02;V-AbZe6Rdi=I48FKl&dN*N;+N=
z;r<}|ShBTMJ}0#Rn>m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^
z8N>;Bc65!G#yq-%0h}W1_+s&#8^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT
zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|Gx<o&VQzResCn+m^jh@t=-U>yY5$R|LK-H
zfBwWff3OXyW(`T+tsHu<LQ0YMDx{f9K<6v*N7_fU=fhFV-u*ue`F0eJVFd<9botLn
zF?a_M`Q8+e4)}qr$krWn8hFYdr;@>oz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go|
zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9
zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y
zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh;
zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QI<To%Z7
zXmVe=I?P~0{9kYoDxRJG3y_D-|FhlV_a8a7Jpc1Ha8~^A9R=%7&mm;BHsDq9Ru--7
zh=De>Hpoiu6M2mEEBzQ#<!lq3GmM;kqUl>VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@
z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk
zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF
E0Q3<h8UO$Q

literal 4192
zcmV-m5TEZKiwFP<!|!4M1MM7ZbE8IbzoK6;CHs=yI?EF175hq;Lx3dC2nZlMPF)p+
zC2UiXKnG|YUuysR^~?Z5NM3ESlAX)Z-W5zwPxm}}x_e-TY2f>D=uCfpcRXkSbXqNP
z1t?zGF5I&%uG4I`n%yq<uEDY`xS+-n>y*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p
z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BP<U<xIVgVgB6RP~-7^$F
zFI`k!I6lg_)iQ2XVE6q%Gse7ynw67RfyxOlShA)v3}b2&Ly#ColuV0ZbVIW=M$|O}
z5+=D!Ovzx(8`%;@mCE<tJv!wlmNt?UT{2Ac%{R!l1<SU0V<=gaz_$4@uZp})i7JA1
z`RLA<Zg}ZHAIzLfU1Mqt{<oSf8Me{*u2K2k^=ICFT7F>Z+lBAr<+@}%T{0Y7C^l+x
z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD
zL^VGu)Ua9PqU*c5WVtN%3Dmq<C~ESmv|TiEe78{dcBfM;D(?^)dCSe(wi}&dZ<*?N
zS4n?SD9Uz<V`%Lh`*>sUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z
zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS
zIE8cIC<M#r(0h1{(R<+o;$Zk|T!U?)yJzqaZcd=(It$`iEbKVu-d*T~&j|aF&~;H1
z+{aH&=>82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg
z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw
zvFx<hxN|m@mT){n&{yxB7}q~U!4enz0F{15a|dddmOLk2V1giA7Q0VmNW3_f&f{NV
z(%<*15DP;yH+H;v1O;jbg#-BZwI!(@+M#Em0(WrECqHSbgb<QdOELz$fbTJAIt~@g
z3OFm~6ug-&<4k7uI9;BB-?*PU57Ai&J>)`<K*P`cAX==#`{*o!p`N-VtJkP}T>8vI
zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$
z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa
zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp
zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_<Cu8XI6&Cng9TZEQ^wwL0g*wl$W;I=&<qjZ
z<3oL)2|MDf+>Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{}
z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^
z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm
zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p
zT<fOIi=xqENgzP}vlVS@Y+<<yrlq!mu4o(OBJO`4mciVcJ|9=czURLUu9H3g<(lOE
zU!zg_|5t%8c>b#s6)B(nmd}1)eD+JN$l;&+p3oPyC<Xk!7Ue+K6j``krxk686zN)0
z(zHC5t;_zzFs%xHCYdjbV9m3U<^@60tu3<qr(IM9EGm|If$RmDMKqosc@PavC(l$F
z@{=Z~^8~T3IzeE3f`ZvKlF&d?6zxV<hiQ+EC(x072`N1E3`k=b@?%K<lmzIix3)?p
zycUG3`7vMp64>MaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV
zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN?
zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x
zktD8>hNM7G<PfrY%`0*aF;Ojp7q0R&s&rGynkEMRw=s^Gf+uW^e0NIJcj--kUM=a{
zB0Q_`tA>+`?0<CT-t0Y&pm3}91zz!VN#-U6emZrRF%nfXCn;LXxc3sX76+-!ry#^z
zC!xrD8j;byJRRI@$f32%<dDYbp8r62*AsTvx(Y-Xo#$1IJc0EVO;H?_d0E_^rtIUL
zHbo4BWr1n+&Y4w7pZ_QD-Scy7zR@ytKZ2E^CUPDm<aaJ9IS+!FJ3A)^k_b)*ZhPo<
zwR;y0ei4=oWKLa(&}9(D=<lf0hNy&?-RRMo1y4~h{W&6aeV7N~bG-6V;BWL2Fr`vA
zx}hk#s9EGngw;CjcC-DPd8}sJJU-Jr(;TJ4d60^897n{7BSFXA1s-yS*1Ec_On4#y
z?fug%9V7<0lO+pbWPo=Mp~hqylEEM>Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs
zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ
z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1=
z_c3~m<K<<&{`B;8zAgrqpuV8=QK53@kMUxD_@`S8lh{-fS%^ml{7#S#X$e8>g!)K<
zJMrLhD-eho)<m}@6#_Cz?A^Li<ruA_&AWz17|<9EnkhpQZx7#~Ysu(qrfl8z*dsOs
zK!;%&;`SWA4LU!RjNTEeKY-phpzb%&1_ddHZ^1w|q#FqNkJ$)Va)2TY;ZKG+GCX`E
z`U)&IV3lIoiZ-;#!(?brvMSlY;rl*bnW$otg2kI9^QzfX1BzJdB}Wj@Ik0x2)B{<O
zdi9S^ScjmuzHp-m8y=cPc02c~nH|0SON9SbNv_2YHC4Gyg^(o}upIM3q1xDxRw~H~
zYoqFh4$>{j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs
ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH-
zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$Z<lq{!45>xPiB<D-tN~
zT8gZbA5*f30t#0|13_^#aRL;WOQoU?ATq}Uv@-SR&hszp<cCPe?y{SCFm>j|B&LJv
z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~
zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU
z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S
z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ<!2*60)5
z;N`@pf1LgrJx8&-_yiMt=HiXcB<%h4ZN)H0xw6sYb`ii#g9ScY3gk!WuR_2;Y^J`R
z7Dt%~8aM=59nz3=owkV;>(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX
z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C<
zlS&a3eyop8%0o~j-mt-<k%TtZ70IIVV4i>vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x
zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?<lU<L7}~pTBM~kA
zsDm=v<OQ-UnHf?uti*#*)PRSufLJsl31XQW-VkltTKsq$EO^?};E#qXSpJE6rD`|O
ziH1zQ6)q`5kANr(<^k4$3GJH`Syg0J0#24NN-42Zvq6jss*+R#)FTm%)k*U!l`Bco
zZNsvywTKhk1<Ao%(<V_BDV)Yqn_8D)ErrBe>JWN&a}71-p?^gB?tqHGEw(`qvVOo?
zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9
z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjN<T~>dbhJ<a0wNO@Q9ms!Z`EYsUfGr
zY17jzg2Ih9Q@n+zL4H=!D%0siiA??)s+dJYn24arz|yoOWL=#me}qx9(v)t<Fk$sx
zl|xPPhp#OBahrcQh`@6c3TW4|m`-SlGbX9{iJ5C<G6OJ9AKij2;1wI@NRAZLYK@>#
zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQ<armcKJC2dpNn~>c
zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx
zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK
z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR
zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F
z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V
zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m>
zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di
z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?#
zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M*
zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX|
zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG
zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ!
z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLj<Tf3WW43aR`$(+G%=m0i9de?
qSwaaVlu$wmC6rJ?2_=+JLJ1|5P(leMlu*JS5&jDq0=BLIcmMz{V-n&3

diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf
index be836d4..d1ed03f 100644
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes
 
 AUTOCOMMENT=Yes
 
-AUTOHELPERS=No
+AUTOHELPERS=Yes
 
 AUTOMAKE=No
 
@@ -163,7 +163,7 @@ DISABLE_IPV6=No
 
 DOCKER=No
 
-DONT_LOAD=nf_conntrack_sip
+DONT_LOAD=
 
 DYNAMIC_BLACKLIST=Yes
 

From 44467085a7f9027a87d177a936e496026d0478b0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 14 Oct 2022 07:02:36 +0000
Subject: [PATCH 092/164] Update changelog

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 12a86ee..ef7d9d2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+omr-server (0.1028) unstable; urgency=medium
+
+    * Many changes
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Fri, 14 Oct 2022 09:02:22 +0200
+
 omr-server (0.1026) unstable; urgency=medium
 
     * Many changes

From 4e09734f4163e6c77c91eb848d9593058d588c72 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 19 Feb 2023 17:52:12 +0000
Subject: [PATCH 093/164] Set syn retries to 4

---
 shadowsocks.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shadowsocks.conf b/shadowsocks.conf
index d6d760a..0b813e7 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -58,6 +58,6 @@ net.ipv4.conf.default.log_martians = 0
 
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
-net.mptcp.mptcp_syn_retries = 2
+net.mptcp.mptcp_syn_retries = 4
 net.mptcp.mptcp_scheduler = blest
 net.ipv4.tcp_ecn = 2

From 838d1b69e5028fa82b04f59ed614015c9de021f9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 19 Feb 2023 17:52:37 +0000
Subject: [PATCH 094/164] Fix multipath

---
 multipath | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/multipath b/multipath
index 608f08a..23d87e1 100755
--- a/multipath
+++ b/multipath
@@ -115,29 +115,45 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
 
         printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
 else
-        ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}')
-        IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}')
+        ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
+        IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
         IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
         [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
         case $TYPE in
                 "off")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
                         exit 0;;
                 "on")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
                         for i in $IP; do
                             ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
                         done
                         exit 0;;
                 "signal")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
                         for i in $IP; do
-                            ip mptcp endpoint add $i dev $DEVICE signal fullmesh
+                            ip mptcp endpoint add $i dev $DEVICE signal
                         done
                         exit 0;;
                 "backup")
-                        [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
+                        [ -n "$ID" ] && {
+                            for i in $ID; do
+                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
+                            done
+                        }
                         for i in $IP; do
                             ip mptcp endpoint add $i dev $DEVICE backup fullmesh
                         done

From 9c3f955a6131346aee2f40a83eb22d994fa8b501 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 19 Feb 2023 17:53:04 +0000
Subject: [PATCH 095/164] Add 6.1.0 support

---
 debian9-x86_64.sh | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e65d32b..3aa4beb 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -7,6 +7,7 @@
 #
 
 UPSTREAM=${UPSTREAM:-no}
+UPSTREAM6=${UPSTREAM6:-no}
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@@ -30,7 +31,7 @@ OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then
 	SOURCES="yes"
 fi
 NOINTERNET=${NOINTERNET:-no}
@@ -46,6 +47,11 @@ if [ "$UPSTREAM" = "yes" ]; then
 	KERNEL_PACKAGE_VERSION="1.6"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
 fi
+if [ "$UPSTREAM6" = "yes" ]; then
+	KERNEL_VERSION="6.1.0"
+	KERNEL_PACKAGE_VERSION="1.30"
+	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
+fi
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
 GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
@@ -63,7 +69,7 @@ V2RAY_VERSION="4.43.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
 fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
@@ -255,6 +261,14 @@ else
 		Pin: origin ${REPO}
 		Pin-Priority: 1001
 	EOF
+	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then
+		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+			Explanation: Prefer libuv1 Debian native package
+			Package: libuv1
+			Pin: version *
+			Pin-Priority: 1003
+		EOF
+	fi
 	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
 		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
 		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
@@ -358,7 +372,7 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
 echo "Install iperf3 OpenMPTCProuter edition"
 apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
 	cd /tmp
@@ -630,7 +644,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		systemctl enable omr-admin-ipv6.service
 	}
 	systemctl enable omr-admin.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable omr-admin.service
 		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
 	fi
@@ -803,7 +817,7 @@ if [ "$V2RAY" = "yes" ]; then
 	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable v2ray
 	fi
 fi
@@ -1076,7 +1090,7 @@ if [ "$OPENVPN" = "yes" ]; then
 	mkdir -p /etc/openvpn/ccd
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable openvpn@tun0
 	fi
 	systemctl enable openvpn@bonding1.service
@@ -1192,7 +1206,7 @@ if [ "$DSVPN" = "yes" ]; then
 		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mptcpize enable dsvpn-server@dsvpn0
 	fi
 fi
@@ -1217,13 +1231,13 @@ if [ "$SOURCES" = "yes" ]; then
 	apt-get -y install build-essential pkg-config autoconf automake
 	rm -rf /tmp/glorytun-0.0.35
 	cd /tmp
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
 	else
 		wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
 	fi
 	tar xzf glorytun-0.0.35.tar.gz
-	if [ "$UPSTREAM" = "yes" ]; then
+	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
 	fi
 	cd glorytun-0.0.35

From cc756de52dd3e4495b94cdc01afc7170d4b8b874 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 1 Mar 2023 19:26:13 +0000
Subject: [PATCH 096/164] Prepare for 0.1029 test

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3aa4beb..9b19d00 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -82,7 +82,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1028"
+OMR_VERSION="0.1029-test"
 
 DIR=$( pwd )
 #"

From dfdfaa248790773346abe9a1f81a9721f8b872c4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 10 Mar 2023 18:59:45 +0000
Subject: [PATCH 097/164] Optimize glorytun TCP

---
 tun0.glorytun | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tun0.glorytun b/tun0.glorytun
index a7fd471..2a6c695 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -4,4 +4,4 @@ DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
\ No newline at end of file
+OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue"
\ No newline at end of file

From 8d1055668fe1bf4ae4bc340381474ef68c734fad Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 23 Apr 2023 05:37:23 +0000
Subject: [PATCH 098/164] Fix missing patch, update v2ray and update glorytun
 config

---
 debian9-x86_64.sh | 6 ++----
 tun0.glorytun     | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 9b19d00..2a515ce 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -65,7 +65,7 @@ OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b"
 OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="4.43.0"
+V2RAY_VERSION="5.4.1"
 V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
@@ -1180,11 +1180,9 @@ if [ "$DSVPN" = "yes" ]; then
 		apt-get install -y --no-install-recommends build-essential git ca-certificates
 		rm -rf /tmp/dsvpn
 		cd /tmp
-		git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn
+		git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn
 		cd /tmp/dsvpn
 		git checkout ${DSVPN_VERSION}
-		wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch
-		patch -p1 < nofirewall.patch
 		make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
 		make install
 		rm -f /lib/systemd/system/dsvpn/*
diff --git a/tun0.glorytun b/tun0.glorytun
index 2a6c695..9d9af5e 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -4,4 +4,4 @@ DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue"
\ No newline at end of file
+OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
\ No newline at end of file

From 56d3c8ae0826a562ac00f83bb6e66a3a0a3323fa Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 23 Apr 2023 05:40:20 +0000
Subject: [PATCH 099/164] Fix fw patch

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 3aa4beb..0e20175 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1183,7 +1183,7 @@ if [ "$DSVPN" = "yes" ]; then
 		git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn
 		cd /tmp/dsvpn
 		git checkout ${DSVPN_VERSION}
-		wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch
+		wget https://github.com/Ysurac/openmptcprouter-feeds/raw/956d791ea49d63e3e5b18cac510b53987c3f1a36/dsvpn/patches/nofirewall.patch
 		patch -p1 < nofirewall.patch
 		make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL'
 		make install

From fdcd1c59f9151156c5c99daa44f651ebd5a5d3cb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 13 Jun 2023 11:24:22 +0000
Subject: [PATCH 100/164] Use systemtap to force MPTCP on all applications

---
 omr-service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/omr-service b/omr-service
index 3898c5d..dee99cf 100755
--- a/omr-service
+++ b/omr-service
@@ -151,6 +151,9 @@ _openvpn_bonding() {
 sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
 modprobe bonding 2>&1 >/dev/null
 ip link add omr-bonding type bond 2>&1 >/dev/null
+[ -n "$(uname -r | grep '6.1')" ] && {
+	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
+}
 while true; do
 	_glorytun_udp
 	_glorytun_tcp

From 3de88a211f58538e0ad148d7ce9b9aaa8b21f5e7 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 13 Jun 2023 11:26:17 +0000
Subject: [PATCH 101/164] Add Debian 12 support

---
 debian-x86_64.sh   |   1 +
 debian.sh          |   1 +
 debian12-x86_64.sh |   1 +
 debian9-x86_64.sh  | 237 ++++++++++++++++++++++++++++++---------------
 4 files changed, 160 insertions(+), 80 deletions(-)
 create mode 120000 debian-x86_64.sh
 create mode 120000 debian.sh
 create mode 120000 debian12-x86_64.sh

diff --git a/debian-x86_64.sh b/debian-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/debian-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file
diff --git a/debian.sh b/debian.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/debian.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file
diff --git a/debian12-x86_64.sh b/debian12-x86_64.sh
new file mode 120000
index 0000000..814a06c
--- /dev/null
+++ b/debian12-x86_64.sh
@@ -0,0 +1 @@
+debian9-x86_64.sh
\ No newline at end of file
diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2a515ce..84b82bc 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -70,13 +70,13 @@ V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-	SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543"
+	SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b"
 fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server"
+VPSPATH="server-test"
 VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
@@ -102,31 +102,33 @@ if test -f /etc/os-release ; then
 else
 	. /usr/lib/os-release
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then
-	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then
+	echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)"
 	exit 1
 elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then
 	echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04"
 	echo "Use debian when possible"
 	exit 1
 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then
-	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)"
+	echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)"
 	echo "Use Debian when possible"
 	exit 1
 fi
 
 echo "Check architecture..."
 ARCH=$(dpkg --print-architecture | tr -d "\n")
-if [ "$ARCH" != "amd64" ]; then
+if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ]; then
 	echo "Only x86_64 (amd64) is supported"
 	exit 1
 fi
 
-echo "Check virtualized environment"
-VIRT="$(systemd-detect-virt 2>/dev/null || true)"
-if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
-	echo "Container are not supported: kernel can't be modified."
-	exit 1
+if [ "$UPSTREAM6" != "yes" ]; then
+	echo "Check virtualized environment"
+	VIRT="$(systemd-detect-virt 2>/dev/null || true)"
+	if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
+		echo "Container are not supported: kernel can't be modified."
+		exit 1
+	fi
 fi
 
 # Check if DPKG is locked and for broken packages
@@ -210,6 +212,26 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
 fi
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+	echo "Update Debian 10 Stretch to Debian 11 Buster"
+	apt-get -y -f --force-yes upgrade
+	apt-get -y -f --force-yes dist-upgrade
+	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
+	apt-get update --allow-releaseinfo-change
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	VERSION_ID="11"
+fi
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+	echo "Update Debian 10 Stretch to Debian 11 Buster"
+	apt-get -y -f --force-yes upgrade
+	apt-get -y -f --force-yes dist-upgrade
+	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list
+	apt-get update --allow-releaseinfo-change
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	VERSION_ID="12"
+fi
 if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Ubuntu 18.04 to Ubuntu 20.04"
 	apt-get -y -f --force-yes upgrade
@@ -261,7 +283,7 @@ else
 		Pin: origin ${REPO}
 		Pin-Priority: 1001
 	EOF
-	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then
+	if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then
 		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 			Explanation: Prefer libuv1 Debian native package
 			Package: libuv1
@@ -291,6 +313,9 @@ if [ "$ID" = "debian" ]; then
 	fi
 	# Add buster-backports repo
 	echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
+	if [ "$VERSION_ID" = "12" ]; then
+		echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list
+	fi
 elif [ "$ID" = "ubuntu" ]; then
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list
 	echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list
@@ -327,75 +352,93 @@ if [ -z "$(dpkg-query -l | grep grub)" ]; then
 		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
 	}
 fi
-if [ "$SOURCES" = "yes" ]; then
-	wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
-	wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
-	# Rename bzImage to vmlinuz, needed when custom kernel was used
-	cd /boot
-	apt-get -y install git
-	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-	#apt-get -y install linux-mptcp
-	#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
-	#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
-	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
-		echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
-		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-		dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
-		dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+if [ "$UPSTREAM6" != "yes" ]; then
+	if [ "$SOURCES" = "yes" ]; then
+		wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
+		wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
+		# Rename bzImage to vmlinuz, needed when custom kernel was used
+		cd /boot
+		apt-get -y install git
+		rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
+		#apt-get -y install linux-mptcp
+		#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp
+		#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp
+		if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+			echo "Install kernel linux-image-${KERNEL_RELEASE} source release"
+			echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+			dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb
+			dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb
+		fi
+	else
+		cd /boot
+		rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
+		if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
+			echo "Install kernel linux-image-${KERNEL_RELEASE}"
+			echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
+			apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+		fi
 	fi
-else
-	cd /boot
-	rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
-	if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then
-		echo "Install kernel linux-image-${KERNEL_RELEASE}"
-		echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m"
-		apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION}
+
+
+	# Check if mptcp kernel is grub default kernel
+	echo "Set MPTCP kernel as grub default..."
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh
+		cd /tmp
+	else
+		cd ${DIR}
 	fi
+	[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
+	rm -f /etc/grub.d/30_os-prober
+	bash update-grub.sh ${KERNEL_VERSION}-mptcp
+	bash update-grub.sh ${KERNEL_RELEASE}
+	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
 fi
 
-# Check if mptcp kernel is grub default kernel
-echo "Set MPTCP kernel as grub default..."
-if [ "$LOCALFILES" = "no" ]; then
-	wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh
-	cd /tmp
-else
-	cd ${DIR}
+if [ "$ARCH" = "amd64" ]; then
+	echo "Install tracebox OpenMPTCProuter edition"
+	apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
+	echo "Install iperf3 OpenMPTCProuter edition"
+	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 fi
-[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg
-rm -f /etc/grub.d/30_os-prober
-bash update-grub.sh ${KERNEL_VERSION}-mptcp
-bash update-grub.sh ${KERNEL_RELEASE}
-[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
-
-echo "Install tracebox OpenMPTCProuter edition"
-apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
-echo "Install iperf3 OpenMPTCProuter edition"
-apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 
 if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
 	cd /tmp
+	apt-get -y install git
 	git clone https://github.com/Ysurac/mptcpize.git
 	cd mptcpize
 	make
 	make install
 	cd /tmp
 	rm -rf /tmp/mptcpize
-	echo "Compile and install iproute2..."
-	apt-get -y install --no-install-recommends bison libbison-dev flex
-	#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
-	#tar xzf iproute2-5.16.0.tar.gz
-	#cd iproute2-5.16.0
-	git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git 
-	cd iproute2
-	git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
-	make
-	make install
-	cd /tmp
+	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
+		apt-get -y install iproute2
+	else
+		echo "Compile and install iproute2..."
+		apt-get -y install --no-install-recommends bison libbison-dev flex
+		#wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz
+		#tar xzf iproute2-5.16.0.tar.gz
+		#cd iproute2-5.16.0
+		git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git 
+		cd iproute2
+		git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000
+		make
+		make install
+		cd /tmp
+	fi
 	rm -rf iproute2
-	echo "MPTCPize iperf3..."
-	mptcpize enable iperf3
+	if [ "$ARCH" = "amd64" ]; then
+		echo "MPTCPize iperf3..."
+		mptcpize enable iperf3
+	fi
+	if [ "$UPSTREAM6" = "yes" ]; then
+		apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
+		apt-get -y install systemtap
+		mkdir -p /usr/share/systemtap-mptcp
+		wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap
+	fi
 fi
 
 apt-get -y remove shadowsocks-libev
@@ -568,9 +611,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		apt-get -y remove python3-jwt
 		pip3 -q install pyjwt
 	else
-		if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then
-			apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
-			pip3 -q install uvloop
+		if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then
+			if [ "$VERSION_ID" = "12" ]; then
+				apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
+				pip3 -q install uvloop --break-system-packages
+			else
+				apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1
+				pip3 -q install uvloop
+			fi
 		else
 			apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 		fi
@@ -580,12 +628,21 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	echo "If you see any error here, I really don't care: it's about a module not used for home users"
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
-	pip3 -q install netjsonconfig
-	pip3 -q install fastapi -U
-	pip3 -q install jsonschema -U
-	pip3 -q install python-multipart jinja2 -U
-	pip3 -q install starlette
-	pip3 -q install starlette
+	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
+		pip3 -q install netjsonconfig --break-system-packages
+		pip3 -q install fastapi -U --break-system-packages
+		pip3 -q install jsonschema -U --break-system-packages
+		pip3 -q install python-multipart jinja2 -U --break-system-packages
+		pip3 -q install starlette --break-system-packages
+		pip3 -q install starlette --break-system-packages
+	else
+		pip3 -q install netjsonconfig
+		pip3 -q install fastapi -U
+		pip3 -q install jsonschema -U
+		pip3 -q install python-multipart jinja2 -U
+		pip3 -q install starlette
+		pip3 -q install starlette
+	fi
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
 	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
@@ -800,9 +857,29 @@ fi
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
 	if [ "$SOURCES" = "yes" ]; then
-		wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
-		dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
-		rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+		if [ "$ARCH" = "amd64" ]; then
+			wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+			rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
+		else
+			[ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip"
+			[ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip"
+			[ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
+			[ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
+			[ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip"
+			[ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip"
+			[ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip"
+			[ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip"
+			wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME}
+			cd /tmp
+			mkdir v2ray
+			cd v2ray
+			unzip /tmp/v2ray-${V2RAY_VERSION}.zip
+			cp v2ray /usr/bin/
+			cp geoip.dat /usr/bin/
+			cp geosite.dat /usr/bin/
+			wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
+		fi
 	else
 		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
@@ -1051,11 +1128,11 @@ if [ "$OPENVPN" = "yes" ]; then
 			make-cadir /etc/openvpn/ca
 		fi
 		cd /etc/openvpn/ca
-		./easyrsa init-pki 2>&1 >/dev/null
+		./easyrsa --batch init-pki 2>&1 >/dev/null
 		./easyrsa --batch build-ca nopass
-		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass
-		EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass
-		EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl
+		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass
+		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass
+		EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl
 	fi
 	if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then
 		mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt

From 8af0bed8c3b35d92b4b0351ae0426ddbb82187e8 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 11 Jul 2023 17:05:46 +0000
Subject: [PATCH 102/164] Update omr_admin

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 0e20175..1a59a1d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b"
-OMR_ADMIN_BINARY_VERSION="0.3+20220827"
+OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4"
+OMR_ADMIN_BINARY_VERSION="0.3+20230709"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.43.0"

From 2806a8078acf9f4b82e9f61c3d9f35b3fb8aef60 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 11 Jul 2023 17:07:18 +0000
Subject: [PATCH 103/164] Update omr-admin and use latest shadowsocks changes
 in fork

---
 debian9-x86_64.sh | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 84b82bc..10077a8 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,17 +61,18 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b"
-OMR_ADMIN_BINARY_VERSION="0.3+20220827"
+OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4"
+OMR_ADMIN_BINARY_VERSION="0.3+20230709"
+#OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.4.1"
 V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
-SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
-if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+#SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
+#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 	SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b"
-fi
+#fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 DEFAULT_USER="openmptcprouter"
@@ -872,7 +873,8 @@ if [ "$V2RAY" = "yes" ]; then
 			[ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip"
 			wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME}
 			cd /tmp
-			mkdir v2ray
+			rm -rf v2ray
+			mkdir -p v2ray
 			cd v2ray
 			unzip /tmp/v2ray-${V2RAY_VERSION}.zip
 			cp v2ray /usr/bin/

From 039218a0159427ad575dcd3e0378a47fb00bb0c4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 11 Jul 2023 17:07:47 +0000
Subject: [PATCH 104/164] Set a better log message on omr-service

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index dee99cf..d5b8b5b 100755
--- a/omr-service
+++ b/omr-service
@@ -80,7 +80,7 @@ _wireguard() {
 
 _omr_api() {
 	[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
-		logger -t "OMR-Service" "Restart OMR-Admin"
+		logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
 		systemctl -q restart omr-admin
 	}
 }

From c91411a6214362261bd9c36c2c7de41894395c99 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 11 Jul 2023 19:10:46 +0000
Subject: [PATCH 105/164] Fix fastapi install on Debian 10

---
 debian9-x86_64.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 1a59a1d..23d2f9e 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -581,7 +581,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	pip3 -q install netjsonconfig
-	pip3 -q install fastapi -U
+	if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
+		pip3 -q install fastapi==0.99.1 -U
+	else
+		pip3 -q install fastapi -U
+	fi
 	pip3 -q install jsonschema -U
 	pip3 -q install python-multipart jinja2 -U
 	pip3 -q install starlette

From cb5f138c4e6854aba5d7986a8923dc10d0ca22cb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 11 Jul 2023 19:11:16 +0000
Subject: [PATCH 106/164] Fix fastapi install on Debian 10

---
 debian9-x86_64.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 10077a8..6b9e728 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -638,6 +638,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		pip3 -q install starlette --break-system-packages
 	else
 		pip3 -q install netjsonconfig
+		if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
+			pip3 -q install fastapi==0.99.1 -U
+		else
+			pip3 -q install fastapi -U
+		fi
 		pip3 -q install fastapi -U
 		pip3 -q install jsonschema -U
 		pip3 -q install python-multipart jinja2 -U

From 178186002c13147cbb244720a8287da75edba550 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 22 Aug 2023 12:56:05 +0000
Subject: [PATCH 107/164] Fixes on ARM64 support and some VPN changes

---
 debian9-x86_64.sh | 105 +++++++++++++++++++++++++++++-----------------
 omr-service       |  15 ++++---
 tun0.glorytun     |   2 +-
 3 files changed, 77 insertions(+), 45 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6b9e728..e4900b3 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -14,7 +14,7 @@ DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[
 #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")}
 NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
 OBFS=${OBFS:-yes}
-V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes}
+V2RAY_PLUGIN=${V2RAY_PLUGIN:-no}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
 UPDATE_OS=${UPDATE_OS:-yes}
@@ -52,21 +52,21 @@ if [ "$UPSTREAM6" = "yes" ]; then
 	KERNEL_PACKAGE_VERSION="1.30"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 fi
-GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
+GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9"
 GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
-GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
+GLORYTUN_TCP_BINARY_VERSION="0.0.35-6"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
 MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
-UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
+UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4"
-OMR_ADMIN_BINARY_VERSION="0.3+20230709"
+OMR_ADMIN_VERSION="18f16e21facff80fe91c62ba7b3ea5cfe587fcc3"
+OMR_ADMIN_BINARY_VERSION="0.3+20230807"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="5.4.1"
+V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
@@ -118,8 +118,8 @@ fi
 
 echo "Check architecture..."
 ARCH=$(dpkg --print-architecture | tr -d "\n")
-if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ]; then
-	echo "Only x86_64 (amd64) is supported"
+if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then
+	echo "Only x86_64 (amd64) is supported on this OS"
 	exit 1
 fi
 
@@ -218,6 +218,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
+	sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
@@ -243,6 +244,16 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
+if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
+	apt-get -y -f --force-yes upgrade
+	apt-get -y -f --force-yes dist-upgrade
+	sed -i 's:focal:jammy:g' /etc/apt/sources.list
+	apt-get update --allow-releaseinfo-change
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	VERSION_ID="22.04"
+fi
 
 # Add OpenMPTCProuter repo
 echo "Add OpenMPTCProuter repo..."
@@ -394,6 +405,14 @@ if [ "$UPSTREAM6" != "yes" ]; then
 	bash update-grub.sh ${KERNEL_VERSION}-mptcp
 	bash update-grub.sh ${KERNEL_RELEASE}
 	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+elif [ "$update" != "0" ]; then 
+	if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then
+		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f)
+	fi
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
 fi
 
 if [ "$ARCH" = "amd64" ]; then
@@ -434,12 +453,12 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		echo "MPTCPize iperf3..."
 		mptcpize enable iperf3
 	fi
-	if [ "$UPSTREAM6" = "yes" ]; then
-		apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
-		apt-get -y install systemtap
-		mkdir -p /usr/share/systemtap-mptcp
-		wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap
-	fi
+	#if [ "$UPSTREAM6" = "yes" ]; then
+	#	apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
+	#	apt-get -y install systemtap
+	#	mkdir -p /usr/share/systemtap-mptcp
+	#	wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap
+	#fi
 fi
 
 apt-get -y remove shadowsocks-libev
@@ -862,31 +881,36 @@ fi
 
 if [ "$V2RAY" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray
-	if [ "$SOURCES" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
 		if [ "$ARCH" = "amd64" ]; then
 			wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
 			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 			rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
-		else
-			[ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip"
-			[ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip"
-			[ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
-			[ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
-			[ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip"
-			[ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip"
-			[ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip"
-			[ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip"
-			wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME}
-			cd /tmp
-			rm -rf v2ray
-			mkdir -p v2ray
-			cd v2ray
-			unzip /tmp/v2ray-${V2RAY_VERSION}.zip
-			cp v2ray /usr/bin/
-			cp geoip.dat /usr/bin/
-			cp geosite.dat /usr/bin/
-			wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
+		elif [ "$ARCH" = "arm64" ]; then
+			wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb
+			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
+			rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
 		fi
+#		else
+#			[ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip"
+#			[ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip"
+#			[ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
+#			[ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip"
+#			[ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip"
+#			[ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip"
+#			[ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip"
+#			[ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip"
+#			wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME}
+#			cd /tmp
+#			rm -rf v2ray
+#			mkdir -p v2ray
+#			cd v2ray
+#			unzip /tmp/v2ray-${V2RAY_VERSION}.zip
+#			cp v2ray /usr/bin/
+#			cp geoip.dat /usr/bin/
+#			cp geosite.dat /usr/bin/
+#			wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
+#		fi
 	else
 		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
@@ -894,6 +918,9 @@ if [ "$V2RAY" = "yes" ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
 	fi
+	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then
+		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/v2ray/v2ray-server.json
+	fi
 	rm -f /etc/v2ray/config.json
 	ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
 	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
@@ -901,9 +928,9 @@ if [ "$V2RAY" = "yes" ]; then
 	fi
 	systemctl daemon-reload
 	systemctl enable v2ray.service
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		mptcpize enable v2ray
-	fi
+	#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+	#	mptcpize enable v2ray
+	#fi
 fi
 
 if systemctl -q is-active mlvpn@mlvpn0.service; then
@@ -1477,6 +1504,8 @@ if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/
 	sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat
 fi
 
+# Limit /var/log/journal size
+sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
diff --git a/omr-service b/omr-service
index d5b8b5b..afd1b9e 100755
--- a/omr-service
+++ b/omr-service
@@ -29,6 +29,7 @@ _glorytun_udp() {
 		for intf in /etc/glorytun-udp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
 		done
+		ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null
 	fi
 }
 
@@ -47,6 +48,7 @@ _glorytun_tcp() {
 				sleep 10
 			fi
 		fi
+		ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null
 	fi
 }
 
@@ -60,6 +62,7 @@ _dsvpn() {
 			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
 			systemctl restart dsvpn@dsvpn0
 		fi
+		ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
 	fi
 }
 
@@ -95,7 +98,7 @@ _lan_route() {
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip onlink 2>&1 >/dev/null
 					fi
 				done
 			fi
@@ -115,7 +118,7 @@ _gre_tunnels() {
 					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
 					ip link set $iface up 2>&1 >/dev/null
 					ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
-					ip route add $NETWORK dev $iface 2>&1 >/dev/null
+					ip route add $NETWORK dev $iface onlink 2>&1 >/dev/null
 				fi
 			fi
 		done
@@ -143,7 +146,7 @@ _openvpn_bonding() {
 		ip link set ovpnbonding8 up 2>&1 >/dev/null
 		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
 		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
-		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
+		ip r add 10.255.248.0/24 dev omr-bonding onlink 2>&1 >/dev/null
 		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null
 	fi
 }
@@ -151,9 +154,9 @@ _openvpn_bonding() {
 sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
 modprobe bonding 2>&1 >/dev/null
 ip link add omr-bonding type bond 2>&1 >/dev/null
-[ -n "$(uname -r | grep '6.1')" ] && {
-	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
-}
+#[ -n "$(uname -r | grep '6.1')" ] && {
+#	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
+#}
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
diff --git a/tun0.glorytun b/tun0.glorytun
index 9d9af5e..92b9816 100644
--- a/tun0.glorytun
+++ b/tun0.glorytun
@@ -4,4 +4,4 @@ DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"
\ No newline at end of file
+OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue"
\ No newline at end of file

From 19bc566da673f8d9106971265a8f6edde569f6d9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 23 Aug 2023 14:54:48 +0000
Subject: [PATCH 108/164] Fix glorytun-udp repo to use fork

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e4900b3..dbe78d9 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1226,7 +1226,7 @@ if [ "$SOURCES" = "yes" ]; then
 	apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
 	rm -rf /tmp/glorytun-udp
 	cd /tmp
-	git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp
+	git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp
 	cd /tmp/glorytun-udp
 	git checkout ${GLORYTUN_UDP_VERSION}
 	git submodule update --init --recursive

From 4b349539f78ed9c34e15cc12f9e14765e98f4b7b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 23 Aug 2023 14:55:07 +0000
Subject: [PATCH 109/164] Set v2ray loglevel to error

---
 v2ray-server.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/v2ray-server.json b/v2ray-server.json
index 1fae64e..716b7f7 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -1,6 +1,6 @@
 {
 	"log": {
-		"loglevel": "warning",
+		"loglevel": "error",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {

From 2204e080d3fc2f5f3053104e8c85d632fda05e8e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 23 Aug 2023 18:01:37 +0000
Subject: [PATCH 110/164] Update omr admin

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index dbe78d9..6836e2e 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="18f16e21facff80fe91c62ba7b3ea5cfe587fcc3"
-OMR_ADMIN_BINARY_VERSION="0.3+20230807"
+OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2"
+OMR_ADMIN_BINARY_VERSION="0.3+20230823"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"

From 450da26917688788a3e402b724e7c3814902bfe3 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 28 Aug 2023 19:16:45 +0000
Subject: [PATCH 111/164] Fixes and add trojan, socks and vmess protocol
 support for V2Ray

---
 debian9-x86_64.sh                 |  19 ++++--
 omr-service                       |   2 +-
 openmptcprouter-shorewall6.tar.gz | Bin 3803 -> 3814 bytes
 shorewall6/shorewall6.conf        |   6 +-
 v2ray-server.json                 |  99 +++++++++++++++++++++++++++++-
 5 files changed, 117 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6836e2e..8e155d1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2"
-OMR_ADMIN_BINARY_VERSION="0.3+20230823"
+OMR_ADMIN_VERSION="d77ffb62084271a388a09d1b0d17e42aae0514ab"
+OMR_ADMIN_BINARY_VERSION="0.3+20230828"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -914,10 +914,13 @@ if [ "$V2RAY" = "yes" ]; then
 	else
 		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
-	if [ ! -f /etc/v2ray/v2ray-server.json ]; then
+	if [ -f /etc/v2ray/v2ray-server.json ]; then
+		V2RAY_UUID=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' v2ray-server.json | head -n 1 | tr -d "\n")
+	fi
+	#if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
-	fi
+	#fi
 	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then
 		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/v2ray/v2ray-server.json
 	fi
@@ -1199,6 +1202,7 @@ if [ "$OPENVPN" = "yes" ]; then
 		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
+	
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -1246,6 +1250,7 @@ if [ "$SOURCES" = "yes" ]; then
 	else
 		cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service
 	fi
+	chmod 644 /lib/systemd/system/glorytun-udp@.service
 	#wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network
 	rm -f /lib/systemd/network/glorytun-udp.network
 	mkdir -p /etc/glorytun-udp
@@ -1269,6 +1274,7 @@ if [ "$SOURCES" = "yes" ]; then
 else
 	rm -f /usr/local/bin/glorytun
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
+	chmod 644 /lib/systemd/system/glorytun-udp@.service
 	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 fi
 [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
@@ -1300,6 +1306,7 @@ if [ "$DSVPN" = "yes" ]; then
 		wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run
 		chmod 755 /usr/local/bin/dsvpn-run
 		wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in
+		chmod 644 /lib/systemd/system/dsvpn-server@.service
 		mkdir -p /etc/dsvpn
 		wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config
 		if [ -f /etc/dsvpn/dsvpn.key ]; then
@@ -1313,6 +1320,7 @@ if [ "$DSVPN" = "yes" ]; then
 		rm -rf /tmp/dsvpn
 	else
 		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION}
+		chmod 644 /lib/systemd/system/dsvpn-server@.service
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -1358,6 +1366,7 @@ if [ "$SOURCES" = "yes" ]; then
 	chmod 755 /usr/local/bin/glorytun-tcp-run
 	wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in
 	#wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network
+	chmod 644 /lib/systemd/system/glorytun-tcp@.service
 	rm -f /lib/systemd/network/glorytun-tcp.network
 	mkdir -p /etc/glorytun-tcp
 	wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh
@@ -1410,6 +1419,8 @@ else
 	cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run
 	cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service
 fi
+chmod 644 /lib/systemd/system/omr.service
+chmod 644 /lib/systemd/system/omr6in4@.service
 chmod 755 /usr/local/bin/omr-service
 chmod 755 /usr/local/bin/omr-6in4-run
 if systemctl -q is-active omr-6in4.service; then
diff --git a/omr-service b/omr-service
index afd1b9e..9c99994 100755
--- a/omr-service
+++ b/omr-service
@@ -42,7 +42,7 @@ _glorytun_tcp() {
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.255.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
+			if [ "$(ping -c 5 -w 15 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
 				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 				systemctl restart glorytun-tcp@tun0
 				sleep 10
diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index eeb36f255423786ff3502b03dab8b9a259e435a2..e1869464c37b2ac1ee943b37e5d5e1bc361db667 100644
GIT binary patch
delta 3773
zcmV;u4npzU9p)W>ABzY80SM=000Zq@ZF8eW65g-qS4_#iWVg<;UM$I3r*t_CBZ)Ht
z0?3Y2S4Ck7+f*dr0IlQO+W&st!;28|t~a}qlS^p3B$%0=>6z(yx@TxK^F1#P?b$D{
z_D3zCez(iMfy&?Q{%Pk``{cCU?Q~oHlhaqNcDsApe??k<dz2}sRTSGHA+JK;k3UuJ
zx%~fAI;b5G<K7RQ2Ya#TlSYFyop{!a@}%Z0(~ugL9r_`0y<0zA+Og|<#J=%YF>#=T
z>qL-4;(IqDx9-9@BJpG3kowa0$hx{lUR@pP`(dc+6W$~zwS&D<?SL0dNmV$GGt{Xr
zP>vI+VRD>*rmLpPiJGdLoWVY)2Gu#^N-~9Ut@eX^OAh&|sg9|vQQaWld_yctFfEhU
zN7PITSQbCw6_K}+LN&oWyLT3W6Q0@7_qlzhsa%7@|J6L;+O5`it=bQcH+OF{{-LRD
zGvCI+nlqjST&G=P8=rJew)u44D7ARnep|@@@%Zh3Nqe*A_GzaqlB5gURlDJAld<3L
zpOzREYMx7~VJXHozvsj^t{*kLs3hS@xfV@(YDj{hJSHIdNr~0q6}rtD*`8C9z1Q!T
zS*0f$joe^U+Fq+)9xX$eJjLlPORVjFc@E7d=RV$;eB|uET{9-%yIKFP7dzptJ#(Vn
z)b|vBJ&XS*y)ypyPb&O>5!%3i^3Dk(MD^}*i!_K~FN1|cq+CVF5OAFU_>=g-Z{(^&
z0Ml>XyH&_c!ZFk+_`zf7-rdLKweW^?VEP-KR=Z1X9>G31g$7N>UNXC4qS;uuH=!Lq
z60{(p<B-U|jUVjL`JO!bD>4H^5;}7?0$X!`vx*(!#su)S>4(6-^kGdrV$#Z+J0WWZ
z#9KzhzhyTgWlCfxiXd;~cur_9h_<>}xHDju-I?P>4zVK=U|MwV%rjYsD2R~?0_G2@
zXWjgsI4<O4+u5jfj@wylX^lq&#_F{lqx>Q917v&yLO+s)4bo+t$7~1;Xb5@HcoLm|
z^5TRZ$G^sGyl+<_Hb&-7Y`cpH7#cgJuea=Lb%^S_w&uB?(Ajy-2S2L{C4@+dN%bKw
z;5Cw}p}%0%z+`cUVACwAkjZF%KMRh)klZfpyXYtkU}Rtbj$i;mQ|5#AQ3&Jb+@Rz1
zF7P;i88-T^*KMpo1^=E^lJh^swj+p>cmooD>-4l;;r~m}^ZtLLAq=7TD01&ShF|aO
z(6w(CfDG|{f^Wog05t)moCMCK7;!vW-Q77+3^}Y^#zs7Q3A{JX9RSM%04Y>TRsr}v
z0P}#v3nz{lw#Gg|#CN^B6~Hp$;}UFxzbps<3u;an`gkDlBdd<Vm9yEmAoTC@uFzk9
znQ=SA8!lPj11G+3rFZG_AFxI4`O$I}-fl3G*X40q;~!Y5nIF#IB$XEs1iiV#LiMTT
zbATaQEn<)yOyW&q1tJ(AG)Qh@P?9Riy$y!RabV0s7e>g-TR_>d`YnNXjF*xk$WxJ$
zL@SP=>2eZ)-Ae#hMLVJOJnpZJXYd~~cK~Jozt=md@c$(!cWoH@{oc}4^wP8j?ftd!
z?E3G({=a*2dV1P9X`d$h|5mmBUxbsl1R;OD4y^xHzuoHtwQ&8n+TCjXzXW~8`JcvA
zq&oYn&i+1n_Lrc@?$7-WlBad~nHxT|E1tn=sw@fD>w8%p5t&|6IlGr8l6iJM)eW<T
zr*K7Hf;w0vUJ$5e)@~oj=M;k-(<h6Gx~idWk0}|dvaDW7$|#d}GKFrOQzG*qSDAmY
ze6Q1gQNi5TVPLpg?DNqNqi68H+wHW<=YRcftHS@6pwGa69aZFO;r|G(PAePmC$<3$
zNp@}mekaNTMsgG`8KP}Vgn=Z5^m2JsmqwDpXNHOByt(l-3ByjB@IB%63%nOpMPb$}
z%{QgVM)@)52L`0%^0A1OVm=EgI3RytMi>f{eZMx|<mu&Z7ez!G>FQLg{b0~!^mtib
z-vBFrE=$Ikit9w3$}kdz1WCE%WvP%bRZN{1E{bIodR5E2Ci>pDF<MRk0nx~FW=wqp
zclOIFNS+nos=|}%gPP>Mvls6CHCkuv)pJ%no&{`eCdAKXP7o7OF$yh3>o$LG-4xbh
zKWp>B4>52GSY9WNLo$|!!>f&U66x}GSZ6fXyJK}X)9NlY1qvnAa2!5V<e(mobAxyN
zhC5pZn|b(H;E6oO!V0YOKHBs%-P)+L)E?F;hJH}0tbSw9>ulWr>wC`eF+w;ALgyVI
zO#+h(KP`UaFwTYV&z<=(14)0JH`da|=zU}qm_VgGd|r}HV?kM1bAcbm<R7Hp1D}L}
zZgg+Y{fEe({Sq-L?-qXe7_U6ydmH1D55&fNmL)9f75iq5HTu2YN$)q;v6^q!@rmvk
z#yFe6oe19PbXarZSkOrN_?oOWbz6PP`oeUO1yr3pp}1)VwxEO2521f6Y<03(Vs*E%
zwSM>Q+qcDLXA2iKskrV_WjzoTKGO<l=d9g2#=lMyNY-FA{pF6n)(<d`(Usdv8=v<7
z+wD`hZg;z<c<PJSt#+r^?o|H&OVG~!CbT4L|Nb&{jeAc;7L;@^;eFZ-WlzMN7~=pw
zC(4-BS5GRO*j`}YfpdSqh<rfqh3mm}j5+sl9Go?q4-XH=IV(O1Z7vg*XiLQ7`*^w7
z{V4~>rRZu9lkh}`&neO1o)Yk($T^YWO5Az7HE_subE;WX0mqDrgKH<M?W1=|_b#Cm
zI&?;bZc5O_>)m(glIrKGA(_{M_8vO|q`|a|us^%+gT{}jKG=Vw_(K?d9b~_PKFCDg
zeGi6`POrfA-)ARa>j8>1f<Fn?$Y}SSIG1750lO8`lGTyL4i%w4>F#7B4X@8}hoXq-
z-C7MhECI#>wk%2JP?G7O`OXfT;O91%P81>1Bv~xTaZu0U^XzXC{?}P9+iE3snEXgp
z<m-Xr*J=}9C`o^b=vk|!8><aTbq!iKslHX%_*nX6st>nQQ`ms?bx#Vfc(|S$A46KL
zW(t}$l=+ddRY$(7+YoTqvv|OvmI$EeCg_Pu6i^<O3^`l^h^e@L=0Sf%_!iS;AwXFb
zt|ZLgy<Wk_ekhGBjW@@G`r&)L6(#*cVf@aTt0;tfJ9K}FsfX{4F|X6j!k`)>s!AH9
z4hn3)#@3zVyFpW?ptD*ZH{R4h{nglqK@&|9E|@xk7OCPCN?<j$nlc1;91Cbvmy>F5
zT(228;R4|a1#d=>a@J%Ytl9i3zgYM)dr`i{a&=Tr!&G(38V{W)hTec$jnxD<EMrUo
zJy@gBJ!F4O&y8yXr5)7ks8ss_77-?V2<k8e)i9Z22$|Y|qBO~brRZqCcCQx62FMcW
zke|xtz=OSU0fMsRI@_L0!bFRX&O_gx&+I5p4l|A>t3~V<?&q-gR{Yp_^v(|RHO5lY
zLy%%JZq!A^2%VsiTCZVEU($FTbm+$^ozl$?J&}KuJl*)RHuhs(beQZhOt%h`t#JZO
z_k>M7qQo91UI&O2)Cs;pHuyGz-Sy#n^lPIJaDjV{5C1%TA3a8~v-|)MFn2H(mU+e>
zzOCuTxWF6TZ?izk%wOVbXi$7F<5lt|7{F@lb+eb1qJs61lu_cZuJ0`dbAu!hA2P&=
zq)2}Te{N94giA5=aPfsc95zT^C!}xqtrI5v1!WfYoHr!FN-U(2q+|<oPzSqylsW}R
zxlKdW6vn)yScafWnwi!r$oxc`7)c$1OnKb`EMqt7M3bqRv<GVeOfjrR3t&=}r+DO<
zR3K6;WSL{CV9-vQs48gvd2~L+YlWYHuxoz-SrPh^1}b8)r;idf@<dfPQ{YdMhCG;d
z21HB{@JFtAU9=KW@nkwFmJJnHl92+KJyk9g^$G?-ml8XJ%o6knS~EdGadM_f-wq^2
zmJ|w=nZh_LiRQ?HmK2!7R1yjNhNN|zXVt6KE-2M3-Lz6umTXn9+v(eLhQ(YWmY#q4
zM4S4Mr<&+$z@iz+baU&2U9@1<@{Z#iCSDdBCd-%(htf}jUod5A(w{6mmRG0dpx>(1
zFsOSX{Y-K1kzHE_ZB>|8#^5e_xPTrR{c#H3vX#Gnl9pmF7Bh`@80YrV(xEMiQl<l7
z@Rz`g<ChGjDdZi>ZhwNYF|#{Omq357wL!f@PS_uQx8bj|`G-~(RT&u6OG(W1K1tK3
z*&I)e9L-^B5|J=X8(+hc;bjZ7u}~CdZ=I0%$e;<-Fkr`%b_lgVl|_NqAm7Lp|4P*_
zc<8($Cd@xmUA2;NV7ID5JNPkZ><8pDX8JDx=FHSnGyvqXjVyz@eeOU+$<TjrKY`=H
z;tKM8NHHf{XlqR`=4N38*}kBdmxeUt+kox%@}0wWR<cLfPG9@}+j(p6|LG3wcr2fo
z#0fiRxxj5CPp)ACr^MWSv$*EYB@>}CTS;5@>TsC2;}hPv$Z}Dclj|139N;oR+{9Bf
z5tL0eiB2c#CH?C2>Ij^PU7UX-eu|!n|LC+@<@bME-Ch;{@glSt|B=Uh7z%GTCwBCo
zl@r=?$N9?ekA4;T@h6V_Kn$tp9Z65spFUA<ZgR2nbk@x!Bo~GFBgK(C@#`Vnlkp!M
z`vnp7#{>?&lj4twa2Nr?eslzip7ZCDESc9ZXn^{#E!KGvYE5GBo9%zr(Z6fZ#_ha?
zx8HGvH;{3VVQnVQH}QEVs5R&k8$<TMC4U4O)ef-a>vdp%`whoIeJ!r^GV)*Up=U)o
zMX?_Q&U~+7pwGqs_j={`|2my+_4^+$LLZC&>=k^0f{J{xAJFbpF2JAJ1t{pq9$o|Z
z%3#b*zOM?3ECxfS_b6yy61|j}Rj#p4Ypj!B<Oe-|BViEU?;QW%?sdA`@&6V6zX*Ls
z{Qu9WBGv0(75aY^{TYbt0ru11W-_le2KMQ%rflJ|q--TIQm5u;WBteK&VH#Sdn+st
nX3YX+F|;^;wT#{T0a3n_u?`)RzYYuxKP&wY2M>hc0C)fZ(Is@Z

delta 3761
zcmV;i4o>mr9orp$ABzY8C#?No00Zq@ZF8eW65g-qS4_#iWVg<;-YhxmlrD#1BymPS
z0NHWsswgaBn~DS+pmls(``@p7co9P0^=4OcatUph1T)h!Ju^K|_Y93@zURfEJ^SU=
z{-_1iKRIFFK;`dt|FrX}-90^Rb-SmnUi($6-99<(y&|oDJ<62RDvIrpkXNDa$Db<q
zT>k$l9n=npaqoxDgS}YvNuxoUPCRQyc~WzhX-Eyr4*ih0-mM=l?b!7_V&C|ym^e_v
zbt1?i@x2?7TX*3ck@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmt
zl;cEdm>j2n>8h!6qNeI5XRyzyL3Pf!l1yP-tNq~Kl0$xKs$(i^R5!>s-w?|ZOv~i;
z5jB$nmc>taMdYodP)#t;?wv*8gl9JNeQuv=D%arfe>D%dcB}PWtM-HA&E4CKe`spk
z%(ro{=8R_n*J+p7#@$YLn@{JBQj4eUw}t#4kKcBG+nY7FPdjCiBwg69+6`x$jQxK9
zw8W@T^ITF5OEI?jJtw|#{ixwZB?-IbS~TscAqj%=n1JNn605;0belD@J*Omluir1T
zN>4NzxxuEiy;i?GT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x
z?<snJ7XQ1wGX7&yh5s)=8~9J&IbnpTesbI*4Pw~KVBrucR}nG<TqgkjB!2K4x#|$W
z^jr6C6*7}>3^fXV@EE#x_c3`bydfQ!{zj+OJ|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7
zT9D9jNaWwf4|eE$PagdhnSmh*ow*x<t+`o$#SU>}0{GhWL*QTfuqGZcY30qGkTnD1
zEhFOJvYU}IC9)GmkT-HXC$twtTiq<&88FN4%<&?J*bxaZExLE+nXE$;#7G4J^9R+l
zZhlW37xJ;~Y}7i(?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5Tc
zaYB#dUt>1jx2q5vBXcLV-9-cpjh)ihTlTd&MD<-;^W0D9?7ZfKpH+ntLL|kc`j8j!
z8cEgAUodK5vbaOAX_i#TWHi5@1xH{=ZWs1lbQA_KGB5x~Fo2*b^FjM4gz<B3&~bVf
zc$~is8-3S1X{<m6|DIKn^FPJ5BZ&W#dIJ%E3vMd>e+hct|4%f8Arv1)?w!Z*>zy6C
z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-WW>_r|#cV0i!_g-XdP0N)2-
z9*}t9#4*Fx*e8hiu6MTrSVnwYf^G1Z1p#0|%?U#v4+MT>)iJnoHv1NY{$1V``YSVk
zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f
zFhr|G43dLMyh*G;1OtQy$xRGOQYE>!!7w=vj9KWy2zhx6C_7faCGd{%Qc?tYDpHbY
z#W6HpP6Dud3E-+|C$yf&{k8E7{^JfWpzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^
z{|@Z`Pr&EvcKR(W2kXD`|6YcZy96PBVC-T2_uKt$=cL=m_1|ipR_p&I=rhj$G^Qfe
z*<W?`_tCSz1Vwg#?st$pt;^5c@S$Dt3{F#JNw{9$%j$^8^peWiy)==`v-7ELm^D0w
zEAkT5!6Na3KsB>=`#?UY80?rnSxnSb4Rw1=$xxML^-5AknY@!JbmN>7nFqOl%8ccE
zo&Jjo=DrRC!_{J+kA4_Ega0QdomTn$uivfk|3&CC@Lxw2`C9ltf~(WY2K<R_07H_U
zn}FYmvVf5sg-eEL+Y(_QNg=&lUe%?Mr0|(xB06twJWax|lO}vmc>MzJ1yxa)^-A+i
zX|hp%4EliqDY<+sVx^eRLJAIl$d?g@!ermCjW>CEx!Xk%kw&^Y)oMQ&G#Nc!me)7H
z%Ad=UF{a`=QKvGDL?J;^E_qohBuo`k=Y@-68HHZe@~(-#_ic<;(|<rT@|+n{-@u*y
zvI>%C1-Pp4r23#HdGG9nJAaMV8GH4d6^~~DTbl{-vzZgbL{yAIOVPT2jaxT`wb;+v
zeDFgIoC22DiQ|xr<>ByZqn$*$ydBmV&GqhB-OaSROHF}7Ni`gY4;4A6hvVGfUBBVZ
zmceEoJ{EW)kFl@<>%5OP{Y<wu>MXT~b&8=Mlq##=*z-CY_y78yb9{^tPJ+;R2S}5^
z<ibyj-#CnO;rnxEe#}6B66cMzv@v=g83iU#DG#5Qq|;bX7S>$ghcWpF>G!}VVW1n`
z+jIXR@@Kz9Ov<~3A3nw_kNDokxa0$|F`s1#%X-DWS!0cUuh;GU<~mmM?K(cuJ;NAh
z6Sxz>JDm<|P8<swNgrR6wWe;XPg!4>4zhr%?h}feW?&0C82u1`y24f`n<Z9v8(Zt2
zynXw&*z9cKq9zsBeX6VnqQYld0qvZ%TgUj<Ndn0ltfs%*(bxI`<}tc*duij-{(rmO
zKP|_9b$Z=)<^R6~?c8rdOS1OwFH_gJ_f%v-N%s=or`=HYMBIrn4&Za5j9Gp4q{4~q
z1@;{{_lw8}<X*Uc9$d$mb05dSS+n`@@Nk^7;*-$kGGU3fL_EHamy6w>a&TOVt_Cp)
zPjvX45)JMt0UwH-6B(|=owr*9hfFu8nne|G%&0iHcB0xodY5$X5;~znXH@8>1YNw|
zeTOcoey$plc|B<Fu_HhlOv?!Sv->`1{D|s<J&Hes(bqwL_ABUvOyu47U?}PI3S9qv
zb^^8@phzS5lVFXEcHfC}88#iTTQMzJ9a-#95&DzvPBzl;`W$yCikRN5)v&`7U@TzE
zl4K4gnGTxo?63)bZgc5G5h6{J#ey6M^&CFW{ubeXo#nEvR#Jz_k5omz9w>gTHsOVm
zl!%_STDq}++K^P&pmme#TZN5}rB9~%a62`H4M<=2r0|M|>$&kUq}6Jspjkti9~oP9
z<h!~J0e3x%2OMgN0E%vco~T3t<x$Cy!zF;2iu-3C^hbnmF<lk{lvUwM!u;Lq6>RK>
z(#X<yb3CXYzQ<cp(mxc&@2t6sLb$g>r<i*9-Wc<LI^8S`sxhLfq(SPS!1ilw-8sG+
zG-V1ptMzf?O%2pvjeQt2(Inx5sUv8SDo&vUR#U4fLvY8jfJSvWsrJV8nt>B85S~!*
zW&|l`P4>Z>&9Cx{g+H?w<y$OQN98n3Ri~`+(1~K`4XD*vO>o09#uU(lH5%PR#`N5{
zHc;AsLA{PjwI5&+VZw)?4pUGKlPQLfsSPMflT28Oj`nN!YLRS!ERhcRsca5B*c%rh
zC`+!h?YSgOwCLzO^zHe~j^gAn<7l#4#BSk!4tsCKkBvv~>@Z(rEHym@DJJ7aT~v(F
z2@0w88rJkBjn_ekew@-N-R#g4Ny*cVFKc6eKh{Nu$sWUW>oD0GC%|-1*wiCR>|x?{
zfJi}|;2UIvZzI@UAHGMwHu?Y;xaaur&%^i8V-!2f4*&sk2V-HGXZ+#Ynr@5>ywUwO
z3#82aCBB9R#rHB^C2xWOthQb^ds!(eSPw}VCI0IA-eNE}NCNR8L!3y8Wbo$(RZO^l
z6f+MOU+BYOgXDEW`i9>+VZvWfW?|2HLlUgSLK;a*wlD{Eu<J*uQ*e~qG*C@p%u9-8
z2)d-1X{Cb9Pqc}VR3XTe*DZiDcB4)-nVLy+uoS=&!(y}mB~^KfC!R?KBE>?MIi?E6
z?4*gRg2tam-$T4s_zB3mmX8&oKWU(UAr^c1C{ZI%RCP1O{Um9~gJowp!~_9%<cilt
zD-jhBrjugXNP!_4DFE41<w8-fU<`CAF*C?4L64v{6Z8}3W}5U(Qe;V?P?sr;vw~=h
zENDo98B7I{z-vev$5~drTJ3^T&C*RPHDuR`$Ha^2t8<3M{2`W{IYgVvkf)k|=x4x+
z8Od~W--8{rV9xSx;|wM)78@kXm=1^1PlI1DWopu&EIgA}r{<vFs?{)}dm{ZzapRF)
zTLo2Bm`ld6E_t$m?il@X3a+x1zk8CFV*VAgi*^|2#?sQEEs9d6{Wtha;KkufM$#1W
z4rRAL!PuDDou*5m)Y_olAzk)=hu>}Z>umm^iA6mI2K7=BGo??`^l3K3QzM6Rn3+T*
zOw-2KuwHoC0$nT=g~?kdBn~nt0yPZS?xY<;B~WEi;5EoMa<#uw^$Q+4uZRir&s0~f
zWE|M7s?ZL83>y1EIE~r;3&1!tbrTIhxNH~8aBiR54^c8S+)Utju%Lo}d=pa4$(Gq#
z(~G%T3_-RjDCVW{4EY{lyS;qdu$`4`5Vq6Tj{kPv+Vy|B13MneCnj;i4p}a656P2j
zn7}D9ci$|oxpT=xpv+d%*1b9$CcgNDH!iYVROaLwfaL&#L<qtr9-)b#Y^q6gI#Dm_
zE)J_Ba3*$8%_r%Z_>WG1t5rV#ZJnG{@gFZjoADoc%!i@yW^-ak|5-VqJ$Ib14FBj?
zksp8J$PdJjdft)rRQ>4__2woQJ5OibTtaeDh(A&s$rHaG!aW)P!LeTuL6=P6&_OBw
zm<WdvAnZp+py)Y&F3FO44TA>258Gm$7opZ92EW;E9sRooZQRa(TX_2&S9k*%2N~98
z@_ZAYcY<1jF0nCW4_xv`pi%7rOTJzQ_P5_~9Msq1N-rb-<sN!glv5P@LEy~y8V34Y
z{C}@ke*dr2IjMgC<3;FW@t?hdFHlgCFZKi4oyrCHGrIr<9ofTc0ACr5xykocL6OB^
z$n+k?OQM%Dv&uDM)@hA(@{9bS$8RJI!uy@$|J%LJ$yWS-h5s)@pArB6Gpb1S`d5Yi
zA4Pu#B71=S^tYMJYmI?@`l~5hxGX7KNsQE~`Po?ivAVNgYRTRT%Y#|7Kv@he&R;EK
bH-A8suc(u;4kr!h&r1ITPlA_20C)fZ=n7sc

diff --git a/shorewall6/shorewall6.conf b/shorewall6/shorewall6.conf
index 8ab80ab..699a0f2 100644
--- a/shorewall6/shorewall6.conf
+++ b/shorewall6/shorewall6.conf
@@ -138,7 +138,7 @@ BASIC_FILTERS=No
 
 BLACKLIST="NEW,INVALID,UNTRACKED"
 
-CHAIN_SCRIPTS=Yes
+#CHAIN_SCRIPTS=Yes
 
 CLAMPMSS=No
 
@@ -168,7 +168,7 @@ IGNOREUNKNOWNVARIABLES=No
 
 IMPLICIT_CONTINUE=No
 
-INLINE_MATCHES=No
+#INLINE_MATCHES=No
 
 IPSET_WARNINGS=Yes
 
@@ -176,7 +176,7 @@ IP_FORWARDING=On
 
 KEEP_RT_TABLES=Yes
 
-LOAD_HELPERS_ONLY=Yes
+#LOAD_HELPERS_ONLY=Yes
 
 MACLIST_TABLE=filter
 
diff --git a/v2ray-server.json b/v2ray-server.json
index 716b7f7..d605b3d 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -34,6 +34,7 @@
 			},
 			"streamSettings": {
 				"sockopt": {
+					"mptcp": true,
 					"mark": 0
 				},
 				"network": "tcp",
@@ -48,6 +49,99 @@
 				}
 			}
 		},
+		{
+			"tag": "omrin-vmess-tunnel",
+			"port": 65230,
+			"protocol": "vmess",
+			"settings": {
+				"decryption": "none",
+				"clients": [
+					{
+						"id": "V2RAY_UUID",
+						"level": 0,
+						"alterId": 0,
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"mptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-socks-tunnel",
+			"port": 65231,
+			"protocol": "socks",
+			"settings": {
+				"auth": "password",
+				"accounts": [
+					{
+						"pass": "V2RAY_UUID",
+						"user": "openmptcprouter"
+					}
+				],
+				"udp": true
+			},
+			"streamSettings": {
+				"sockopt": {
+					"mptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-trojan-tunnel",
+			"port": 65229,
+			"protocol": "trojan",
+			"settings": {
+				"clients": [
+					{
+						"password": "V2RAY_UUID",
+						"email": "openmptcprouter",
+						"level": 0
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"mptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+				"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
 		{
 			"listen": "127.0.0.1",
 			"port": 10085,
@@ -72,7 +166,10 @@
 			{
 				"type": "field",
 				"inboundTag": [
-					"omrin-tunnel"
+					"omrin-tunnel",
+					"omrin-vmess-tunnel",
+					"omrin-socks-tunnel",
+					"omrin-trojan-tunnel"
 				],
 				"outboundTag": "OMRLan",
 				"domain": [

From dfba574f7e61e2b928debe99dc8d5b9f4853c67d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 30 Aug 2023 09:28:03 +0000
Subject: [PATCH 112/164] Fix Ubuntu support

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8e155d1..84a2421 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -405,9 +405,9 @@ if [ "$UPSTREAM6" != "yes" ]; then
 	bash update-grub.sh ${KERNEL_VERSION}-mptcp
 	bash update-grub.sh ${KERNEL_RELEASE}
 	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
-elif [ "$update" != "0" ]; then 
+else 
 	if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then
-		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f)
+		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1)
 	fi
 	[ -f /etc/default/grub ] && {
 		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1

From 73cecfb6f91c9dc64867da0ca23d576a99f07426 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 31 Aug 2023 07:21:07 +0000
Subject: [PATCH 113/164] Fix V2Ray update

---
 debian9-x86_64.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 84a2421..a0c9553 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -915,7 +915,8 @@ if [ "$V2RAY" = "yes" ]; then
 		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION}
 	fi
 	if [ -f /etc/v2ray/v2ray-server.json ]; then
-		V2RAY_UUID=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' v2ray-server.json | head -n 1 | tr -d "\n")
+		V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n")
+		[ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2"
 	fi
 	#if [ ! -f /etc/v2ray/v2ray-server.json ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json

From 0ad22072a71952a015324fe76303d0eccfdbd1ef Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 31 Aug 2023 07:21:36 +0000
Subject: [PATCH 114/164] Increase nf_contrack_max and nf_conntrack_buckets
 values

---
 shadowsocks.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shadowsocks.conf b/shadowsocks.conf
index 0b813e7..7444223 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -50,7 +50,8 @@ net.ipv4.tcp_mtu_probing = 0
 net.ipv4.tcp_congestion_control = cubic
 net.core.default_qdisc = fq
 # Default conntrack is too small
-net.netfilter.nf_conntrack_max = 131072
+net.netfilter.nf_conntrack_max = 524288
+net.netfilter.nf_conntrack_buckets=131072
 net.netfilter.nf_conntrack_tcp_timeout_established = 86400
 
 net.ipv4.conf.all.log_martians = 0

From e9fd4192dc95cd0bdb794eed8fe07317b87bc89f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 1 Sep 2023 07:19:07 +0000
Subject: [PATCH 115/164] Update omr-admin, don't add TCP congestion control on
 kernel 6.1, remove 9000 MTU

---
 debian9-x86_64.sh | 91 +++++++++++++++++++++++++----------------------
 omr-service       | 12 +++----
 shadowsocks.conf  |  2 +-
 3 files changed, 55 insertions(+), 50 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a0c9553..68d8a52 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="d77ffb62084271a388a09d1b0d17e42aae0514ab"
-OMR_ADMIN_BINARY_VERSION="0.3+20230828"
+OMR_ADMIN_VERSION="80ff9621748ec198b3a81660539a144ef443a531"
+OMR_ADMIN_BINARY_VERSION="0.3+20230901"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -420,6 +420,7 @@ if [ "$ARCH" = "amd64" ]; then
 	apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
 	echo "Install iperf3 OpenMPTCProuter edition"
 	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
+	chmod 644 /lib/systemd/system/iperf3.service
 fi
 
 if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -547,51 +548,53 @@ else
 	apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
-# Load OLIA Congestion module at boot time
-if ! grep -q olia /etc/modules ; then
-	echo mptcp_olia >> /etc/modules
-fi
-# Load WVEGAS Congestion module at boot time
-if ! grep -q wvegas /etc/modules ; then
-	echo mptcp_wvegas >> /etc/modules
-fi
-# Load BALIA Congestion module at boot time
-if ! grep -q balia /etc/modules ; then
-	echo mptcp_balia >> /etc/modules
-fi
 # Load BBR Congestion module at boot time
 if ! grep -q bbr /etc/modules ; then
 	echo tcp_bbr >> /etc/modules
 fi
-# Load BBRv2 Congestion module at boot time
-if ! grep -q bbr2 /etc/modules ; then
-	echo tcp_bbr2 >> /etc/modules
-fi
-# Load mctcpdesync Congestion module at boot time
-if ! grep -q mctcp_desync /etc/modules ; then
-	echo mctcp_desync >> /etc/modules
-fi
-# Load ndiffports module at boot time
-if ! grep -q mptcp_ndiffports /etc/modules ; then
-	echo mptcp_ndiffports >> /etc/modules
-fi
-# Load redundant module at boot time
-if ! grep -q mptcp_redundant /etc/modules ; then
-	echo mptcp_redundant >> /etc/modules
-fi
-# Load rr module at boot time
-if ! grep -q mptcp_rr /etc/modules ; then
-	echo mptcp_rr >> /etc/modules
-fi
-# Load mctcp ECF scheduler at boot time
-if ! grep -q mptcp_ecf /etc/modules ; then
-	echo mptcp_ecf >> /etc/modules
-fi
-# Load mctcp BLEST scheduler at boot time
-if ! grep -q mptcp_blest /etc/modules ; then
-	echo mptcp_blest >> /etc/modules
-fi
 
+if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+	# Load OLIA Congestion module at boot time
+	if ! grep -q olia /etc/modules ; then
+		echo mptcp_olia >> /etc/modules
+	fi
+	# Load WVEGAS Congestion module at boot time
+	if ! grep -q wvegas /etc/modules ; then
+		echo mptcp_wvegas >> /etc/modules
+	fi
+	# Load BALIA Congestion module at boot time
+	if ! grep -q balia /etc/modules ; then
+		echo mptcp_balia >> /etc/modules
+	fi
+	# Load BBRv2 Congestion module at boot time
+	if ! grep -q bbr2 /etc/modules ; then
+		echo tcp_bbr2 >> /etc/modules
+	fi
+	# Load mctcpdesync Congestion module at boot time
+	if ! grep -q mctcp_desync /etc/modules ; then
+		echo mctcp_desync >> /etc/modules
+	fi
+	# Load ndiffports module at boot time
+	if ! grep -q mptcp_ndiffports /etc/modules ; then
+		echo mptcp_ndiffports >> /etc/modules
+	fi
+	# Load redundant module at boot time
+	if ! grep -q mptcp_redundant /etc/modules ; then
+		echo mptcp_redundant >> /etc/modules
+	fi
+	# Load rr module at boot time
+	if ! grep -q mptcp_rr /etc/modules ; then
+		echo mptcp_rr >> /etc/modules
+	fi
+	# Load mctcp ECF scheduler at boot time
+	if ! grep -q mptcp_ecf /etc/modules ; then
+		echo mptcp_ecf >> /etc/modules
+	fi
+	# Load mctcp BLEST scheduler at boot time
+	if ! grep -q mptcp_blest /etc/modules ; then
+		echo mptcp_blest >> /etc/modules
+	fi
+fi
 if systemctl -q is-active omr-admin.service; then
 	systemctl -q stop omr-admin > /dev/null 2>&1
 fi
@@ -721,6 +724,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	[ "$NOINTERNET" = "yes" ] && {
 		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
+	chmod 644 /lib/systemd/system/omr-admin.service
+	chmod 644 /lib/systemd/system/omr-admin-ipv6.service
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
 	[ "$(ip -6 a)" != "" ] && {
 		systemctl enable omr-admin-ipv6.service
@@ -1203,7 +1208,7 @@ if [ "$OPENVPN" = "yes" ]; then
 		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
-	
+	chmod 644 /lib/systemd/system/openvpn*.service
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
diff --git a/omr-service b/omr-service
index 9c99994..d1d9e77 100755
--- a/omr-service
+++ b/omr-service
@@ -7,13 +7,13 @@ _multipath() {
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
 			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
-				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on
+				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on 2>&1 >/dev/null
 				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
-					multipath $intf signal
+					multipath $intf signal 2>&1 >/dev/null
 					ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
 				}
 			else
-				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off
+				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off 2>&1 >/dev/null
 			fi
 		fi
 	done
@@ -29,7 +29,7 @@ _glorytun_udp() {
 		for intf in /etc/glorytun-udp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
 		done
-		ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null
 	fi
 }
 
@@ -48,7 +48,7 @@ _glorytun_tcp() {
 				sleep 10
 			fi
 		fi
-		ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null
 	fi
 }
 
@@ -62,7 +62,7 @@ _dsvpn() {
 			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
 			systemctl restart dsvpn@dsvpn0
 		fi
-		ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
 	fi
 }
 
diff --git a/shadowsocks.conf b/shadowsocks.conf
index 7444223..c270238 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -47,7 +47,7 @@ net.ipv4.tcp_wmem = 4096 65536 33554432
 net.ipv4.tcp_mtu_probing = 0
 
 # for low-latency network, use cubic instead
-net.ipv4.tcp_congestion_control = cubic
+net.ipv4.tcp_congestion_control = bbr
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 524288

From a029915e390006acfc456034b7054db85397e84f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 7 Sep 2023 07:55:39 +0000
Subject: [PATCH 116/164] Decrease timeout before restarting not working
 Glorytun TCP

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index d1d9e77..ec2adc2 100755
--- a/omr-service
+++ b/omr-service
@@ -42,7 +42,7 @@ _glorytun_tcp() {
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.255.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-			if [ "$(ping -c 5 -w 15 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
+			if [ "$(ping -c 4 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
 				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 				systemctl restart glorytun-tcp@tun0
 				sleep 10

From afa31c4f036c462b9b6da9adf9c66513e864ce79 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 7 Sep 2023 07:56:25 +0000
Subject: [PATCH 117/164] Custom 6.1 sysctl kernel configuration

---
 debian9-x86_64.sh    | 12 ++++++--
 shadowsocks.6.1.conf | 67 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 shadowsocks.6.1.conf

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 68d8a52..6b0c0f0 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -739,9 +739,17 @@ fi
 
 # Get shadowsocks optimization
 if [ "$LOCALFILES" = "no" ]; then
-	wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
+	if [ "$UPSTREAM6" = "yes" ]; then
+		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf
+	else
+		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
+	fi
 else
-	cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
+	if [ "$UPSTREAM6" = "yes" ]; then
+		cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf
+	else
+		cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
+	fi
 fi
 
 if [ "$update" != 0 ]; then
diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf
new file mode 100644
index 0000000..53f3bb0
--- /dev/null
+++ b/shadowsocks.6.1.conf
@@ -0,0 +1,67 @@
+# local sysctl settings can be stored in this directory
+# max open files
+fs.file-max = 512000
+# max read buffer
+net.core.rmem_max = 16777216
+# max write buffer
+net.core.wmem_max = 16777216
+#net.core.optmem_max = 33554432
+# default read buffer
+#net.core.rmem_default = 16777216
+# default write buffer
+#net.core.wmem_default = 16777216
+# max processor input queue
+net.core.netdev_max_backlog = 4096
+# max backlog
+net.core.somaxconn = 4096
+
+# resist SYN flood attacks
+net.ipv4.tcp_syncookies = 1
+# reuse timewait sockets when safe
+net.ipv4.tcp_tw_reuse = 1
+# turn off fast timewait sockets recycling
+#net.ipv4.tcp_tw_recycle = 0
+# short FIN timeout
+net.ipv4.tcp_fin_timeout = 80
+# Increase max orphans
+net.ipv4.tcp_max_orphans = 16384
+# short keepalive time
+net.ipv4.tcp_keepalive_time = 7200
+# outbound port range
+net.ipv4.ip_local_port_range = 9999 65000
+# max SYN backlog
+net.ipv4.tcp_max_syn_backlog = 10240
+# max timewait sockets held by system simultaneously
+net.ipv4.tcp_max_tw_buckets = 10000
+# turn on TCP Fast Open on both client and server side
+net.ipv4.tcp_fastopen = 3
+# TCP buffer
+net.ipv4.tcp_mem = 1638400 1638400 1638400
+# UDP buffer
+#net.ipv4.udp_mem = 4096 87380 16777216
+# TCP receive buffer
+net.ipv4.tcp_rmem = 4096 87380 16777216
+# TCP write buffer
+net.ipv4.tcp_wmem = 4096 87380 16777216
+# turn on path MTU discovery
+net.ipv4.tcp_mtu_probing = 0
+
+# for low-latency network, use cubic instead
+net.ipv4.tcp_congestion_control = bbr
+net.core.default_qdisc = fq
+# Default conntrack is too small
+net.netfilter.nf_conntrack_max = 524288
+net.netfilter.nf_conntrack_buckets=131072
+net.netfilter.nf_conntrack_tcp_timeout_established = 86400
+
+net.ipv4.conf.all.log_martians = 0
+net.ipv4.conf.default.log_martians = 0
+
+# MPTCP settings
+net.mptcp.checksum_enabled = 0
+net.mptcp.add_addr_timeout = 120
+net.mptcp.allow_join_initial_addr_port = 1
+net.mptcp.enabled = 1
+net.mptcp.pm_type = 0
+net.mptcp.stale_loss_cnt = 4
+net.ipv4.tcp_ecn = 2

From 8cef34ed5bb17d14ff672bdb33791c76a32c730f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 7 Sep 2023 12:25:38 +0000
Subject: [PATCH 118/164] Fix
 https://github.com/Ysurac/openmptcprouter/issues/2949

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6b0c0f0..f3ab73d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -553,7 +553,7 @@ if ! grep -q bbr /etc/modules ; then
 	echo tcp_bbr >> /etc/modules
 fi
 
-if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+if [ "$UPSTREAM" != "yes" ] && [ "$UPSTREAM6" != "yes" ]; then
 	# Load OLIA Congestion module at boot time
 	if ! grep -q olia /etc/modules ; then
 		echo mptcp_olia >> /etc/modules

From 8ac6293b588373a966576c4f1c8772f6f4ab7dd0 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 14 Sep 2023 09:31:45 +0000
Subject: [PATCH 119/164] Update API, add check for omr-service, fix v2ray
 service file

---
 debian9-x86_64.sh | 19 +++++++++++++------
 omr-service       |  2 +-
 omr.service.in    |  2 +-
 v2ray-server.json |  3 +--
 v2ray.service     | 18 ++++++++++++++++++
 5 files changed, 34 insertions(+), 10 deletions(-)
 create mode 100644 v2ray.service

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index f3ab73d..8cabcd3 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="80ff9621748ec198b3a81660539a144ef443a531"
-OMR_ADMIN_BINARY_VERSION="0.3+20230901"
+OMR_ADMIN_VERSION="488cc5346dbfe8bcbee4413013dc22b698f1d15c"
+OMR_ADMIN_BINARY_VERSION="0.3+20230911"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -816,6 +816,7 @@ else
 	cp ${DIR}/omr-update /usr/bin/omr-update
 	chmod 755 /usr/bin/omr-update
 fi
+chmod 644 /lib/systemd/system/omr-update.service
 
 # Install simple-obfs
 if [ "$OBFS" = "yes" ]; then
@@ -940,9 +941,15 @@ if [ "$V2RAY" = "yes" ]; then
 	fi
 	rm -f /etc/v2ray/config.json
 	ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json
-	if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
-		mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
+	#if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then
+	#	mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service
+	#fi
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service
+	else
+		cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service
 	fi
+	chmod 644 /lib/systemd/system/v2ray.service
 	systemctl daemon-reload
 	systemctl enable v2ray.service
 	#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -1671,13 +1678,13 @@ if [ "$update" = "0" ]; then
 	fi
 	if [ "$MLVPN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
-		MLVPN first port: 65201'
+		MLVPN first port: 65201
 		Your MLVPN password: $MLVPN_PASS
 		EOF
 	fi
 	if [ "$UBOND" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
-		UBOND first port: 65251'
+		UBOND first port: 65251
 		Your UBOND password: $UBOND_PASS
 		EOF
 	fi
diff --git a/omr-service b/omr-service
index ec2adc2..6846980 100755
--- a/omr-service
+++ b/omr-service
@@ -114,7 +114,7 @@ _gre_tunnels() {
 				. "$(readlink -f "$intf")"
 				iface="$(basename $intf)"
 				if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
-					ip tunnel del $iface 2>&1 >/dev/null
+					[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface 2>&1 >/dev/null
 					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
 					ip link set $iface up 2>&1 >/dev/null
 					ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
diff --git a/omr.service.in b/omr.service.in
index 4e17716..0e9352b 100644
--- a/omr.service.in
+++ b/omr.service.in
@@ -1,6 +1,6 @@
 [Unit]
 Description=OMR
-After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service
+After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service
 
 [Service]
 Type=simple
diff --git a/v2ray-server.json b/v2ray-server.json
index d605b3d..95f8dbf 100644
--- a/v2ray-server.json
+++ b/v2ray-server.json
@@ -92,8 +92,7 @@
 						"pass": "V2RAY_UUID",
 						"user": "openmptcprouter"
 					}
-				],
-				"udp": true
+				]
 			},
 			"streamSettings": {
 				"sockopt": {
diff --git a/v2ray.service b/v2ray.service
new file mode 100644
index 0000000..9ac9baa
--- /dev/null
+++ b/v2ray.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=V2Ray Service
+Documentation=https://www.v2fly.org/
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+User=root
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=true
+ExecStart=/usr/bin/v2ray run -config /etc/v2ray/config.json
+Restart=always
+RestartPreventExitStatus=23
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target

From 0743e7c75a9aba4c28a47ec04465908fcda4027b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sat, 23 Sep 2023 06:46:50 +0000
Subject: [PATCH 120/164] Fix omr-service

---
 omr-service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/omr-service b/omr-service
index 6846980..2d13221 100755
--- a/omr-service
+++ b/omr-service
@@ -98,7 +98,7 @@ _lan_route() {
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip onlink 2>&1 >/dev/null
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
 					fi
 				done
 			fi
@@ -146,7 +146,7 @@ _openvpn_bonding() {
 		ip link set ovpnbonding8 up 2>&1 >/dev/null
 		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
 		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
-		ip r add 10.255.248.0/24 dev omr-bonding onlink 2>&1 >/dev/null
+		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
 		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null
 	fi
 }

From 0d9a766d288402441b911afc1b4ccb16aa471da1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 10 Oct 2023 14:38:56 +0000
Subject: [PATCH 121/164] Add shadowsocks-go and XRay

---
 debian9-x86_64.sh          | 122 ++++++++++++++++++-
 omr-service                |   2 +-
 shadowsocks-go.server.json |  39 ++++++
 v2ray.service              |   2 +-
 xray-server.json           | 243 +++++++++++++++++++++++++++++++++++++
 xray.service               |  18 +++
 6 files changed, 422 insertions(+), 4 deletions(-)
 create mode 100644 shadowsocks-go.server.json
 create mode 100644 xray-server.json
 create mode 100644 xray.service

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 8cabcd3..e86b28d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -17,6 +17,11 @@ OBFS=${OBFS:-yes}
 V2RAY_PLUGIN=${V2RAY_PLUGIN:-no}
 V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
+XRAY=${XRAY:-yes}
+XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID}
+SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes}
+PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)}
+UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)}
 UPDATE_OS=${UPDATE_OS:-yes}
 UPDATE=${UPDATE:-yes}
 TLS=${TLS:-yes}
@@ -61,13 +66,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="488cc5346dbfe8bcbee4413013dc22b698f1d15c"
-OMR_ADMIN_BINARY_VERSION="0.3+20230911"
+OMR_ADMIN_VERSION="d560968d43850c48119c1b72372d6f341878ffa6"
+OMR_ADMIN_BINARY_VERSION="0.4+20231009"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
+XRAY_VERSION="1.8.5"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -75,6 +81,7 @@ EASYRSA_VERSION="3.0.6"
 #fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
+SHADOWSOCKS_GO_VERSION="1.8.0"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
@@ -888,6 +895,48 @@ if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then
 	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
 fi
 
+if systemctl -q is-active shadowsocks-go.service; then
+	systemctl -q stop shadowsocks-go > /dev/null 2>&1
+	systemctl -q disable shadowsocks-go > /dev/null 2>&1
+fi
+
+if [ "$SHADOWSOCKS_GO" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
+		if [ "$ARCH" = "amd64" ]; then
+			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb
+		elif [ "$ARCH" = "arm64" ]; then
+			wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+			rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb
+		fi
+	else
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION}
+	fi
+	if [ -f /etc/shadowsocks-go/server.json ]; then
+		PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n")
+		[ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2"
+		UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n")
+		[ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2"
+	fi
+	wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json
+	sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json
+	sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json
+	jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
+
+	chmod 644 /lib/systemd/system/shadowsocks-go.service
+	systemctl daemon-reload
+	systemctl enable shadowsocks-go.service
+fi
+
+
 if systemctl -q is-active v2ray.service; then
 	systemctl -q stop v2ray > /dev/null 2>&1
 	systemctl -q disable v2ray > /dev/null 2>&1
@@ -898,10 +947,14 @@ if [ "$V2RAY" = "yes" ]; then
 	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
 		if [ "$ARCH" = "amd64" ]; then
 			wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
 			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 			rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb
 		elif [ "$ARCH" = "arm64" ]; then
 			wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
 			dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
 			rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb
 		fi
@@ -957,6 +1010,66 @@ if [ "$V2RAY" = "yes" ]; then
 	#fi
 fi
 
+if systemctl -q is-active xray.service; then
+	systemctl -q stop xray > /dev/null 2>&1
+	systemctl -q disable xray > /dev/null 2>&1
+fi
+
+if [ "$XRAY" = "yes" ]; then
+	#apt-get -y -o Dpkg::Options::="--force-overwrite" install xray
+	if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then
+		if [ "$ARCH" = "amd64" ]; then
+			wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb
+			rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb
+		elif [ "$ARCH" = "arm64" ]; then
+			wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb
+			rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb
+		fi
+	else
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION}
+	fi
+	if [ -f /etc/xray/xray-server.json ]; then
+		XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n")
+		[ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2"
+		PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n")
+		[ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2"
+		UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n")
+		[ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2"
+	fi
+	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
+	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	#if [ ! -f /etc/xray/xray-server.json ]; then
+		wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json
+		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
+		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
+		sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json
+		sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json
+	#fi
+	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
+		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
+	fi
+	rm -f /etc/xray/config.json
+	ln -s /etc/xray/xray-server.json /etc/xray/config.json
+	#if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then
+	#	mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service
+	#fi
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service
+	else
+		cp ${DIR}/xray.service /lib/systemd/system/xray.service
+	fi
+	chmod 644 /lib/systemd/system/xray.service
+	systemctl daemon-reload
+	systemctl enable xray.service
+fi
+
 if systemctl -q is-active mlvpn@mlvpn0.service; then
 	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
 	systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1
@@ -1003,6 +1116,8 @@ if [ "$MLVPN" = "yes" ]; then
 			fi
 		fi
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION}
 	fi
 	if [ "$mlvpnupdate" = "0" ]; then
@@ -1620,6 +1735,8 @@ if [ "$update" = "0" ]; then
 	echo 'Shadowsocks encryption: chacha20'
 	echo 'Your shadowsocks key: '
 	echo $SHADOWSOCKS_PASS
+	echo 'Your shadowsocks 2022 key: '
+	echo "${PSK}:${UPSK}"
 	echo 'Glorytun port: 65001'
 	echo 'Glorytun encryption: chacha20'
 	echo 'Your glorytun key: '
@@ -1666,6 +1783,7 @@ if [ "$update" = "0" ]; then
 	Shadowsocks port: 65101
 	Shadowsocks encryption: chacha20
 	Your shadowsocks key: ${SHADOWSOCKS_PASS}
+	Your shadowsocks 2022 key: ${PSK}:${UPSK}
 	Glorytun port: 65001
 	Glorytun encryption: chacha20
 	Your glorytun key: ${GLORYTUN_PASS}
diff --git a/omr-service b/omr-service
index 2d13221..8a14b69 100755
--- a/omr-service
+++ b/omr-service
@@ -42,7 +42,7 @@ _glorytun_tcp() {
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.255.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-			if [ "$(ping -c 4 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
+			if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
 				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 				systemctl restart glorytun-tcp@tun0
 				sleep 10
diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json
new file mode 100644
index 0000000..fd5731e
--- /dev/null
+++ b/shadowsocks-go.server.json
@@ -0,0 +1,39 @@
+{
+    "servers": [
+        {
+            "name": "ss-2022",
+            "protocol": "2022-blake3-aes-256-gcm",
+            "tcpListeners": [
+            {
+                "network": "tcp",
+                "address": ":65280",
+                "fastOpen": false,
+                "reusePort": false,
+                "multipath": true
+            }
+            ],
+            "enableTCP": true,
+            "listenerTFO": false,
+            "enableUDP": true,
+            "mtu": 1500,
+            "psk": "PSK",
+            "uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
+        }
+    ],
+    "stats": {
+        "enabled": true
+    },
+    "api": {
+        "enabled": true,
+        "debugPprof": false,
+        "enableTrustedProxyCheck": false,
+        "trustedProxies": [],
+        "proxyHeader": "X-Forwarded-For",
+        "listen": "127.0.0.1:65279",
+        "certFile": "",
+        "keyFile": "",
+        "clientCertFile": "",
+        "secretPath": "",
+        "fiberConfigPath": ""
+    }
+}
\ No newline at end of file
diff --git a/v2ray.service b/v2ray.service
index 9ac9baa..f97647e 100644
--- a/v2ray.service
+++ b/v2ray.service
@@ -9,7 +9,7 @@ User=root
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
 AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
 NoNewPrivileges=true
-ExecStart=/usr/bin/v2ray run -config /etc/v2ray/config.json
+ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json
 Restart=always
 RestartPreventExitStatus=23
 StartLimitInterval=0
diff --git a/xray-server.json b/xray-server.json
new file mode 100644
index 0000000..e90f200
--- /dev/null
+++ b/xray-server.json
@@ -0,0 +1,243 @@
+{
+	"log": {
+		"loglevel": "error",
+		"error": "/tmp/v2rayError.log"
+	},
+	"transport": {
+		"tcpSettings": {},
+		"wsSettings": {},
+		"kcpSettings": {
+			"mtu": 1460,
+			"tti": 10,
+			"uplinkCapacity": 100,
+			"downlinkCapacity": 100,
+			"congestion": false,
+			"readBufferSize": 8,
+			"writeBufferSize": 8
+		}
+	},
+	"inbounds": [
+		{
+			"tag": "omrin-tunnel",
+			"port": 65248,
+			"protocol": "vless",
+			"settings": {
+				"decryption": "none",
+				"clients": [
+					{
+						"id": "V2RAY_UUID",
+						"level": 0,
+						"alterId": 0,
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-vmess-tunnel",
+			"port": 65250,
+			"protocol": "vmess",
+			"settings": {
+				"decryption": "none",
+				"clients": [
+					{
+						"id": "V2RAY_UUID",
+						"level": 0,
+						"alterId": 0,
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-socks-tunnel",
+			"port": 65251,
+			"protocol": "socks",
+			"settings": {
+				"auth": "password",
+				"accounts": [
+					{
+						"pass": "V2RAY_UUID",
+						"user": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+					"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-trojan-tunnel",
+			"port": 65249,
+			"protocol": "trojan",
+			"settings": {
+				"clients": [
+					{
+						"password": "V2RAY_UUID",
+						"email": "openmptcprouter",
+						"level": 0
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp",
+				"security": "tls",
+				"tlsSettings": {
+				"certificates": [
+						{
+							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
+							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
+						}
+					]
+				}
+			}
+		},
+		{
+			"tag": "omrin-shadowsocks-tunnel",
+			"port": 65252,
+			"protocol": "shadowsocks",
+			"settings": {
+				"password": "XRAY_PSK",
+				"method": "2022-blake3-aes-256-gcm",
+				"network": "tcp,udp",
+				"clients": [
+					{
+						"password": "XRAY_UPSK",
+						"email": "openmptcprouter"
+					}
+				]
+			},
+			"streamSettings": {
+				"sockopt": {
+					"tcpMptcp": true,
+					"mark": 0
+				},
+				"network": "tcp"
+			}
+		},
+		{
+			"listen": "127.0.0.1",
+			"port": 10086,
+			"protocol": "dokodemo-door",
+			"settings": {
+				"address": "127.0.0.1"
+			},
+			"tag": "api"
+		}
+	],
+	"outbounds": [
+		{
+			"protocol": "freedom",
+			"settings": {
+				"userLevel": 0
+			},
+			"tag": "direct"
+		}
+	],
+	"routing": {
+		"rules": [
+			{
+				"type": "field",
+				"inboundTag": [
+					"omrin-tunnel",
+					"omrin-vmess-tunnel",
+					"omrin-socks-tunnel",
+					"omrin-trojan-tunnel"
+				],
+				"outboundTag": "OMRLan",
+				"domain": [
+					"full:omr.lan"
+				]
+			},
+			{
+				"inboundTag": [
+					"api"
+				],
+				"outboundTag": "api",
+				"type": "field"
+			}
+		]
+	},
+	"reverse": {
+		"portals": [
+			{
+				"tag": "OMRLan",
+				"domain": "omr.lan"
+			}
+		]
+	},
+	"stats": {},
+	"api": {
+		"tag": "api",
+		"services": [
+			"HandlerService",
+			"LoggerService",
+			"StatsService"
+		]
+	},
+	"policy": {
+		"levels": {
+			"0": {
+				"uplinkOnly": 0,
+				"downlinkOnly": 0,
+				"bufferSize": 512,
+				"connIdle": 2400,
+				"statsUserUplink": true,
+				"statsUserDownlink": true
+			}
+		},
+		"system": {
+			"statsInboundUplink": true,
+			"statsInboundDownlink": true
+		}
+	}
+}
diff --git a/xray.service b/xray.service
new file mode 100644
index 0000000..ca9d3c6
--- /dev/null
+++ b/xray.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=XRay Service
+Documentation=https://www.v2fly.org/
+After=network.target nss-lookup.target
+Wants=network-online.target
+
+[Service]
+User=root
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=true
+ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json
+Restart=always
+RestartPreventExitStatus=23
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target

From c0af37c0c2b46f240d6558f856b354a552118132 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 26 Oct 2023 14:29:51 +0000
Subject: [PATCH 122/164] Fix dsvpn restart in omr-service, add VLESS-REALITY
 support

---
 debian9-x86_64.sh | 30 ++++++++++++++++++++++--------
 omr-service       |  2 +-
 xray-server.json  |  1 +
 3 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e86b28d..dacbfa6 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -66,8 +66,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="d560968d43850c48119c1b72372d6f341878ffa6"
-OMR_ADMIN_BINARY_VERSION="0.4+20231009"
+OMR_ADMIN_VERSION="afbcb55ef352a77c5f50a1b7e402ec515f5944b0"
+OMR_ADMIN_BINARY_VERSION="0.5+20231021"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -538,10 +538,10 @@ if [ "$SOURCES" = "yes" ]; then
 	#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-	mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
+	mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-	dpkg-buildpackage -b -us -uc
+	dpkg-buildpackage -b -us -uc 2>&1 >/dev/null
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
 	cd /tmp
@@ -1041,6 +1041,10 @@ if [ "$XRAY" = "yes" ]; then
 		[ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2"
 		UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n")
 		[ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2"
+		XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n")
+		[ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2"
+		XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n")
+		[ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2"
 	fi
 	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
@@ -1051,10 +1055,20 @@ if [ "$XRAY" = "yes" ]; then
 		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
 		sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json
 		sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json
+		wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json
+		if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then
+			XRAY_X25519_KEYS=$(/usr/bin/xray x25519)
+			XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n")
+			XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n")
+		fi
+		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json
+		sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json
+		sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json
+		
+	#fi
+	#if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
+	#	sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
 	#fi
-	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
-		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
-	fi
 	rm -f /etc/xray/config.json
 	ln -s /etc/xray/xray-server.json /etc/xray/config.json
 	#if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then
@@ -1656,7 +1670,7 @@ sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf
 
 if [ "$TLS" = "yes" ]; then
 	VPS_CERT=0
-	apt-get -y install socat
+	apt-get -y install socat cron
 	if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then
 		if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then
 			echo "Generate certificate for V2Ray"
diff --git a/omr-service b/omr-service
index 8a14b69..3fa14a6 100755
--- a/omr-service
+++ b/omr-service
@@ -60,7 +60,7 @@ _dsvpn() {
 		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
 		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
 			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
-			systemctl restart dsvpn@dsvpn0
+			systemctl restart dsvpn-server@dsvpn0
 		fi
 		#ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
 	fi
diff --git a/xray-server.json b/xray-server.json
index e90f200..5db520d 100644
--- a/xray-server.json
+++ b/xray-server.json
@@ -189,6 +189,7 @@
 				"type": "field",
 				"inboundTag": [
 					"omrin-tunnel",
+					"omrin-vless-reality",
 					"omrin-vmess-tunnel",
 					"omrin-socks-tunnel",
 					"omrin-trojan-tunnel"

From c708189fb9b1156bdbeb08e0a83cca72a19e1123 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 8 Dec 2023 07:59:01 +0000
Subject: [PATCH 123/164] Update omr-admin, fix Pi-Hole install, optimize
 OpenVPN

---
 debian9-x86_64.sh | 28 ++++++++++++++--------------
 multipath         |  4 +++-
 omr-pihole.sh     |  2 +-
 openvpn-tun0.conf |  3 +++
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index dacbfa6..19d4a36 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -66,8 +66,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="afbcb55ef352a77c5f50a1b7e402ec515f5944b0"
-OMR_ADMIN_BINARY_VERSION="0.5+20231021"
+OMR_ADMIN_VERSION="a671b9171edeb82fc8ff8bb150ca6ffd6f57ee6a"
+OMR_ADMIN_BINARY_VERSION="0.7+20231206"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -302,25 +302,25 @@ else
 		Pin: origin ${REPO}
 		Pin-Priority: 1001
 	EOF
+	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
+		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
+#		cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref
+#			Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
+#			Package: *
+#			Pin: origin ${REPO}
+#			Pin-Priority: 1002
+#		EOF
+	else
+		rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
+	fi
 	if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then
-		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
+		cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref
 			Explanation: Prefer libuv1 Debian native package
 			Package: libuv1
 			Pin: version *
 			Pin-Priority: 1003
 		EOF
 	fi
-	if [ -n "$(echo $OMR_VERSION | grep test)" ]; then
-		echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list
-		cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
-			Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
-			Package: *
-			Pin: origin ${REPO}
-			Pin-Priority: 1002
-		EOF
-	else
-		rm -f /etc/apt/sources.list.d/openmptcprouter-test.list
-	fi
 	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
 fi
 
diff --git a/multipath b/multipath
index 23d87e1..bc90876 100755
--- a/multipath
+++ b/multipath
@@ -117,7 +117,9 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
 else
         ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
         IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
-        IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+        #IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
+	[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
+        [ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
         [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
         case $TYPE in
diff --git a/omr-pihole.sh b/omr-pihole.sh
index bfffd4a..a32acfb 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -31,7 +31,7 @@ $SERVER["socket"] == "10.255.252.1:80" { }
 $SERVER["socket"] == "10.255.251.1:80" { }
 $SERVER["socket"] == "10.255.253.1:80" { }
 EOF
-systemctl -q restart lighttpd
+systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd
 grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
 mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
 cat >> /etc/pihole/setupVars.conf <<-EOF
diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf
index fc778d9..82c34f9 100644
--- a/openvpn-tun0.conf
+++ b/openvpn-tun0.conf
@@ -18,6 +18,9 @@ crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 10 240
 sndbuf 0
 rcvbuf 0
+txqueuelen 2000
+tun-mtu 1400
+mssfix 1360
 tls-server
 tls-version-min 1.2
 #compress lzo

From 6e64c063254cfad7f43f7b26466be2f27b3fed8e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 8 Dec 2023 19:15:02 +0000
Subject: [PATCH 124/164] Add management port on openvpn

---
 openvpn-tun0.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf
index 82c34f9..d0d18f3 100644
--- a/openvpn-tun0.conf
+++ b/openvpn-tun0.conf
@@ -26,3 +26,4 @@ tls-version-min 1.2
 #compress lzo
 push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
+management localhost 65302

From c0c962700743545da6cdefa3de73415a99e6fd63 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 1 Feb 2024 19:48:09 +0000
Subject: [PATCH 125/164] Update script to latest version on server with
 vless-reality, iperf from distribution, updated API,...

---
 debian9-x86_64.sh       | 110 ++++++++++++++++++++++++++++++----------
 iperf3.override.conf    |   3 ++
 iperf3.service.in       |   2 +-
 omr-service             |  28 +++++++++-
 openvpn-tun0.6.1.conf   |  32 ++++++++++++
 openvpn-tun1.6.1.conf   |  29 +++++++++++
 shadowsocks.6.1.conf    |   2 +-
 shadowsocks.conf        |   2 +-
 xray-vless-reality.json |  47 +++++++++++++++++
 xray.service            |   2 +-
 10 files changed, 223 insertions(+), 34 deletions(-)
 create mode 100644 iperf3.override.conf
 create mode 100644 openvpn-tun0.6.1.conf
 create mode 100644 openvpn-tun1.6.1.conf
 create mode 100644 xray-vless-reality.json

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 19d4a36..06c044f 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -42,6 +42,7 @@ fi
 NOINTERNET=${NOINTERNET:-no}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-yes}
+IPERF=${IPERF:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
 KERNEL_VERSION="5.4.207"
@@ -66,14 +67,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="a671b9171edeb82fc8ff8bb150ca6ffd6f57ee6a"
-OMR_ADMIN_BINARY_VERSION="0.7+20231206"
+OMR_ADMIN_VERSION="70e3403ba4344d5c5006f03f989c8024d0f4708b"
+OMR_ADMIN_BINARY_VERSION="0.8+20231228"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
-XRAY_VERSION="1.8.5"
+XRAY_VERSION="1.8.6"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -174,23 +175,27 @@ if [ "$UPDATE" = "yes" ]; then
 	echo "Update mode"
 fi
 # Force update key
-[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
-	echo "Update OpenMPTCProuter repo key"
-	wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
-}
+#[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
+#	echo "Update OpenMPTCProuter repo key"
+#	#wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
+#	wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
+#}
 
 CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')"
 if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then
 	exit 1
 fi
 
+# Force update key
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
+	apt-key del '2FDF 70C8 228B 7F04 42FE  59F6 608F D17B 2B24 D936' 2>&1 >/dev/null
 	if [ "$CHINA" = "yes" ]; then
 		#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
-		wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
+		wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
 	else
-		wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+		#wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+		wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
 	fi
 }
 
@@ -321,7 +326,8 @@ else
 			Pin-Priority: 1003
 		EOF
 	fi
-	wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	#wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add -
+	wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
 fi
 
 #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
@@ -347,7 +353,7 @@ fi
 echo "Install mptcp kernel and shadowsocks..."
 apt-get update --allow-releaseinfo-change
 sleep 2
-apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config
+apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset
 
 if [ -z "$(dpkg-query -l | grep grub)" ]; then
 	if [ -d /boot/grub2 ]; then
@@ -425,9 +431,29 @@ fi
 if [ "$ARCH" = "amd64" ]; then
 	echo "Install tracebox OpenMPTCProuter edition"
 	apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox
-	echo "Install iperf3 OpenMPTCProuter edition"
-	apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
-	chmod 644 /lib/systemd/system/iperf3.service
+fi
+if [ "$IPERF" = "yes" ]; then
+	#echo "Install iperf3 OpenMPTCProuter edition"
+	#apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
+	#chmod 644 /lib/systemd/system/iperf3.service
+	echo "Install iperf3"
+	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null
+	apt-get -y install iperf3
+	if [ ! -f "/etc/iperf3/private.pem" ]; then
+		mkdir -p /etc/iperf3
+		openssl genrsa -out /etc/iperf3/private.pem 2048
+		openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem
+		IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }')
+		echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv
+	fi
+	chown -Rf iperf3 /etc/iperf3 || true
+	systemctl enable iperf3.service
+	mkdir -p /etc/systemd/system/iperf3.service.d
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf
+	else
+		cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf
+	fi
 fi
 
 if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -457,10 +483,10 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		cd /tmp
 	fi
 	rm -rf iproute2
-	if [ "$ARCH" = "amd64" ]; then
-		echo "MPTCPize iperf3..."
-		mptcpize enable iperf3
-	fi
+
+	echo "MPTCPize iperf3..."
+	mptcpize enable iperf3 2>&1 >/dev/null
+
 	#if [ "$UPSTREAM6" = "yes" ]; then
 	#	apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
 	#	apt-get -y install systemtap
@@ -739,8 +765,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	}
 	systemctl enable omr-admin.service
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		mptcpize enable omr-admin.service
-		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service
+		mptcpize enable omr-admin.service 2>&1 >/dev/null
+		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null
 	fi
 fi
 
@@ -1329,8 +1355,13 @@ if [ "$OPENVPN" = "yes" ]; then
 		openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048
 	fi
 	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
-		wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
+		if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf
+			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf
+		else
+			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
+			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
+		fi
 		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
 		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
 		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
@@ -1340,8 +1371,13 @@ if [ "$OPENVPN" = "yes" ]; then
 		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
 		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
 	else
-		cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
-		cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
+		if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+			cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf
+			cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf
+		else
+			cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
+			cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
+		fi
 		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
 		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
 		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
@@ -1352,11 +1388,17 @@ if [ "$OPENVPN" = "yes" ]; then
 		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 	fi
 	mkdir -p /etc/openvpn/ccd
+	if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then
+		echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt
+	fi
+	if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then
+		echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt
+	fi
 	chmod 644 /lib/systemd/system/openvpn*.service
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		mptcpize enable openvpn@tun0
+		mptcpize enable openvpn@tun0 2>&1 >/dev/null
 	fi
 	systemctl enable openvpn@bonding1.service
 	systemctl enable openvpn@bonding2.service
@@ -1474,7 +1516,7 @@ if [ "$DSVPN" = "yes" ]; then
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		mptcpize enable dsvpn-server@dsvpn0
+		mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null
 	fi
 fi
 
@@ -1501,7 +1543,7 @@ if [ "$SOURCES" = "yes" ]; then
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
 	else
-		wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
+		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
 	fi
 	tar xzf glorytun-0.0.35.tar.gz
 	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -1563,22 +1605,34 @@ if [ "$LOCALFILES" = "no" ]; then
 	wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in
 	wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run
 	wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in
+	wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass
+	wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in
+	wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in
 else
 	cp ${DIR}/omr-service /usr/local/bin/omr-service
 	cp ${DIR}/omr.service.in /lib/systemd/system/omr.service
 	cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run
 	cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service
+	cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass
+	cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service
+	cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer
+
 fi
 chmod 644 /lib/systemd/system/omr.service
 chmod 644 /lib/systemd/system/omr6in4@.service
 chmod 755 /usr/local/bin/omr-service
 chmod 755 /usr/local/bin/omr-6in4-run
+chmod 644 /lib/systemd/system/omr-bypass.service
+chmod 644 /lib/systemd/system/omr-bypass.timer
+systemctl daemon-reload
 if systemctl -q is-active omr-6in4.service; then
 	systemctl -q stop omr-6in4 > /dev/null 2>&1
 	systemctl -q disable omr-6in4 > /dev/null 2>&1
 fi
 systemctl enable omr6in4@user0.service
 systemctl enable omr.service
+systemctl enable omr-bypass.timer
+systemctl enable omr-bypass.service
 
 # Change SSH port to 65222
 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
@@ -1734,7 +1788,7 @@ if [ "$update" = "0" ]; then
 	# Display important info
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server $OMR_VERSION is now installed !"
-	echo '\033[4m\0331mSSH port: 65222 (instead of port 22)\033[0m'
+	echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m'
 	if [ "$OMR_ADMIN" = "yes" ]; then
 		echo '===================================================================================='
 		echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
diff --git a/iperf3.override.conf b/iperf3.override.conf
new file mode 100644
index 0000000..94edfcc
--- /dev/null
+++ b/iperf3.override.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
\ No newline at end of file
diff --git a/iperf3.service.in b/iperf3.service.in
index 72d8094..03f7ff2 100644
--- a/iperf3.service.in
+++ b/iperf3.service.in
@@ -3,7 +3,7 @@ Description=iperf3
 Requires=network.target
 
 [Service]
-ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem
+ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
 Restart=on-failure
 
 [Install]
diff --git a/omr-service b/omr-service
index 3fa14a6..d35b011 100755
--- a/omr-service
+++ b/omr-service
@@ -67,12 +67,33 @@ _dsvpn() {
 }
 
 _shadowsocks() {
-	[ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && {
-		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks"
+	[ -n "$(systemctl -a | grep 'shadowsocks-libev')" ] && [ -z "$(pgrep ss-server)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
 		systemctl restart shadowsocks-libev-manager@manager
 	}
 }
 
+_shadowsocks_go() {
+	[ -n "$(systemctl -a | grep 'shadowsocks-go')" ] && [ -z "$(pgrep shadowsocks-go)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
+		systemctl restart shadowsocks-go
+	}
+}
+
+_xray() {
+	[ -n "$(systemctl -a | grep 'xray')" ] && [ -z "$(pgrep xray)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart XRay"
+		systemctl restart xray
+	}
+}
+
+_v2ray() {
+	[ -n "$(systemctl -a | grep 'v2ray')" ] && [ -z "$(pgrep v2ray)" ] && {
+		logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
+		systemctl restart v2ray
+	}
+}
+
 _wireguard() {
 	if [ -n "$(systemctl -a | grep 'wg')" ]; then
 		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
@@ -161,6 +182,9 @@ while true; do
 	_glorytun_udp
 	_glorytun_tcp
 	_shadowsocks
+	_shadowsocks_go
+	_xray
+	_v2ray
 	_dsvpn
 	_wireguard
 	_multipath
diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
new file mode 100644
index 0000000..9158040
--- /dev/null
+++ b/openvpn-tun0.6.1.conf
@@ -0,0 +1,32 @@
+topology subnet
+dev tun0
+user nobody
+group nogroup
+data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
+disable-dco
+proto tcp-server
+port 65301
+persist-tun
+persist-key
+duplicate-cn
+verb 3
+server 10.255.252.0 255.255.255.0
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 10 240
+txqueuelen 1000
+sndbuf 262144
+push "sndbuf 262144"
+rcvbuf 262144
+push "rcvbuf 262144"
+tun-mtu 1420
+tls-server
+tls-version-min 1.2
+push "route 10.255.252.1 255.255.255.255"
+client-config-dir ccd
+ifconfig-pool-persist ccd/ipp_tcp.txt
+passtos
+management localhost 65302
diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf
new file mode 100644
index 0000000..2f5f4d2
--- /dev/null
+++ b/openvpn-tun1.6.1.conf
@@ -0,0 +1,29 @@
+topology subnet
+dev tun1
+data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
+proto udp
+port 65301
+persist-tun
+persist-key
+duplicate-cn
+verb 3
+server 10.255.250.0 255.255.255.0
+ca /etc/openvpn/ca/pki/ca.crt
+cert /etc/openvpn/ca/pki/issued/server.crt
+key /etc/openvpn/ca/pki/private/server.key
+dh /etc/openvpn/server/dh2048.pem
+crl-verify /etc/openvpn/ca/pki/crl.pem
+keepalive 10 240
+txqueuelen 1000
+sndbuf 262144
+push "sndbuf 262144"
+rcvbuf 262144
+push "rcvbuf 262144"
+tun-mtu 1420
+tls-server
+tls-version-min 1.2
+push "route 10.255.252.1 255.255.255.255"
+client-config-dir ccd
+#ifconfig-pool-persist ccd/ipp_udp.txt
+fast-io
+passtos
diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf
index 53f3bb0..d3cd55a 100644
--- a/shadowsocks.6.1.conf
+++ b/shadowsocks.6.1.conf
@@ -22,7 +22,7 @@ net.ipv4.tcp_tw_reuse = 1
 # turn off fast timewait sockets recycling
 #net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
-net.ipv4.tcp_fin_timeout = 80
+net.ipv4.tcp_fin_timeout = 30
 # Increase max orphans
 net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
diff --git a/shadowsocks.conf b/shadowsocks.conf
index c270238..aa9587f 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -22,7 +22,7 @@ net.ipv4.tcp_tw_reuse = 1
 # turn off fast timewait sockets recycling
 #net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
-net.ipv4.tcp_fin_timeout = 80
+net.ipv4.tcp_fin_timeout = 30
 # Increase max orphans
 net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
diff --git a/xray-vless-reality.json b/xray-vless-reality.json
new file mode 100644
index 0000000..ca1a9c6
--- /dev/null
+++ b/xray-vless-reality.json
@@ -0,0 +1,47 @@
+{
+    "inbounds": [
+        {
+            "port": 443,
+            "tag": "omrin-vless-reality",
+            "protocol": "vless",
+            "settings": {
+                "clients": [
+                    {
+                        "id": "XRAY_UUID",
+                        "flow": "xtls-rprx-vision"
+                    }
+                ],
+                "decryption": "none"
+            },
+            "streamSettings": {
+                "network": "tcp",
+                "security": "reality",
+                "realitySettings": {
+                    "dest": "1.1.1.1:443",
+                    "serverNames": [
+                        ""
+                    ],
+                    "privateKey": "XRAY_X25519_PRIVATE_KEY",
+                    "publicKey": "XRAY_X25519_PUBLIC_KEY",
+                    "shortIds": [
+                        ""
+                    ]
+                },
+                "sockopt": {
+                    "tcpMptcp": true,
+                    "mark": 0
+                }
+            }
+        }
+    ],
+    "routing": {
+        "rules": [
+            {
+                "type": "field",
+                "inboundTag": [
+                    "omrin-vless-reality"
+                ]
+            }
+        ]
+   }
+}
\ No newline at end of file
diff --git a/xray.service b/xray.service
index ca9d3c6..a1df9e4 100644
--- a/xray.service
+++ b/xray.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=XRay Service
-Documentation=https://www.v2fly.org/
+Documentation=https://xtls.github.io/
 After=network.target nss-lookup.target
 Wants=network-online.target
 

From a9e217fb7ca6e0964ec7b5acd88fddd5038f10cf Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 9 Feb 2024 10:42:55 +0000
Subject: [PATCH 126/164] Add omr-bypass service

---
 omr-bypass            | 82 +++++++++++++++++++++++++++++++++++++++++++
 omr-bypass.service.in | 12 +++++++
 omr-bypass.timer.in   |  8 +++++
 3 files changed, 102 insertions(+)
 create mode 100755 omr-bypass
 create mode 100644 omr-bypass.service.in
 create mode 100644 omr-bypass.timer.in

diff --git a/omr-bypass b/omr-bypass
new file mode 100755
index 0000000..5aa8e02
--- /dev/null
+++ b/omr-bypass
@@ -0,0 +1,82 @@
+#!/bin/sh
+# Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Released under GPL 3. See LICENSE for the full terms.
+
+[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
+
+# Configuration
+INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
+[ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
+GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
+GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
+TABLE="991337"
+MARK="0x539"
+
+CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
+PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
+[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
+jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
+mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
+# Action
+ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
+ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
+ipset -q --exist restore <<-EOF
+create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
+create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
+EOF
+ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
+for ip in $ipv4; do
+	ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
+done
+ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
+for ip in $ipv6; do
+	ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
+done
+iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
+iptables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+:omr-bypass -
+-A PREROUTING -j omr-bypass
+COMMIT
+EOF
+iptables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+:omr-bypass-local -
+-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
+COMMIT
+EOF
+iptables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
+-A omr-bypass -m mark --mark ${MARK} -j RETURN
+-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
+-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
+COMMIT
+EOF
+ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
+ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
+ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
+ip6tables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+:omr-bypass -
+-A PREROUTING -j omr-bypass
+COMMIT
+EOF
+ip6tables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+:omr-bypass-local -
+-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
+COMMIT
+EOF
+ip6tables-restore -w --wait=60 --noflush <<-EOF
+*mangle
+-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
+-A omr-bypass -m mark --mark ${MARK} -j RETURN
+-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
+-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
+COMMIT
+EOF
+if [ -n "$GATEWAY6" ]; then
+	ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
+	ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
+fi
\ No newline at end of file
diff --git a/omr-bypass.service.in b/omr-bypass.service.in
new file mode 100644
index 0000000..0d49437
--- /dev/null
+++ b/omr-bypass.service.in
@@ -0,0 +1,12 @@
+[Unit]
+Description=OMR-ByPass
+After=network.target network-online.target shorewall.service
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/omr-bypass
+KillSignal=9
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
+
+[Install]
+WantedBy=multi-user.target
diff --git a/omr-bypass.timer.in b/omr-bypass.timer.in
new file mode 100644
index 0000000..85d7eb7
--- /dev/null
+++ b/omr-bypass.timer.in
@@ -0,0 +1,8 @@
+[Unit]
+Description=Timer for omr-bypass
+
+[Timer]
+OnUnitActiveSec=300
+
+[Install]
+WantedBy=timers.target

From a5fc57038b3a03bb80be147f9f9a844a17bb22a1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 9 Feb 2024 10:52:04 +0000
Subject: [PATCH 127/164] Update omr-admin API and fix omr-bypass rights

---
 debian9-x86_64.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 06c044f..a776a12 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -67,8 +67,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="70e3403ba4344d5c5006f03f989c8024d0f4708b"
-OMR_ADMIN_BINARY_VERSION="0.8+20231228"
+OMR_ADMIN_VERSION="8451122349457737523d698579d0b567da4e89b0"
+OMR_ADMIN_BINARY_VERSION="0.8+20240208"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -1621,6 +1621,7 @@ fi
 chmod 644 /lib/systemd/system/omr.service
 chmod 644 /lib/systemd/system/omr6in4@.service
 chmod 755 /usr/local/bin/omr-service
+chmod 755 /usr/local/bin/omr-bypass
 chmod 755 /usr/local/bin/omr-6in4-run
 chmod 644 /lib/systemd/system/omr-bypass.service
 chmod 644 /lib/systemd/system/omr-bypass.timer

From 0bd93fb5c8d01aea84303b001d7b6dfa26570b96 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 13 Feb 2024 14:08:52 +0000
Subject: [PATCH 128/164] Update omr-admin API script

---
 debian9-x86_64.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index a776a12..fdcc69d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -67,8 +67,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="8451122349457737523d698579d0b567da4e89b0"
-OMR_ADMIN_BINARY_VERSION="0.8+20240208"
+OMR_ADMIN_VERSION="0780292d156cd8c00cbc83e1ca7d1ff3fde7cf5c"
+OMR_ADMIN_BINARY_VERSION="0.8+20240213"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -237,7 +237,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 	VERSION_ID="11"
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
-	echo "Update Debian 10 Stretch to Debian 11 Buster"
+	echo "Update Debian 11 Buster to Debian 12"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list

From 001aa3be4df69ddb4ff5caed49579600212aad9f Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 22 Feb 2024 17:31:57 +0000
Subject: [PATCH 129/164] Add kernel 6.6 support, allow to disable all proxy
 and VPNs, change IPv6 address in omr-pihole

---
 debian9-x86_64.sh | 576 +++++++++++++++++++++++++---------------------
 omr-pihole.sh     |   2 +-
 2 files changed, 313 insertions(+), 265 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index fdcc69d..209b2a1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -6,8 +6,11 @@
 # See /LICENSE for more information.
 #
 
+KERNEL=${KERNEL:-5.4}
 UPSTREAM=${UPSTREAM:-no}
+[ "$UPSTREAM" = "yes" ] && KERNEL="5.15"
 UPSTREAM6=${UPSTREAM6:-no}
+[ "$UPSTREAM6" = "yes" ] && KERNEL="6.1"
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
 DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
@@ -19,6 +22,7 @@ V2RAY=${V2RAY:-yes}
 V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")}
 XRAY=${XRAY:-yes}
 XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID}
+SHADOWSOCKS=${SHADOWSOCKS:-yes}
 SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes}
 PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)}
 UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)}
@@ -36,7 +40,7 @@ OPENVPN=${OPENVPN:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
 SOURCES=${SOURCES:-no}
-if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then
+if [ "$KERNEL" != "5.4" ]; then
 	SOURCES="yes"
 fi
 NOINTERNET=${NOINTERNET:-no}
@@ -48,18 +52,20 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev
 KERNEL_VERSION="5.4.207"
 KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-if [ "$UPSTREAM" = "yes" ]; then
+if [ "$KERNEL" = "5.15" ]; then
 	KERNEL_VERSION="5.15.57"
 	KERNEL_PACKAGE_VERSION="1.6"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
 fi
-if [ "$UPSTREAM6" = "yes" ]; then
+if [ "$KERNEL" = "6.1" ]; then
 	KERNEL_VERSION="6.1.0"
 	KERNEL_PACKAGE_VERSION="1.30"
 	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 fi
+GLORYTUN_UDP=${GLORYTUN_UDP:-yes}
 GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9"
 GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
+GLORYTUN_TCP=${GLORYTUN_TCP:-yes}
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-6"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
@@ -67,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="0780292d156cd8c00cbc83e1ca7d1ff3fde7cf5c"
-OMR_ADMIN_BINARY_VERSION="0.8+20240213"
+OMR_ADMIN_VERSION="a30f1f32461aefcdb47851d533439032af6e4b05"
+OMR_ADMIN_BINARY_VERSION="0.9+20240222"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -126,12 +132,12 @@ fi
 
 echo "Check architecture..."
 ARCH=$(dpkg --print-architecture | tr -d "\n")
-if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then
+if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then
 	echo "Only x86_64 (amd64) is supported on this OS"
 	exit 1
 fi
 
-if [ "$UPSTREAM6" != "yes" ]; then
+if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then
 	echo "Check virtualized environment"
 	VIRT="$(systemd-detect-virt 2>/dev/null || true)"
 	if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then
@@ -225,7 +231,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Debian 10 Stretch to Debian 11 Buster"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
@@ -236,7 +242,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="11"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Debian 11 Buster to Debian 12"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
@@ -256,7 +262,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
-if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then
+if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
@@ -377,7 +383,7 @@ if [ -z "$(dpkg-query -l | grep grub)" ]; then
 		echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub
 	}
 fi
-if [ "$UPSTREAM6" != "yes" ]; then
+if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb
 		wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb
@@ -418,6 +424,15 @@ if [ "$UPSTREAM6" != "yes" ]; then
 	bash update-grub.sh ${KERNEL_VERSION}-mptcp
 	bash update-grub.sh ${KERNEL_RELEASE}
 	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
+	wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg
+	echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list
+	apt-get update
+	apt-get -y install linux-xanmod-x64v3
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
 else 
 	if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then
 		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1)
@@ -447,7 +462,7 @@ if [ "$IPERF" = "yes" ]; then
 		echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv
 	fi
 	chown -Rf iperf3 /etc/iperf3 || true
-	systemctl enable iperf3.service
+	systemctl enable iperf3.service || true
 	mkdir -p /etc/systemd/system/iperf3.service.d
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf
@@ -456,7 +471,7 @@ if [ "$IPERF" = "yes" ]; then
 	fi
 fi
 
-if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+if [ "$KERNEL" != "5.4" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
 	cd /tmp
@@ -496,89 +511,89 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
 fi
 
 apt-get -y remove shadowsocks-libev
-
-if [ "$SOURCES" = "yes" ]; then
-	#apt -t stretch-backports -y install shadowsocks-libev
-	## Compile Shadowsocks
-	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
-	#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
-	cd /tmp
-	rm -rf shadowsocks-libev
-	git clone https://github.com/Ysurac/shadowsocks-libev.git
-	cd shadowsocks-libev
-	git checkout ${SHADOWSOCKS_VERSION}
-	git submodule update --init --recursive
-	#tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
-	#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
-	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
-	#patch -p1 < 020-NOCRYPTO.patch
-	#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
-	#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
-	#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
-	#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
-	#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
-	#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
-	# Shadowsocks eBPF support
-	#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
-	#patch -p1 < 030-eBPF.patch
-	#rm -f /var/lib/dpkg/lock
-	#apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev
-	#cd /tmp
-	#rm -rf libbpf
-	#git clone https://github.com/libbpf/libbpf.git
-	#cd libbpf
-	#if [ "$ID" = "debian" ]; then
-	#	rm -f /var/lib/dpkg/lock
-	#	apt -y -t stretch-backports install linux-libc-dev
-	#elif [ "$ID" = "ubuntu" ]; then
-	#	rm -f /var/lib/dpkg/lock
-	#	apt-get -y install linux-libc-dev
-	#fi
-	#BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY"
-	#cp /tmp/libbpf/src/libbpf.so /usr/lib
-	#cp /tmp/libbpf/src/*.h /usr/include/bpf
-	#cd /tmp
-	#rm -rf /tmp/libbpf
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
-	apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
-	sleep 1
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	systemctl enable haveged
-	
-	if [ "$ID" = "debian" ]; then
+if [ "$SHADOWSOCKS" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ]; then
+		#apt -t stretch-backports -y install shadowsocks-libev
+		## Compile Shadowsocks
+		#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
+		#wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
+		cd /tmp
+		rm -rf shadowsocks-libev
+		git clone https://github.com/Ysurac/shadowsocks-libev.git
+		cd shadowsocks-libev
+		git checkout ${SHADOWSOCKS_VERSION}
+		git submodule update --init --recursive
+		#tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz
+		#cd shadowsocks-libev-${SHADOWSOCKS_VERSION}
+		#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
+		#patch -p1 < 020-NOCRYPTO.patch
+		#wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch
+		#patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch
+		#wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
+		#patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch
+		#wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch
+		#patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch
+		# Shadowsocks eBPF support
+		#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch
+		#patch -p1 < 030-eBPF.patch
+		#rm -f /var/lib/dpkg/lock
+		#apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev
+		#cd /tmp
+		#rm -rf libbpf
+		#git clone https://github.com/libbpf/libbpf.git
+		#cd libbpf
+		#if [ "$ID" = "debian" ]; then
+		#	rm -f /var/lib/dpkg/lock
+		#	apt -y -t stretch-backports install linux-libc-dev
+		#elif [ "$ID" = "ubuntu" ]; then
+		#	rm -f /var/lib/dpkg/lock
+		#	apt-get -y install linux-libc-dev
+		#fi
+		#BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY"
+		#cp /tmp/libbpf/src/libbpf.so /usr/lib
+		#cp /tmp/libbpf/src/*.h /usr/include/bpf
+		#cd /tmp
+		#rm -rf /tmp/libbpf
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
-		if [ "$VERSION_ID" = "9" ]; then
-			apt -y -t stretch-backports install libsodium-dev
-		else
-			apt -y install libsodium-dev
+		apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev
+		apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc
+		sleep 1
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		systemctl enable haveged
+		if [ "$ID" = "debian" ]; then
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			if [ "$VERSION_ID" = "9" ]; then
+				apt -y -t stretch-backports install libsodium-dev
+			else
+				apt -y install libsodium-dev
+			fi
+		elif [ "$ID" = "ubuntu" ]; then
+			rm -f /var/lib/dpkg/lock
+			rm -f /var/lib/dpkg/lock-frontend
+			apt-get -y install libsodium-dev
 		fi
-	elif [ "$ID" = "ubuntu" ]; then
+		#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
-		apt-get -y install libsodium-dev
+		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		dpkg-buildpackage -b -us -uc 2>&1 >/dev/null
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		cd /tmp
+		#dpkg -i shadowsocks-libev_*.deb
+		dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
+		#mkdir -p /usr/lib/shadowsocks-libev
+		#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
+		#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
+		rm -rf /tmp/shadowsocks-libev
+	else
+		apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 	fi
-	#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	dpkg-buildpackage -b -us -uc 2>&1 >/dev/null
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	cd /tmp
-	#dpkg -i shadowsocks-libev_*.deb
-	dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
-	#mkdir -p /usr/lib/shadowsocks-libev
-	#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
-	#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
-	rm -rf /tmp/shadowsocks-libev
-else
-	apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION}
 fi
 
 # Load BBR Congestion module at boot time
@@ -586,7 +601,7 @@ if ! grep -q bbr /etc/modules ; then
 	echo tcp_bbr >> /etc/modules
 fi
 
-if [ "$UPSTREAM" != "yes" ] && [ "$UPSTREAM6" != "yes" ]; then
+if [ "$KERNEL" = "5.4" ]; then
 	# Load OLIA Congestion module at boot time
 	if ! grep -q olia /etc/modules ; then
 		echo mptcp_olia >> /etc/modules
@@ -706,7 +721,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	fi
 	mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4
 	mkdir -p /etc/openmptcprouter-vps-admin/intf
-	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
+	#[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn
+	[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
@@ -764,7 +780,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		systemctl enable omr-admin-ipv6.service
 	}
 	systemctl enable omr-admin.service
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable omr-admin.service 2>&1 >/dev/null
 		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null
 	fi
@@ -772,74 +788,75 @@ fi
 
 # Get shadowsocks optimization
 if [ "$LOCALFILES" = "no" ]; then
-	if [ "$UPSTREAM6" = "yes" ]; then
+	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf
 	else
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
 	fi
 else
-	if [ "$UPSTREAM6" = "yes" ]; then
+	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
 		cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf
 	else
 		cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
 	fi
 fi
 
-if [ "$update" != 0 ]; then
-	if [ ! -f /etc/shadowsocks-libev/manager.json ]; then
-		SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
-	else
-		SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
+if [ "$SHADOWSOCKS" = "yes" ]; then
+	if [ "$update" != 0 ]; then
+		if [ ! -f /etc/shadowsocks-libev/manager.json ]; then
+			SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
+		elif [ -f /etc/shadowsocks-libev/manager.json ]; then
+			SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d  "\n" | sed 's/-/+/g; s/_/\//g;')
+		fi
 	fi
-fi
-# Install shadowsocks config and add a shadowsocks by CPU
-if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json
-	else
-		cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json
-	fi
-	SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
-	if [ "$NBCPU" -gt "1" ]; then
-		for i in $(seq 2 NBCPU); do
+	# Install shadowsocks config and add a shadowsocks by CPU
+	if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json
+		else
+			cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json
+		fi
+		SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
+		if [ "$NBCPU" -gt "1" ]; then
+			for i in $(seq 2 NBCPU); do
+				sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
+			done
+		fi
+		#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
+		sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
+		[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
+	elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
+		for i in $(seq 2 $NBCPU); do
 			sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
 		done
+		sed -i 's/       "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json
+	fi
+	[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
+	#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
+	#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
+	if [ "$LOCALFILES" = "no" ]; then
+		wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in
+	else
+		cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service
+	fi
+	if systemctl -q is-enabled shadowsocks-libev; then
+		systemctl -q disable shadowsocks-libev
+	fi
+	[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
+	systemctl enable shadowsocks-libev-manager@manager.service
+	if [ $NBCPU -gt 1 ]; then
+		for i in $(seq 1 $NBCPU); do
+			[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
+		done
+	fi
+	if systemctl -q is-active shadowsocks-libev-manager@manager; then
+		systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
 	fi
-	#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
-	sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
-	[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
-elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
-	for i in $(seq 2 $NBCPU); do
-		sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
-	done
-	sed -i 's/       "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json
-fi
-[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl
-#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json
-#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service
-if [ "$LOCALFILES" = "no" ]; then
-	wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in
-else
-	cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service
-fi
-if systemctl -q is-enabled shadowsocks-libev; then
-	systemctl -q disable shadowsocks-libev
-fi
-[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
-systemctl enable shadowsocks-libev-manager@manager.service
-if [ $NBCPU -gt 1 ]; then
-	for i in $(seq 1 $NBCPU); do
-		[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
-	done
 fi
 if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
 	echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
 fi
 
-if systemctl -q is-active shadowsocks-libev-manager@manager; then
-	systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
-fi
-
 if [ "$LOCALFILES" = "no" ]; then
 	wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in
 	wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update
@@ -917,7 +934,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 	fi
 fi
 
-if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then
+if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then
 	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
 fi
 
@@ -1015,7 +1032,7 @@ if [ "$V2RAY" = "yes" ]; then
 		wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json
 		sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json
 	#fi
-	if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then
+	if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then
 		sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/v2ray/v2ray-server.json
 	fi
 	rm -f /etc/v2ray/config.json
@@ -1355,7 +1372,7 @@ if [ "$OPENVPN" = "yes" ]; then
 		openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048
 	fi
 	if [ "$LOCALFILES" = "no" ]; then
-		if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+		if [ "$KERNEL" != "5.4" ]; then
 			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf
 			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf
 		else
@@ -1371,7 +1388,7 @@ if [ "$OPENVPN" = "yes" ]; then
 		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
 		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
 	else
-		if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+		if [ "$KERNEL" != "5.4" ]; then
 			cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf
 			cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf
 		else
@@ -1397,7 +1414,7 @@ if [ "$OPENVPN" = "yes" ]; then
 	chmod 644 /lib/systemd/system/openvpn*.service
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable openvpn@tun0 2>&1 >/dev/null
 	fi
 	systemctl enable openvpn@bonding1.service
@@ -1415,61 +1432,63 @@ echo 'Glorytun UDP'
 if systemctl -q is-active glorytun-udp@tun0.service; then
 	systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1
 fi
-if [ "$SOURCES" = "yes" ]; then
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	rm -f /usr/bin/glorytun
-	apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
-	rm -rf /tmp/glorytun-udp
-	cd /tmp
-	git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp
-	cd /tmp/glorytun-udp
-	git checkout ${GLORYTUN_UDP_VERSION}
-	git submodule update --init --recursive
-	meson build
-	ninja -C build install
-	sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
-	rm /lib/systemd/system/glorytun*
-	rm /lib/systemd/network/glorytun*
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run
+if [ "$GLORYTUN_UDP" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ]; then
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		rm -f /usr/bin/glorytun
+		apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config
+		rm -rf /tmp/glorytun-udp
+		cd /tmp
+		git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp
+		cd /tmp/glorytun-udp
+		git checkout ${GLORYTUN_UDP_VERSION}
+		git submodule update --init --recursive
+		meson build
+		ninja -C build install
+		sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
+		rm /lib/systemd/system/glorytun*
+		rm /lib/systemd/network/glorytun*
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run
+		else
+			cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run
+		fi
+		chmod 755 /usr/local/bin/glorytun-udp-run
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in
+		else
+			cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service
+		fi
+		chmod 644 /lib/systemd/system/glorytun-udp@.service
+		#wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network
+		rm -f /lib/systemd/network/glorytun-udp.network
+		mkdir -p /etc/glorytun-udp
+		if [ "$LOCALFILES" = "no" ]; then
+			wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh
+			wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp
+		else
+			cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh
+			cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0
+		fi
+		chmod 755 /etc/glorytun-udp/post.sh
+		if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then
+			echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
+		elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then
+			cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key
+		fi
+		systemctl enable glorytun-udp@tun0.service
+		systemctl enable systemd-networkd.service
+		cd /tmp
+		rm -rf /tmp/glorytun-udp
 	else
-		cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run
+		rm -f /usr/local/bin/glorytun
+		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
+		chmod 644 /lib/systemd/system/glorytun-udp@.service
+		GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 	fi
-	chmod 755 /usr/local/bin/glorytun-udp-run
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in
-	else
-		cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service
-	fi
-	chmod 644 /lib/systemd/system/glorytun-udp@.service
-	#wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network
-	rm -f /lib/systemd/network/glorytun-udp.network
-	mkdir -p /etc/glorytun-udp
-	if [ "$LOCALFILES" = "no" ]; then
-		wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh
-		wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp
-	else
-		cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh
-		cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0
-	fi
-	chmod 755 /etc/glorytun-udp/post.sh
-	if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then
-		echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
-	elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then
-		cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key
-	fi
-	systemctl enable glorytun-udp@tun0.service
-	systemctl enable systemd-networkd.service
-	cd /tmp
-	rm -rf /tmp/glorytun-udp
-else
-	rm -f /usr/local/bin/glorytun
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION}
-	chmod 644 /lib/systemd/system/glorytun-udp@.service
-	GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
+	[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
 fi
-[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
 
 
 # Add chrony for time sync
@@ -1515,7 +1534,7 @@ if [ "$DSVPN" = "yes" ]; then
 		chmod 644 /lib/systemd/system/dsvpn-server@.service
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null
 	fi
 fi
@@ -1524,58 +1543,60 @@ fi
 if systemctl -q is-active glorytun-tcp@tun0.service; then
 	systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1
 fi
-if [ "$SOURCES" = "yes" ]; then
-	if [ "$ID" = "debian" ]; then
-		if [ "$VERSION_ID" = "9" ]; then
-			apt -t stretch-backports -y install libsodium-dev
-		else
-			apt -y install libsodium-dev
+if [ "$GLORYTUN_TCP" = "yes" ]; then
+	if [ "$SOURCES" = "yes" ]; then
+		if [ "$ID" = "debian" ]; then
+			if [ "$VERSION_ID" = "9" ]; then
+				apt -t stretch-backports -y install libsodium-dev
+			else
+				apt -y install libsodium-dev
+			fi
+		elif [ "$ID" = "ubuntu" ]; then
+			apt-get -y install libsodium-dev
 		fi
-	elif [ "$ID" = "ubuntu" ]; then
-		apt-get -y install libsodium-dev
-	fi
-	rm -f /var/lib/dpkg/lock
-	rm -f /var/lib/dpkg/lock-frontend
-	rm -f /usr/bin/glorytun-tcp
-	apt-get -y install build-essential pkg-config autoconf automake
-	rm -rf /tmp/glorytun-0.0.35
-	cd /tmp
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		rm -f /usr/bin/glorytun-tcp
+		apt-get -y install build-essential pkg-config autoconf automake
+		rm -rf /tmp/glorytun-0.0.35
+		cd /tmp
+		if [ "$KERNEL" != "5.4" ]; then
+			wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz
+		else
+			wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
+		fi
+		tar xzf glorytun-0.0.35.tar.gz
+		if [ "$KERNEL" != "5.4" ]; then
+			mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
+		fi
+		cd glorytun-0.0.35
+		./autogen.sh
+		./configure
+		make
+		cp glorytun /usr/local/bin/glorytun-tcp
+		wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run
+		chmod 755 /usr/local/bin/glorytun-tcp-run
+		wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in
+		#wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network
+		chmod 644 /lib/systemd/system/glorytun-tcp@.service
+		rm -f /lib/systemd/network/glorytun-tcp.network
+		mkdir -p /etc/glorytun-tcp
+		wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh
+		chmod 755 /etc/glorytun-tcp/post.sh
+		wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun
+		if [ "$update" = "0" ]; then
+			echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
+		fi
+		systemctl enable glorytun-tcp@tun0.service
+		#systemctl enable systemd-networkd.service
+		cd /tmp
+		rm -rf /tmp/glorytun-0.0.35
 	else
-		wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
+		rm -f /usr/local/bin/glorytun-tcp
+		apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
 	fi
-	tar xzf glorytun-0.0.35.tar.gz
-	if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
-		mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35
-	fi
-	cd glorytun-0.0.35
-	./autogen.sh
-	./configure
-	make
-	cp glorytun /usr/local/bin/glorytun-tcp
-	wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run
-	chmod 755 /usr/local/bin/glorytun-tcp-run
-	wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in
-	#wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network
-	chmod 644 /lib/systemd/system/glorytun-tcp@.service
-	rm -f /lib/systemd/network/glorytun-tcp.network
-	mkdir -p /etc/glorytun-tcp
-	wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh
-	chmod 755 /etc/glorytun-tcp/post.sh
-	wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun
-	if [ "$update" = "0" ]; then
-		echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
-	fi
-	systemctl enable glorytun-tcp@tun0.service
-	#systemctl enable systemd-networkd.service
-	cd /tmp
-	rm -rf /tmp/glorytun-0.0.35
-else
-	rm -f /usr/local/bin/glorytun-tcp
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION}
+	[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
 fi
-[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0
 
 
 # Load tun module at boot time
@@ -1849,14 +1870,26 @@ if [ "$update" = "0" ]; then
 	# Save info in file
 	cat > /root/openmptcprouter_config.txt <<-EOF
 	SSH port: 65222 (instead of port 22)
-	Shadowsocks port: 65101
-	Shadowsocks encryption: chacha20
-	Your shadowsocks key: ${SHADOWSOCKS_PASS}
-	Your shadowsocks 2022 key: ${PSK}:${UPSK}
-	Glorytun port: 65001
-	Glorytun encryption: chacha20
-	Your glorytun key: ${GLORYTUN_PASS}
 	EOF
+	if [ "$SHADOWSOCKS" = "yes" ]; then
+		cat >> /root/openmptcprouter_config.txt <<-EOF
+		Shadowsocks port: 65101
+		Shadowsocks encryption: chacha20
+		Your shadowsocks key: ${SHADOWSOCKS_PASS}
+		EOF
+	fi
+	if [ "$SHADOWSOCKS_GO" = "yes" ]; then
+		cat >> /root/openmptcprouter_config.txt <<-EOF
+		Your shadowsocks 2022 key: ${PSK}:${UPSK}
+		EOF
+	fi
+	if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then
+		cat >> /root/openmptcprouter_config.txt <<-EOF
+		Glorytun port: 65001
+		Glorytun encryption: chacha20
+		Your glorytun key: ${GLORYTUN_PASS}
+		EOF
+	fi
 	if [ "$DSVPN" = "yes" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
 		A Dead Simple VPN port: 65401
@@ -1882,7 +1915,7 @@ if [ "$update" = "0" ]; then
 		Your OpenMPTCProuter Server username: openmptcprouter
 		EOF
 	fi
-	systemctl -q restart sshd
+	#systemctl -q restart sshd
 else
 	echo '===================================================================================='
 	echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !"
@@ -1910,18 +1943,27 @@ else
 		systemctl -q restart v2ray
 		echo 'done'
 	fi
+	if [ "$XRAY" = "yes" ]; then
+		echo 'Restarting xray...'
+		systemctl -q restart xray
+		echo 'done'
+	fi
 	if [ "$DSVPN" = "yes" ]; then
 		echo 'Restarting dsvpn...'
 		systemctl -q start dsvpn-server@dsvpn0 || true
 		systemctl -q restart 'dsvpn-server@*' || true
 		echo 'done'
 	fi
-	echo 'Restarting glorytun...'
-	systemctl -q start glorytun-tcp@tun0 || true
-	systemctl -q restart 'glorytun-tcp@*' || true
-	systemctl -q start glorytun-udp@tun0 || true
-	systemctl -q restart 'glorytun-udp@*' || true
-	echo 'done'
+	if [ "$GLORYTUN_TCP" = "yes" ]; then
+		echo 'Restarting glorytun tcp...'
+		systemctl -q start glorytun-tcp@tun0 || true
+		systemctl -q restart 'glorytun-tcp@*' || true
+	fi
+	if [ "$GLORYTUN_UDP" = "yes" ]; then
+		systemctl -q start glorytun-udp@tun0 || true
+		systemctl -q restart 'glorytun-udp@*' || true
+		echo 'done'
+	fi
 	echo 'Restarting omr6in4...'
 	systemctl -q start omr6in4@user0 || true
 	systemctl -q restart omr6in4@* || true
@@ -1963,13 +2005,19 @@ else
 		echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.'
 	fi
 	echo 'Apply latest sysctl...'
-	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1
+	sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true
 	echo 'done'
 	echo 'Restarting omr...'
 	systemctl -q restart omr
 	echo 'done'
-	echo 'Restarting shadowsocks...'
-	systemctl -q restart shadowsocks-libev-manager@manager
+	if [ "$SHADOWSOCKS" = "yes" ]; then
+		echo 'Restarting shadowsocks...'
+		systemctl -q restart shadowsocks-libev-manager@manager
+	fi
+	if [ "$SHADOWSOCKS_GO" = "yes" ]; then
+		echo 'Restarting shadowsocks-go...'
+		systemctl -q restart shadowsocks-go
+	fi
 #	if [ $NBCPU -gt 1 ]; then
 #		for i in $NBCPU; do
 #			systemctl restart shadowsocks-libev-server@config$i
diff --git a/omr-pihole.sh b/omr-pihole.sh
index a32acfb..b8b0c27 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -37,7 +37,7 @@ mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
 cat >> /etc/pihole/setupVars.conf <<-EOF
 PIHOLE_INTERFACE=gt-tun0
 IPV4_ADDRESS=10.255.0.0/16
-IPV6_ADDRESS=fe80::aff:ff01/64
+IPV6_ADDRESS=fd00::a00:/106
 RATE_LIMIT=0/0
 EOF
 

From b4d8f5551c1589e2b404f76e643c17a1dd739649 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 26 Feb 2024 14:28:12 +0000
Subject: [PATCH 130/164] Add some allow-downgrades to fix error in some
 install with kernel 6.1

---
 debian9-x86_64.sh | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 209b2a1..976ecb2 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -110,6 +110,12 @@ export DEBIAN_FRONTEND=noninteractive
 echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
+# Check Kernel
+if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then
+	echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported"
+	exit 1
+fi
+
 # Check Linux version
 echo "Check Linux version..."
 if test -f /etc/os-release ; then
@@ -223,8 +229,8 @@ apt-get -y install apt-transport-https gnupg openssh-server
 #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Debian 9 Stretch to Debian 10 Buster"
-	apt-get -y -f --force-yes upgrade
-	apt-get -y -f --force-yes dist-upgrade
+	apt-get -y -f --force-yes --allow-downgrades upgrade
+	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
 	sed -i 's:stretch:buster:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
@@ -233,8 +239,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Debian 10 Stretch to Debian 11 Buster"
-	apt-get -y -f --force-yes upgrade
-	apt-get -y -f --force-yes dist-upgrade
+	apt-get -y -f --force-yes --allow-downgrades upgrade
+	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
 	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
 	sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
@@ -244,8 +250,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Debian 11 Buster to Debian 12"
-	apt-get -y -f --force-yes upgrade
-	apt-get -y -f --force-yes dist-upgrade
+	apt-get -y -f --force-yes --allow-downgrades upgrade
+	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
 	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
@@ -254,8 +260,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ]
 fi
 if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Ubuntu 18.04 to Ubuntu 20.04"
-	apt-get -y -f --force-yes upgrade
-	apt-get -y -f --force-yes dist-upgrade
+	apt-get -y -f --force-yes --allow-downgrades upgrade
+	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
 	sed -i 's:bionic:focal:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
@@ -264,8 +270,8 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 fi
 if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
 	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
-	apt-get -y -f --force-yes upgrade
-	apt-get -y -f --force-yes dist-upgrade
+	apt-get -y -f --force-yes --allow-downgrades upgrade
+	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
 	sed -i 's:focal:jammy:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
@@ -691,7 +697,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 				pip3 -q install uvloop
 			fi
 		else
-			apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
+			apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop
 		fi
 	fi
 	apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen
@@ -756,7 +762,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 			OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n")
 			[ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2
 		fi
-		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
+		apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION}
 		if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then
 			cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/
 		fi

From 2b99a77d1a7c1c3736a1328e0b7b50a4b5575990 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 1 Mar 2024 19:03:24 +0000
Subject: [PATCH 131/164] Update omr-admin

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 976ecb2..9860a02 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -73,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="a30f1f32461aefcdb47851d533439032af6e4b05"
-OMR_ADMIN_BINARY_VERSION="0.9+20240222"
+OMR_ADMIN_VERSION="7adb6dd1083420fa3bff20f3d58aa36d30e36e3c"
+OMR_ADMIN_BINARY_VERSION="0.9+20240301"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"

From 96775408d7d40e917f190cf9d60744f0bcb83fdb Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 28 Mar 2024 08:16:15 +0000
Subject: [PATCH 132/164] Update omr-admin script and fix on openvpn

---
 debian9-x86_64.sh     | 7 ++++---
 openvpn-tun0.6.1.conf | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 9860a02..02c495d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -73,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="7adb6dd1083420fa3bff20f3d58aa36d30e36e3c"
-OMR_ADMIN_BINARY_VERSION="0.9+20240301"
+OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df"
+OMR_ADMIN_BINARY_VERSION="0.9+20240324"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -1869,8 +1869,9 @@ if [ "$update" = "0" ]; then
 	echo '===================================================================================='
 	echo '\033[1m  /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m'
 	echo '------------------------------------------------------------------------------------'
-	echo ' After reboot, check with uname -a that the kernel name contain mptcp.'
+	echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.'
 	echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub'
+	echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.'
 	echo '===================================================================================='
 
 	# Save info in file
diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
index 9158040..0aff68b 100644
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@@ -29,4 +29,4 @@ push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
 ifconfig-pool-persist ccd/ipp_tcp.txt
 passtos
-management localhost 65302
+management 127.0.0.1 65302

From 1ab5d977ded12de9266499577815cffe8a8f3540 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 9 Apr 2024 12:57:02 +0000
Subject: [PATCH 133/164] Fix route in openvpn MPTCP over VPN

---
 openvpn-tun1.6.1.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf
index 2f5f4d2..a89b527 100644
--- a/openvpn-tun1.6.1.conf
+++ b/openvpn-tun1.6.1.conf
@@ -22,7 +22,7 @@ push "rcvbuf 262144"
 tun-mtu 1420
 tls-server
 tls-version-min 1.2
-push "route 10.255.252.1 255.255.255.255"
+push "route 10.255.250.1 255.255.255.255"
 client-config-dir ccd
 #ifconfig-pool-persist ccd/ipp_udp.txt
 fast-io

From 90d327abbeb7e3284fff1aef19a92516d00d2adf Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 9 Apr 2024 12:58:45 +0000
Subject: [PATCH 134/164] Test for Debian 6.6 official kernel when not on
 x86_64

---
 debian9-x86_64.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 02c495d..7106c3a 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -439,6 +439,14 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
 		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
 		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
 	}
+elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then
+	echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list
+	apt-get update
+	apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1)
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
 else 
 	if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then
 		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1)

From 103e508dd7e5e5e4495dc0e43f97e28510ea00c7 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Apr 2024 17:28:22 +0000
Subject: [PATCH 135/164] Change in master branch

---
 debian9-x86_64.sh | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 23d2f9e..9a53ac7 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -61,8 +61,10 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4"
-OMR_ADMIN_BINARY_VERSION="0.3+20230709"
+#OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4"
+#OMR_ADMIN_BINARY_VERSION="0.3+20230718"
+OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2"
+OMR_ADMIN_BINARY_VERSION="0.3+20230823"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="4.43.0"
@@ -581,11 +583,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	pip3 -q install netjsonconfig
-	if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
-		pip3 -q install fastapi==0.99.1 -U
-	else
-		pip3 -q install fastapi -U
-	fi
+#	if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ])); then
+	pip3 -q install fastapi==0.99.1 -U
+#	else
+#		pip3 -q install fastapi -U
+#	fi
 	pip3 -q install jsonschema -U
 	pip3 -q install python-multipart jinja2 -U
 	pip3 -q install starlette

From c13a84dc6bf06a32c08de88f260fc75dea0077aa Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 10 Apr 2024 17:35:43 +0000
Subject: [PATCH 136/164] Update changelog

---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ef7d9d2..db2a6a9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+omr-server (0.1030) unstable; urgency=medium
+
+    * Many changes
+
+ -- OpenMPTCProuter <contact@openmptcprouter.com>  Wed, 10 Apr 2024 19:35:34 +0200
+
 omr-server (0.1028) unstable; urgency=medium
 
     * Many changes

From efdb9e3ef7f4275b1eafbce7fe90c98a52a772ea Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Sun, 14 Apr 2024 17:01:13 +0000
Subject: [PATCH 137/164] Fixes on script

---
 debian9-x86_64.sh | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 7106c3a..021782d 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -91,13 +91,13 @@ SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 SHADOWSOCKS_GO_VERSION="1.8.0"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server-test"
+VPSPATH="server"
 VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1029-test"
+OMR_VERSION="0.1030"
 
 DIR=$( pwd )
 #"
@@ -229,33 +229,33 @@ apt-get -y install apt-transport-https gnupg openssh-server
 #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Debian 9 Stretch to Debian 10 Buster"
-	apt-get -y -f --force-yes --allow-downgrades upgrade
-	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	sed -i 's:stretch:buster:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="10"
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
-	echo "Update Debian 10 Stretch to Debian 11 Buster"
-	apt-get -y -f --force-yes --allow-downgrades upgrade
-	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
+	echo "Update Debian 10 Buster to Debian 11 Bullseye"
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
 	sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="11"
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
-	echo "Update Debian 11 Buster to Debian 12"
-	apt-get -y -f --force-yes --allow-downgrades upgrade
-	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
+	echo "Update Debian 11 Bullseye to Debian 12 Bookworm"
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
-	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
+	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="12"
 fi
 if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
@@ -349,7 +349,7 @@ if [ "$ID" = "debian" ]; then
 		echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
 	fi
 	# Add buster-backports repo
-	echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
+	echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list
 	if [ "$VERSION_ID" = "12" ]; then
 		echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list
 	fi

From 172c0461be5b3cbd8e47108ef975abf7b9287a0a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Apr 2024 07:39:29 +0000
Subject: [PATCH 138/164] Add changes from master branch and create a new test
 script

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 021782d..6d4e85c 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -91,13 +91,13 @@ SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 SHADOWSOCKS_GO_VERSION="1.8.0"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server"
+VPSPATH="server-test"
 VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)}
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1030"
+OMR_VERSION="0.1031-test"
 
 DIR=$( pwd )
 #"

From 1cc3bda15802aaec2b38dfc2aed2267aaa54176d Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Apr 2024 15:02:32 +0000
Subject: [PATCH 139/164] Add support for a specific interface for IPv6

---
 debian9-x86_64.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6d4e85c..32f531c 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -49,6 +49,7 @@ SPEEDTEST=${SPEEDTEST:-yes}
 IPERF=${IPERF:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
+INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
 KERNEL_VERSION="5.4.207"
 KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
@@ -1699,7 +1700,7 @@ if [ "$update" = "0" ]; then
 	fi
 	tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
 	rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
-	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
+	sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/*
 	systemctl enable shorewall6
 else
 	# Update only needed firewall files
@@ -1731,7 +1732,7 @@ else
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
-	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
+	sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/*
 	if [ "$LOCALFILES" = "no" ]; then
 		rm -rf ${DIR}/shorewall4
 		rm -rf ${DIR}/shorewall6

From 49390c7277eb0c25202ff279a50bcb1c3030d165 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 15 Apr 2024 15:03:24 +0000
Subject: [PATCH 140/164] Fix buster backports for existing install

---
 debian9-x86_64.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 021782d..177115e 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -215,6 +215,7 @@ echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
+rm -f /etc/apt/sources.list.d/buster-backports.list
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
 	apt-get update
 else

From 70a240a396d91a01f6a8cfc9d65556ac5fee88a1 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 4 Jul 2024 09:45:34 +0000
Subject: [PATCH 141/164] Update to latest changes

---
 debian9-x86_64.sh     | 68 +++++++++++++++++++++++-------------
 omr-service           | 80 +++++++++++++++++++++----------------------
 openvpn-tun0.6.1.conf |  2 +-
 openvpn-tun1.6.1.conf |  2 +-
 4 files changed, 87 insertions(+), 65 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 5a66064..57a9ec1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -44,6 +44,7 @@ if [ "$KERNEL" != "5.4" ]; then
 	SOURCES="yes"
 fi
 NOINTERNET=${NOINTERNET:-no}
+GRETUNNELS=${GRETUNNELS:-yes}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-yes}
 IPERF=${IPERF:-yes}
@@ -74,8 +75,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df"
-OMR_ADMIN_BINARY_VERSION="0.9+20240324"
+OMR_ADMIN_VERSION="21d071ebece556f3114c18ed9e86414ea6c85e1c"
+OMR_ADMIN_BINARY_VERSION="0.11+20240704"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -202,7 +203,7 @@ fi
 # Force update key
 [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && {
 	echo "Update ${REPO} key"
-	apt-key del '2FDF 70C8 228B 7F04 42FE  59F6 608F D17B 2B24 D936' 2>&1 >/dev/null
+	apt-key del '2FDF 70C8 228B 7F04 42FE  59F6 608F D17B 2B24 D936' >/dev/null 2>&1
 	if [ "$CHINA" = "yes" ]; then
 		#wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add -
 		wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg
@@ -431,12 +432,22 @@ if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then
 	rm -f /etc/grub.d/30_os-prober
 	bash update-grub.sh ${KERNEL_VERSION}-mptcp
 	bash update-grub.sh ${KERNEL_RELEASE}
-	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null
+	[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg >/dev/null 2>&1
 elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
-	wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg
-	echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list
-	apt-get update
-	apt-get -y install linux-xanmod-x64v3
+	# awk command from xanmod website
+	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
+	KERNEL_VERSION="6.6.36"
+	KERNEL_REV="0~20240628.g36640c1"
+	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
+	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+
+#	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
+#	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
+#	apt-get update
+#	apt-get -y install linux-xanmod-lts-x64v3
 	[ -f /etc/default/grub ] && {
 		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
 		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
@@ -444,14 +455,16 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
 elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then
 	echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list
 	apt-get update
-	apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1)
+	latestkernel=$(apt-cache search linux-image-6.6 | grep -v headers | grep -v dbg | grep -v rt | tail -n 1 | cut -d" " -f1)
+	latestkernelheaders=$(echo $latestkernel | sed 's/image/headers/g')
+	apt-get -y install $latestkernel $latestkernelheaders
 	[ -f /etc/default/grub ] && {
 		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
 		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
 	}
 else 
 	if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then
-		apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1)
+		apt-get -y install $(apt-cache search linux-image-unsigned-6.1 | tail -n 1 | cut -d" " -f1)
 	fi
 	[ -f /etc/default/grub ] && {
 		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
@@ -468,7 +481,7 @@ if [ "$IPERF" = "yes" ]; then
 	#apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3
 	#chmod 644 /lib/systemd/system/iperf3.service
 	echo "Install iperf3"
-	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null
+	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1
 	apt-get -y install iperf3
 	if [ ! -f "/etc/iperf3/private.pem" ]; then
 		mkdir -p /etc/iperf3
@@ -487,6 +500,10 @@ if [ "$IPERF" = "yes" ]; then
 	fi
 fi
 
+rm -f /var/lib/dpkg/lock
+rm -f /var/lib/dpkg/lock-frontend
+
+
 if [ "$KERNEL" != "5.4" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
@@ -515,8 +532,10 @@ if [ "$KERNEL" != "5.4" ]; then
 	fi
 	rm -rf iproute2
 
-	echo "MPTCPize iperf3..."
-	mptcpize enable iperf3 2>&1 >/dev/null
+	if [ "$ID" = "debian" ]; then
+		echo "MPTCPize iperf3..."
+		mptcpize enable iperf3 >/dev/null 2>&1
+	fi
 
 	#if [ "$UPSTREAM6" = "yes" ]; then
 	#	apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg
@@ -594,15 +613,15 @@ if [ "$SHADOWSOCKS" = "yes" ]; then
 		#cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
-		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null
+		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
-		dpkg-buildpackage -b -us -uc 2>&1 >/dev/null
+		dpkg-buildpackage -b -us -uc >/dev/null 2>&1
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
 		cd /tmp
 		#dpkg -i shadowsocks-libev_*.deb
-		dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null
+		dpkg -i omr-shadowsocks-libev_*.deb >/dev/null 2>&1
 		#mkdir -p /usr/lib/shadowsocks-libev
 		#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev
 		#rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}
@@ -789,6 +808,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	[ "$NOINTERNET" = "yes" ] && {
 		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
+	[ "$GRETUNNELS" = "no" ] && {
+		sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	}
 	chmod 644 /lib/systemd/system/omr-admin.service
 	chmod 644 /lib/systemd/system/omr-admin-ipv6.service
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
@@ -797,8 +819,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	}
 	systemctl enable omr-admin.service
 	if [ "$KERNEL" != "5.4" ]; then
-		mptcpize enable omr-admin.service 2>&1 >/dev/null
-		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null
+		mptcpize enable omr-admin.service >/dev/null 2>&1
+		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
 	fi
 fi
 
@@ -1374,7 +1396,7 @@ if [ "$OPENVPN" = "yes" ]; then
 			make-cadir /etc/openvpn/ca
 		fi
 		cd /etc/openvpn/ca
-		./easyrsa --batch init-pki 2>&1 >/dev/null
+		./easyrsa --batch init-pki >/dev/null 2>&1
 		./easyrsa --batch build-ca nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass
 		EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass
@@ -1431,7 +1453,7 @@ if [ "$OPENVPN" = "yes" ]; then
 	systemctl enable openvpn@tun0.service
 	systemctl enable openvpn@tun1.service
 	if [ "$KERNEL" != "5.4" ]; then
-		mptcpize enable openvpn@tun0 2>&1 >/dev/null
+		mptcpize enable openvpn@tun0 >/dev/null 2>&1
 	fi
 	systemctl enable openvpn@bonding1.service
 	systemctl enable openvpn@bonding2.service
@@ -1551,7 +1573,7 @@ if [ "$DSVPN" = "yes" ]; then
 		DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n")
 	fi
 	if [ "$KERNEL" != "5.4" ]; then
-		mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null
+		mptcpize enable dsvpn-server@dsvpn0 >/dev/null 2>&1
 	fi
 fi
 
@@ -1770,7 +1792,7 @@ if [ "$TLS" = "yes" ]; then
 			#[ "$(shorewall  status | grep stopped)" = "" ] && shorewall open all all tcp 443
 			curl https://get.acme.sh | sh
 			systemctl -q restart shorewall
-			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null
+			~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 >/dev/null 2>&1' --post-hook 'shorewall close all all tcp 443 >/dev/null 2>&1' >/dev/null 2>&1
 			set -e
 			if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then
 				rm -f /etc/openmptcprouter-vps-admin/cert.pem
@@ -1818,7 +1840,7 @@ else
 fi
 
 if [ "$SOURCES" != "yes" ]; then
-	apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true
+	apt-get -y install omr-server=${OMR_VERSION} >/dev/null 2>&1 || true
 	rm -f /etc/openmtpcprouter-vps-admin/update-bin
 fi
 
diff --git a/omr-service b/omr-service
index d35b011..be312e1 100755
--- a/omr-service
+++ b/omr-service
@@ -7,13 +7,13 @@ _multipath() {
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
 			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
-				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on 2>&1 >/dev/null
+				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1
 				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
-					multipath $intf signal 2>&1 >/dev/null
-					ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null
+					multipath $intf signal >/dev/null 2>&1
+					ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
 				}
 			else
-				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off 2>&1 >/dev/null
+				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
 			fi
 		fi
 	done
@@ -29,7 +29,7 @@ _glorytun_udp() {
 		for intf in /etc/glorytun-udp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
 		done
-		#ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
 	fi
 }
 
@@ -48,12 +48,12 @@ _glorytun_tcp() {
 				sleep 10
 			fi
 		fi
-		#ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
 	fi
 }
 
 _dsvpn() {
-	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
 	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
 		localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
 		[ -z "$localip" ] && localip="10.255.251.1"
@@ -62,7 +62,7 @@ _dsvpn() {
 			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
 			systemctl restart dsvpn-server@dsvpn0
 		fi
-		#ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null
+		#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
 	fi
 }
 
@@ -96,8 +96,8 @@ _v2ray() {
 
 _wireguard() {
 	if [ -n "$(systemctl -a | grep 'wg')" ]; then
-		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null
-		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null
+		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
+		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
 	fi
 }
 
@@ -119,7 +119,7 @@ _lan_route() {
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
 					fi
 				done
 			fi
@@ -135,11 +135,11 @@ _gre_tunnels() {
 				. "$(readlink -f "$intf")"
 				iface="$(basename $intf)"
 				if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
-					[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface 2>&1 >/dev/null
-					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null
-					ip link set $iface up 2>&1 >/dev/null
-					ip addr add $LOCALIP dev $iface 2>&1 >/dev/null
-					ip route add $NETWORK dev $iface onlink 2>&1 >/dev/null
+					[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
+					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
+					ip link set $iface up >/dev/null 2>&1
+					ip addr add $LOCALIP dev $iface >/dev/null 2>&1
+					ip route add $NETWORK dev $iface onlink >/dev/null 2>&1
 				fi
 			fi
 		done
@@ -148,33 +148,33 @@ _gre_tunnels() {
 
 _openvpn_bonding() {
 	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
-		echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null
-		ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding1 up 2>&1 >/dev/null
-		ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding2 up 2>&1 >/dev/null
-		ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding3 up 2>&1 >/dev/null
-		ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding4 up 2>&1 >/dev/null
-		ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding5 up 2>&1 >/dev/null
-		ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding6 up 2>&1 >/dev/null
-		ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding7 up 2>&1 >/dev/null
-		ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
-		ip link set ovpnbonding8 up 2>&1 >/dev/null
-		ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
-		ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
-		ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
-		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null
+		echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
+		ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding1 up >/dev/null 2>&1
+		ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding2 up >/dev/null 2>&1
+		ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding3 up >/dev/null 2>&1
+		ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding4 up >/dev/null 2>&1
+		ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding5 up >/dev/null 2>&1
+		ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding6 up >/dev/null 2>&1
+		ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding7 up >/dev/null 2>&1
+		ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
+		ip link set ovpnbonding8 up >/dev/null 2>&1
+		ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
+		ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
+		ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
+		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
 	fi
 }
 
-sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null
-modprobe bonding 2>&1 >/dev/null
-ip link add omr-bonding type bond 2>&1 >/dev/null
+sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
+modprobe bonding >/dev/null 2>&1
+ip link add omr-bonding type bond >/dev/null 2>&1
 #[ -n "$(uname -r | grep '6.1')" ] && {
 #	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
 #}
diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
index 0aff68b..6198b64 100644
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@@ -8,7 +8,7 @@ proto tcp-server
 port 65301
 persist-tun
 persist-key
-duplicate-cn
+#duplicate-cn
 verb 3
 server 10.255.252.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf
index a89b527..ada8114 100644
--- a/openvpn-tun1.6.1.conf
+++ b/openvpn-tun1.6.1.conf
@@ -25,5 +25,5 @@ tls-version-min 1.2
 push "route 10.255.250.1 255.255.255.255"
 client-config-dir ccd
 #ifconfig-pool-persist ccd/ipp_udp.txt
-fast-io
+#fast-io
 passtos

From 4e16d813bf6b65b3eeff49fb82fb0adc6a7456f6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 31 Jul 2024 11:00:49 +0000
Subject: [PATCH 142/164] Add kernel 6.10 support and fail2ban

---
 debian9-x86_64.sh | 149 +++++++++++++++++++++++++++++++---------------
 1 file changed, 101 insertions(+), 48 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 57a9ec1..197bb2b 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Copyright (C) 2018-2024 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 #
 # This is free software, licensed under the GNU General Public License v3 or later.
 # See /LICENSE for more information.
@@ -8,7 +8,7 @@
 
 KERNEL=${KERNEL:-5.4}
 UPSTREAM=${UPSTREAM:-no}
-[ "$UPSTREAM" = "yes" ] && KERNEL="5.15"
+[ "$UPSTREAM" = "yes" ] && KERNEL="6.1"
 UPSTREAM6=${UPSTREAM6:-no}
 [ "$UPSTREAM6" = "yes" ] && KERNEL="6.1"
 SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
@@ -37,8 +37,10 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 UBOND=${UBOND:-no}
 UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 OPENVPN=${OPENVPN:-yes}
+OPENVPN_BONDING=${OPENVPN_BONDING:-yes}
 DSVPN=${DSVPN:-yes}
 WIREGUARD=${WIREGUARD:-yes}
+FAIL2BAN=${FAIL2BAN:-yes}
 SOURCES=${SOURCES:-no}
 if [ "$KERNEL" != "5.4" ]; then
 	SOURCES="yes"
@@ -54,11 +56,11 @@ INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=d
 KERNEL_VERSION="5.4.207"
 KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
-if [ "$KERNEL" = "5.15" ]; then
-	KERNEL_VERSION="5.15.57"
-	KERNEL_PACKAGE_VERSION="1.6"
-	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
-fi
+#if [ "$KERNEL" = "5.15" ]; then
+#	KERNEL_VERSION="5.15.57"
+#	KERNEL_PACKAGE_VERSION="1.6"
+#	KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}"
+#fi
 if [ "$KERNEL" = "6.1" ]; then
 	KERNEL_VERSION="6.1.0"
 	KERNEL_PACKAGE_VERSION="1.30"
@@ -75,8 +77,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="21d071ebece556f3114c18ed9e86414ea6c85e1c"
-OMR_ADMIN_BINARY_VERSION="0.11+20240704"
+OMR_ADMIN_VERSION="9e86294e416ad7bdc812a941c7cc89f97b90315d"
+OMR_ADMIN_BINARY_VERSION="0.12+20240725"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -113,8 +115,8 @@ echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
 # Check Kernel
-if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then
-	echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported"
+if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ]; then
+	echo "Only kernels 5.4, 6.1, 6.6 and 6.10 are currently supported"
 	exit 1
 fi
 
@@ -240,7 +242,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="10"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Debian 10 Buster to Debian 11 Bullseye"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
@@ -251,7 +253,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="11"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Debian 11 Bullseye to Debian 12 Bookworm"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
@@ -271,7 +273,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
-if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then
+if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
 	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
 	apt-get -y -f --force-yes --allow-downgrades upgrade
 	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
@@ -444,6 +446,29 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 
+#	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
+#	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
+#	apt-get update
+#	apt-get -y install linux-xanmod-lts-x64v3
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
+elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then
+	# awk command from xanmod website
+	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
+	if [ "$PSABI" = "x64v1" ]; then
+		echo "psABI x86-64-v1 not supported by Xanmod kernel 6.10, use an older kernel"
+		exit 0
+	fi
+	KERNEL_VERSION="6.10.2"
+	KERNEL_REV="0~20240728.gae7b555"
+	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
+	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+
 #	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
 #	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
 #	apt-get update
@@ -681,6 +706,10 @@ fi
 if systemctl -q is-active omr-admin.service; then
 	systemctl -q stop omr-admin > /dev/null 2>&1
 fi
+if systemctl -q is-active omr-admin-ipv6.service; then
+	systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1
+	systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1
+fi
 
 if [ "$OMR_ADMIN" = "yes" ]; then
 	echo 'Install OpenMPTCProuter VPS Admin'
@@ -735,14 +764,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	#pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr
 	#pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U
 	if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then
-		pip3 -q install netjsonconfig --break-system-packages
+		#pip3 -q install netjsonconfig --break-system-packages
 		pip3 -q install fastapi -U --break-system-packages
 		pip3 -q install jsonschema -U --break-system-packages
 		pip3 -q install python-multipart jinja2 -U --break-system-packages
 		pip3 -q install starlette --break-system-packages
 		pip3 -q install starlette --break-system-packages
 	else
-		pip3 -q install netjsonconfig
+		#pip3 -q install netjsonconfig
 		if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then
 			pip3 -q install fastapi==0.99.1 -U
 		else
@@ -761,7 +790,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	mkdir -p /var/opt/openmptcprouter
 	if [ "$SOURCES" = "yes" ]; then
 		wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in
-		wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
+		#wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in
 		wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip
 		cd /tmp
 		unzip -q -o openmptcprouter-vps-admin.zip
@@ -812,27 +841,31 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	chmod 644 /lib/systemd/system/omr-admin.service
-	chmod 644 /lib/systemd/system/omr-admin-ipv6.service
+	#chmod 644 /lib/systemd/system/omr-admin-ipv6.service
 	#[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py
-	[ "$(ip -6 a)" != "" ] && {
-		systemctl enable omr-admin-ipv6.service
-	}
+	#[ "$(ip -6 a)" != "" ] && {
+	#	systemctl enable omr-admin-ipv6.service
+	#}
 	systemctl enable omr-admin.service
 	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable omr-admin.service >/dev/null 2>&1
-		[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
+		#[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
+	fi
+	if systemctl -q is-active omr-admin-ipv6.service; then
+		systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1
+		systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1
 	fi
 fi
 
 # Get shadowsocks optimization
 if [ "$LOCALFILES" = "no" ]; then
-	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf
 	else
 		wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf
 	fi
 else
-	if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then
+	if [ "$KERNEL" != "5.4" ]; then
 		cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf
 	else
 		cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf
@@ -1336,6 +1369,20 @@ if [ "$WIREGUARD" = "yes" ]; then
 	echo "Install wireguard done"
 fi
 
+if systemctl -q is-active fail2ban.service; then
+	systemctl -q stop fail2ban > /dev/null 2>&1
+	systemctl -q disable fail2ban > /dev/null 2>&1
+fi
+if [ "$FAIL2BAN" = "yes" ]; then
+	echo "Install Fail2ban"
+	rm -f /var/lib/dpkg/lock
+	rm -f /var/lib/dpkg/lock-frontend
+	apt-get -y install fail2ban
+	systemctl enable fail2ban
+	wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf
+	echo "Install Fail2ban done"
+fi
+
 if systemctl -q is-active openvpn-server@tun0.service; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
@@ -1417,14 +1464,16 @@ if [ "$OPENVPN" = "yes" ]; then
 			wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf
 			wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf
 		fi
-		wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
-		wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
-		wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
-		wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
-		wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
-		wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
-		wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
-		wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
+		if [ "$OPENVPN_BONDING" = "yes" ]; then
+			wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf
+			wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf
+			wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf
+			wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf
+			wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf
+			wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf
+			wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf
+			wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf
+		fi
 	else
 		if [ "$KERNEL" != "5.4" ]; then
 			cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf
@@ -1433,14 +1482,16 @@ if [ "$OPENVPN" = "yes" ]; then
 			cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf
 			cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf
 		fi
-		cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
-		cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
-		cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
-		cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
-		cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
-		cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
-		cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
-		cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
+		if [ "$OPENVPN_BONDING" = "yes" ]; then
+			cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf
+			cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf
+			cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf
+			cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf
+			cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf
+			cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf
+			cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf
+			cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
+		fi
 	fi
 	mkdir -p /etc/openvpn/ccd
 	if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then
@@ -1455,14 +1506,16 @@ if [ "$OPENVPN" = "yes" ]; then
 	if [ "$KERNEL" != "5.4" ]; then
 		mptcpize enable openvpn@tun0 >/dev/null 2>&1
 	fi
-	systemctl enable openvpn@bonding1.service
-	systemctl enable openvpn@bonding2.service
-	systemctl enable openvpn@bonding3.service
-	systemctl enable openvpn@bonding4.service
-	systemctl enable openvpn@bonding5.service
-	systemctl enable openvpn@bonding6.service
-	systemctl enable openvpn@bonding7.service
-	systemctl enable openvpn@bonding8.service
+	if [ "$OPENVPN_BONDING" = "yes" ]; then
+		systemctl enable openvpn@bonding1.service
+		systemctl enable openvpn@bonding2.service
+		systemctl enable openvpn@bonding3.service
+		systemctl enable openvpn@bonding4.service
+		systemctl enable openvpn@bonding5.service
+		systemctl enable openvpn@bonding6.service
+		systemctl enable openvpn@bonding7.service
+		systemctl enable openvpn@bonding8.service
+	fi
 fi
 
 echo 'Glorytun UDP'

From 6aa0d0388860a54295bfb10c068fcebdb002c3a9 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 31 Jul 2024 11:01:55 +0000
Subject: [PATCH 143/164] Update URL for default update script

---
 omr-update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-update b/omr-update
index ff2e201..6c3a094 100755
--- a/omr-update
+++ b/omr-update
@@ -1,6 +1,6 @@
 #!/bin/sh
 if [ -f /etc/openmptcprouter-vps-admin/update ]; then
-        wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh
+        wget -O - http://www.openmptcprouter.com/server/debian.sh | sh
         rm -f /etc/openmptcprouter-vps-admin/update
         reboot
 fi

From 654e1a1335f10cf9af83a0c6e0a47bcaff9c62a4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 31 Jul 2024 11:02:21 +0000
Subject: [PATCH 144/164] Change in kernel settings

---
 shadowsocks.6.1.conf | 30 ++++++++++++++++++++----------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf
index d3cd55a..7828850 100644
--- a/shadowsocks.6.1.conf
+++ b/shadowsocks.6.1.conf
@@ -2,18 +2,18 @@
 # max open files
 fs.file-max = 512000
 # max read buffer
-net.core.rmem_max = 16777216
+net.core.rmem_max = 7500000
 # max write buffer
-net.core.wmem_max = 16777216
+net.core.wmem_max = 7500000
 #net.core.optmem_max = 33554432
 # default read buffer
 #net.core.rmem_default = 16777216
 # default write buffer
 #net.core.wmem_default = 16777216
 # max processor input queue
-net.core.netdev_max_backlog = 4096
+net.core.netdev_max_backlog = 10000
 # max backlog
-net.core.somaxconn = 4096
+net.core.somaxconn = 16384
 
 # resist SYN flood attacks
 net.ipv4.tcp_syncookies = 1
@@ -30,24 +30,27 @@ net.ipv4.tcp_keepalive_time = 7200
 # outbound port range
 net.ipv4.ip_local_port_range = 9999 65000
 # max SYN backlog
-net.ipv4.tcp_max_syn_backlog = 10240
+net.ipv4.tcp_max_syn_backlog = 4096
 # max timewait sockets held by system simultaneously
-net.ipv4.tcp_max_tw_buckets = 10000
+net.ipv4.tcp_max_tw_buckets = 16384
 # turn on TCP Fast Open on both client and server side
 net.ipv4.tcp_fastopen = 3
 # TCP buffer
-net.ipv4.tcp_mem = 1638400 1638400 1638400
+net.ipv4.tcp_mem = 409600 819200 1638400
 # UDP buffer
-#net.ipv4.udp_mem = 4096 87380 16777216
+net.ipv4.udp_mem = 4096 87380 16777216
 # TCP receive buffer
 net.ipv4.tcp_rmem = 4096 87380 16777216
 # TCP write buffer
 net.ipv4.tcp_wmem = 4096 87380 16777216
 # turn on path MTU discovery
 net.ipv4.tcp_mtu_probing = 0
+# 1/8 * available memory in receive buffer
+net.ipv4.tcp_adv_win_scale=-3
+# limits the size of unsent bytes in the write queue
+net.ipv4.tcp_notsent_lowat = 131072
 
 # for low-latency network, use cubic instead
-net.ipv4.tcp_congestion_control = bbr
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 524288
@@ -58,10 +61,17 @@ net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.default.log_martians = 0
 
 # MPTCP settings
+net.ipv4.tcp_ecn = 2
 net.mptcp.checksum_enabled = 0
 net.mptcp.add_addr_timeout = 120
 net.mptcp.allow_join_initial_addr_port = 1
 net.mptcp.enabled = 1
 net.mptcp.pm_type = 0
 net.mptcp.stale_loss_cnt = 4
-net.ipv4.tcp_ecn = 2
+net.mptcp.mptcp_checksum=0
+net.mptcp.mptcp_path_manager=fullmesh
+net.mptcp.mptcp_scheduler=mptcp_burst
+net.mptcp.mptcp_syn_retries=4
+net.mptcp.mptcp_version=1
+net.mptcp.checksum_enabled=0
+net.ipv4.tcp_congestion_control=bbr
\ No newline at end of file

From 5abd262382ddbd9f076c478555f4786c918d4a30 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Thu, 1 Aug 2024 07:55:38 +0000
Subject: [PATCH 145/164] Add missing files

---
 fail2ban-jail-openmptcprouter.conf | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 fail2ban-jail-openmptcprouter.conf

diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf
new file mode 100644
index 0000000..53f499b
--- /dev/null
+++ b/fail2ban-jail-openmptcprouter.conf
@@ -0,0 +1,6 @@
+[DEFAULT]
+backend = systemd
+banaction = shorewall
+
+[sshd]
+enabled = true

From b76adb8a2441d94ef8c6c877dda91ef2dd12ef31 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 9 Aug 2024 15:35:17 +0000
Subject: [PATCH 146/164] Update omr-admin API, add gre-tunnel and lan-routes
 as options, add OpenVPN to fail2ban

---
 debian9-x86_64.sh                  | 35 +++++++++++++++++++++---------
 fail2ban-filter-openvpn.conf       | 10 +++++++++
 fail2ban-jail-openmptcprouter.conf | 15 +++++++++++++
 omr-service                        | 11 ++++++++--
 4 files changed, 59 insertions(+), 12 deletions(-)
 create mode 100644 fail2ban-filter-openvpn.conf

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 197bb2b..f39e3d0 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -47,6 +47,7 @@ if [ "$KERNEL" != "5.4" ]; then
 fi
 NOINTERNET=${NOINTERNET:-no}
 GRETUNNELS=${GRETUNNELS:-yes}
+LANROUTES=${LANROUTES:-yes}
 REINSTALL=${REINSTALL:-yes}
 SPEEDTEST=${SPEEDTEST:-yes}
 IPERF=${IPERF:-yes}
@@ -77,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="9e86294e416ad7bdc812a941c7cc89f97b90315d"
-OMR_ADMIN_BINARY_VERSION="0.12+20240725"
+OMR_ADMIN_VERSION="24030b76868296c5869cfa8a032fd43c7d60df39"
+OMR_ADMIN_BINARY_VERSION="0.12+20240802"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -835,10 +836,18 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	[ "$NOINTERNET" = "yes" ] && {
-		sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+		jq '. + {internet: false}' omr-admin-config.json > omr-admin-config.json.tmp
+		mv omr-admin-config.json.tmp omr-admin-config.json
+		#sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	[ "$GRETUNNELS" = "no" ] && {
-		sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+		jq '. + {gre_tunnels: false}' omr-admin-config.json > omr-admin-config.json.tmp
+		mv omr-admin-config.json.tmp omr-admin-config.json
+		#sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
+	}
+	[ "$LANROUTES" = "no" ] && {
+		jq '. + {lan_routes: false}' omr-admin-config.json > omr-admin-config.json.tmp
+		mv omr-admin-config.json.tmp omr-admin-config.json
 	}
 	chmod 644 /lib/systemd/system/omr-admin.service
 	#chmod 644 /lib/systemd/system/omr-admin-ipv6.service
@@ -1380,6 +1389,7 @@ if [ "$FAIL2BAN" = "yes" ]; then
 	apt-get -y install fail2ban
 	systemctl enable fail2ban
 	wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf
+	wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf
 	echo "Install Fail2ban done"
 fi
 
@@ -1767,8 +1777,10 @@ if [ "$update" = "0" ]; then
 	fi
 	tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
 	rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
-	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
-	systemctl enable shorewall
+	if [ -n "$INTERFACE" ]; then
+		sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
+		systemctl enable shorewall
+	fi
 	if [ "$LOCALFILES" = "no" ]; then
 		wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz
 	else
@@ -1776,8 +1788,10 @@ if [ "$update" = "0" ]; then
 	fi
 	tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
 	rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
-	sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/*
-	systemctl enable shorewall6
+	if [ -n "$INTERFACE6" ]; then
+		sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/*
+		systemctl enable shorewall6
+	fi
 else
 	# Update only needed firewall files
 	if [ "$LOCALFILES" = "no" ]; then
@@ -2117,10 +2131,11 @@ else
 #	fi
 	echo 'done'
 	echo 'Restarting shorewall...'
-	systemctl -q restart shorewall
-	systemctl -q restart shorewall6
+	[ -n "$INTERFACE" ] && systemctl -q restart shorewall >/dev/null 2>&1 || true
+	[ -n "$INTERFACE6" ] && systemctl -q restart shorewall6 >/dev/null 2>&1 || true
 	echo 'done'
 	echo '===================================================================================='
 	echo '\033[1m  /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m'
 	echo '===================================================================================='
 fi
+exit 0
\ No newline at end of file
diff --git a/fail2ban-filter-openvpn.conf b/fail2ban-filter-openvpn.conf
new file mode 100644
index 0000000..1a53b2f
--- /dev/null
+++ b/fail2ban-filter-openvpn.conf
@@ -0,0 +1,10 @@
+[INCLUDES]
+before = common.conf
+
+[Definition] 
+_daemon = ovpn-server
+failregex =%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Auth Error:.*
+           %(__prefix_line)s<HOST>:[0-9]{4,5} VERIFY ERROR:.*
+           %(__prefix_line)s<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
+           %(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}
+maxlines = 1
diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf
index 53f499b..45cf34d 100644
--- a/fail2ban-jail-openmptcprouter.conf
+++ b/fail2ban-jail-openmptcprouter.conf
@@ -4,3 +4,18 @@ banaction = shorewall
 
 [sshd]
 enabled = true
+
+[openvpn_tcp]
+enabled = true
+port = 65301
+protocol = tcp
+filter = openvpn
+maxretry = 5
+
+[openvpn_udp]
+enabled = true
+port = 65301
+protocol = udp
+filter = openvpn
+maxretry = 5
+
diff --git a/omr-service b/omr-service
index be312e1..4c28eba 100755
--- a/omr-service
+++ b/omr-service
@@ -114,12 +114,15 @@ _lan_route() {
 	while IFS=$"\n" read -r c; do
 		if [ -n "$c" ]; then
 			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
+			username=$(echo "$c" | jq -r '.username')
 			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
 				echo "$c" | jq -c -r '.lanips[]? //empty' | 
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+						netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
 						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
+						[ -n "$network" ] && [ -n "$netmask" ] && [ -z "$(grep ${network} /etc/openvpn/cdd/${username})" ] && echo "iroute $network $netmask" >> /etc/openvpn/ccd/${username}
 					fi
 				done
 			fi
@@ -178,6 +181,10 @@ ip link add omr-bonding type bond >/dev/null 2>&1
 #[ -n "$(uname -r | grep '6.1')" ] && {
 #	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
 #}
+
+gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
+lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
+
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
@@ -189,8 +196,8 @@ while true; do
 	_wireguard
 	_multipath
 	_omr_api
-	_lan_route
-	_gre_tunnels
+	[ "$lan_routes" != "false" ] && _lan_route
+	[ "$gre_tunnels" != "false" ] && _gre_tunnels
 	_openvpn_bonding
 	sleep 10
 done

From 93f9244e83d5dd8d6d84d2657ed68455ebb06f67 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Aug 2024 09:36:57 +0000
Subject: [PATCH 147/164] Update OMR-Admin API

---
 debian9-x86_64.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index f39e3d0..b8f93b9 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="24030b76868296c5869cfa8a032fd43c7d60df39"
-OMR_ADMIN_BINARY_VERSION="0.12+20240802"
+OMR_ADMIN_VERSION="f98c362de5ee224e125378ee641b6c5d5db0e7e9"
+OMR_ADMIN_BINARY_VERSION="0.12+20240827"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"

From c06b6ac75f76999b6dbacadcf4cf146bceb2f67e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Aug 2024 09:37:31 +0000
Subject: [PATCH 148/164] Better check if VPN are installed or not for
 OMR-Service

---
 omr-service | 75 ++++++++++++++++++++++++++++++++---------------------
 1 file changed, 45 insertions(+), 30 deletions(-)

diff --git a/omr-service b/omr-service
index 4c28eba..80250ba 100755
--- a/omr-service
+++ b/omr-service
@@ -20,7 +20,8 @@ _multipath() {
 }
 
 _glorytun_udp() {
-	if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
+	#if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
+	if systemctl list-unit-files glorytun-udp@.service >/dev/null; then
 		[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
 			logger -t "OMR-Service" "Restart Glorytun-UDP"
 			systemctl -q restart 'glorytun-udp@*'
@@ -34,7 +35,8 @@ _glorytun_udp() {
 }
 
 _glorytun_tcp() {
-	if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
+	#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
+	if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
 		for intf in /etc/glorytun-tcp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
 		done
@@ -53,49 +55,61 @@ _glorytun_tcp() {
 }
 
 _dsvpn() {
-	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
-	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
-		localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
-		[ -z "$localip" ] && localip="10.255.251.1"
-		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
-		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
-			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
-			systemctl restart dsvpn-server@dsvpn0
+	#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
+	if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
+		[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
+		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
+			localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
+			[ -z "$localip" ] && localip="10.255.251.1"
+			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
+				logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
+				systemctl restart dsvpn-server@dsvpn0
+			fi
+			#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
 		fi
-		#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
 	fi
 }
 
 _shadowsocks() {
-	[ -n "$(systemctl -a | grep 'shadowsocks-libev')" ] && [ -z "$(pgrep ss-server)" ] && {
-		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
-		systemctl restart shadowsocks-libev-manager@manager
-	}
+	if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
+		[ -z "$(pgrep ss-server)" ] && {
+			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
+			systemctl restart shadowsocks-libev-manager@manager
+		}
+	fi
 }
 
 _shadowsocks_go() {
-	[ -n "$(systemctl -a | grep 'shadowsocks-go')" ] && [ -z "$(pgrep shadowsocks-go)" ] && {
-		logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
-		systemctl restart shadowsocks-go
-	}
+	if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
+		[ -z "$(pgrep shadowsocks-go)" ] && {
+			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
+			systemctl restart shadowsocks-go
+		}
+	fi
 }
 
 _xray() {
-	[ -n "$(systemctl -a | grep 'xray')" ] && [ -z "$(pgrep xray)" ] && {
-		logger -t "OMR-Service" "ss-server not detected, restart XRay"
-		systemctl restart xray
-	}
+	if systemctl list-unit-files xray.service >/dev/null; then
+		[ -z "$(pgrep xray)" ] && {
+			logger -t "OMR-Service" "ss-server not detected, restart XRay"
+			systemctl restart xray
+		}
+	fi
 }
 
 _v2ray() {
-	[ -n "$(systemctl -a | grep 'v2ray')" ] && [ -z "$(pgrep v2ray)" ] && {
-		logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
-		systemctl restart v2ray
-	}
+	if systemctl list-unit-files v2ray.service >/dev/null; then
+		[ -z "$(pgrep v2ray)" ] && {
+			logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
+			systemctl restart v2ray
+		}
+	fi
 }
 
 _wireguard() {
-	if [ -n "$(systemctl -a | grep 'wg')" ]; then
+	#if [ -n "$(systemctl -a | grep 'wg')" ]; then
+	if systemctl list-unit-files wg-quick@.service >/dev/null; then
 		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
 		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
 	fi
@@ -120,9 +134,10 @@ _lan_route() {
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+						networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
 						netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
 						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
-						[ -n "$network" ] && [ -n "$netmask" ] && [ -z "$(grep ${network} /etc/openvpn/cdd/${username})" ] && echo "iroute $network $netmask" >> /etc/openvpn/ccd/${username}
+						[ -n "$networkonly" ] && [ -n "$netmask" ] && [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ] && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
 					fi
 				done
 			fi
@@ -150,7 +165,7 @@ _gre_tunnels() {
 }
 
 _openvpn_bonding() {
-	if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
+	if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
 		echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
 		ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding1 up >/dev/null 2>&1

From c0e0e19b6c6e18035801f4ad77a667b3c655b264 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 28 Aug 2024 09:37:58 +0000
Subject: [PATCH 149/164] No need for client-config-dir on OpenVPN UDP

---
 openvpn-tun1.6.1.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf
index ada8114..c9144dd 100644
--- a/openvpn-tun1.6.1.conf
+++ b/openvpn-tun1.6.1.conf
@@ -23,7 +23,7 @@ tun-mtu 1420
 tls-server
 tls-version-min 1.2
 push "route 10.255.250.1 255.255.255.255"
-client-config-dir ccd
+#client-config-dir ccd
 #ifconfig-pool-persist ccd/ipp_udp.txt
 #fast-io
 passtos

From c635b0a1b6c845421936ce97130fc4ba53c6939e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 7 Oct 2024 09:29:20 +0000
Subject: [PATCH 150/164] Sync with server

---
 debian9-x86_64.sh     | 56 ++++++++++++++++++++++++++++++++++++-------
 openvpn-bonding1.conf |  1 +
 openvpn-bonding2.conf |  1 +
 openvpn-bonding3.conf |  1 +
 openvpn-bonding4.conf |  1 +
 openvpn-bonding5.conf |  1 +
 openvpn-bonding6.conf |  1 +
 openvpn-bonding7.conf |  1 +
 openvpn-bonding8.conf |  1 +
 openvpn-tun0.6.1.conf |  1 +
 openvpn-tun1.6.1.conf |  1 +
 11 files changed, 58 insertions(+), 8 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index b8f93b9..e15eb86 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -78,14 +78,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="f98c362de5ee224e125378ee641b6c5d5db0e7e9"
-OMR_ADMIN_BINARY_VERSION="0.12+20240827"
+OMR_ADMIN_VERSION="b31e764e7b6159b748b3b176bc26395e051a1f38"
+OMR_ADMIN_BINARY_VERSION="0.12+20240920"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
-XRAY_VERSION="1.8.6"
+XRAY_VERSION="1.8.24"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -116,8 +116,8 @@ echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
 # Check Kernel
-if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ]; then
-	echo "Only kernels 5.4, 6.1, 6.6 and 6.10 are currently supported"
+if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ]; then
+	echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported"
 	exit 1
 fi
 
@@ -217,6 +217,9 @@ fi
 }
 
 echo "Remove lock and update packages list..."
+rm -f /etc/apt/sources.list.d/xanmod*
+rm -f /etc/apt/trusted.gpg.d/xanmod*
+
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -470,6 +473,29 @@ elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 
+#	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
+#	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
+#	apt-get update
+#	apt-get -y install linux-xanmod-lts-x64v3
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
+elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then
+	# awk command from xanmod website
+	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
+	if [ "$PSABI" = "x64v1" ]; then
+		echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel"
+		exit 0
+	fi
+	KERNEL_VERSION="6.11.0"
+	KERNEL_REV="0~20240916.g9c60408"
+	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
+	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+
 #	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
 #	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
 #	apt-get update
@@ -904,7 +930,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then
 		fi
 		#sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
 		sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json
-		[ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
+		[ "$(ip -6 a 2>/dev/null)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json
 	elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then
 		for i in $(seq 2 $NBCPU); do
 			sed -i '0,/65101/ s/        "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json
@@ -1386,7 +1412,7 @@ if [ "$FAIL2BAN" = "yes" ]; then
 	echo "Install Fail2ban"
 	rm -f /var/lib/dpkg/lock
 	rm -f /var/lib/dpkg/lock-frontend
-	apt-get -y install fail2ban
+	apt-get -y install fail2ban python3-systemd
 	systemctl enable fail2ban
 	wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf
 	wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf
@@ -1503,6 +1529,20 @@ if [ "$OPENVPN" = "yes" ]; then
 			cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf
 		fi
 	fi
+	if [ "$(ip -6 a 2>/dev/null)" = "" ]; then
+		sed -i 's/proto tcp6-server//' /etc/openvpn.tun0.conf
+		sed -i 's/proto udp6//' /etc/openvpn.tun1.conf
+		if [ "$OPENVPN_BONDING" = "yes" ]; then
+			sed -i 's/proto udp6//' /etc/openvpn.bonding1.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding2.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding3.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding4.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding5.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding6.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding7.conf
+			sed -i 's/proto udp6//' /etc/openvpn.bonding8.conf
+		fi
+	fi
 	mkdir -p /etc/openvpn/ccd
 	if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then
 		echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt
@@ -1588,7 +1628,7 @@ if [ "$GLORYTUN_UDP" = "yes" ]; then
 		chmod 644 /lib/systemd/system/glorytun-udp@.service
 		GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')"
 	fi
-	[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
+	[ "$(ip -6 a 2>/dev/null)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0
 fi
 
 
diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf
index d675d34..45a07d7 100644
--- a/openvpn-bonding1.conf
+++ b/openvpn-bonding1.conf
@@ -2,6 +2,7 @@ dev ovpnbonding1
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65351
 persist-tun
 persist-key
diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf
index 8920940..71798b4 100644
--- a/openvpn-bonding2.conf
+++ b/openvpn-bonding2.conf
@@ -2,6 +2,7 @@ dev ovpnbonding2
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65352
 persist-tun
 persist-key
diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf
index b04099e..9614a96 100644
--- a/openvpn-bonding3.conf
+++ b/openvpn-bonding3.conf
@@ -2,6 +2,7 @@ dev ovpnbonding3
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65353
 persist-tun
 persist-key
diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf
index d977b4e..846f5dc 100644
--- a/openvpn-bonding4.conf
+++ b/openvpn-bonding4.conf
@@ -2,6 +2,7 @@ dev ovpnbonding4
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65354
 persist-tun
 persist-key
diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf
index e5866b4..aafccd3 100644
--- a/openvpn-bonding5.conf
+++ b/openvpn-bonding5.conf
@@ -2,6 +2,7 @@ dev ovpnbonding5
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65355
 persist-tun
 persist-key
diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf
index fb9ad29..30b2067 100644
--- a/openvpn-bonding6.conf
+++ b/openvpn-bonding6.conf
@@ -2,6 +2,7 @@ dev ovpnbonding6
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65356
 persist-tun
 persist-key
diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf
index f197366..c5f1fe1 100644
--- a/openvpn-bonding7.conf
+++ b/openvpn-bonding7.conf
@@ -2,6 +2,7 @@ dev ovpnbonding7
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65357
 persist-tun
 persist-key
diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf
index 2e6d7a6..dbdd11b 100644
--- a/openvpn-bonding8.conf
+++ b/openvpn-bonding8.conf
@@ -2,6 +2,7 @@ dev ovpnbonding8
 dev-type tap
 cipher AES-256-CBC
 proto udp
+proto udp6
 port 65358
 persist-tun
 persist-key
diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
index 6198b64..daa78ab 100644
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@@ -5,6 +5,7 @@ group nogroup
 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
 disable-dco
 proto tcp-server
+proto tcp6-server
 port 65301
 persist-tun
 persist-key
diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf
index c9144dd..6d91a8e 100644
--- a/openvpn-tun1.6.1.conf
+++ b/openvpn-tun1.6.1.conf
@@ -2,6 +2,7 @@ topology subnet
 dev tun1
 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
 proto udp
+proto udp6
 port 65301
 persist-tun
 persist-key

From 3ac858c56b4b22ee08ec574661f1bc61ede16cb6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 16 Oct 2024 13:42:39 +0000
Subject: [PATCH 151/164] Less output logs

---
 debian9-x86_64.sh | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index e15eb86..539f49c 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -597,7 +597,7 @@ if [ "$KERNEL" != "5.4" ]; then
 	#fi
 fi
 
-apt-get -y remove shadowsocks-libev
+apt-get -y remove shadowsocks-libev >/dev/null 2>&1
 if [ "$SHADOWSOCKS" = "yes" ]; then
 	if [ "$SOURCES" = "yes" ]; then
 		#apt -t stretch-backports -y install shadowsocks-libev
@@ -730,10 +730,10 @@ if [ "$KERNEL" = "5.4" ]; then
 		echo mptcp_blest >> /etc/modules
 	fi
 fi
-if systemctl -q is-active omr-admin.service; then
+if systemctl -q is-active omr-admin.service 2>/dev/null; then
 	systemctl -q stop omr-admin > /dev/null 2>&1
 fi
-if systemctl -q is-active omr-admin-ipv6.service; then
+if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then
 	systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1
 	systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1
 fi
@@ -886,7 +886,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 		mptcpize enable omr-admin.service >/dev/null 2>&1
 		#[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1
 	fi
-	if systemctl -q is-active omr-admin-ipv6.service; then
+	if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then
 		systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1
 		systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1
 	fi
@@ -945,7 +945,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then
 	else
 		cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service
 	fi
-	if systemctl -q is-enabled shadowsocks-libev; then
+	if systemctl -q is-enabled shadowsocks-libev 2>/dev/null; then
 		systemctl -q disable shadowsocks-libev
 	fi
 	[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service
@@ -955,7 +955,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then
 			[ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service
 		done
 	fi
-	if systemctl -q is-active shadowsocks-libev-manager@manager; then
+	if systemctl -q is-active shadowsocks-libev-manager@manager 2>/dev/null; then
 		systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1
 	fi
 fi
@@ -1044,7 +1044,7 @@ if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-lib
 	sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json
 fi
 
-if systemctl -q is-active shadowsocks-go.service; then
+if systemctl -q is-active shadowsocks-go.service 2>/dev/null; then
 	systemctl -q stop shadowsocks-go > /dev/null 2>&1
 	systemctl -q disable shadowsocks-go > /dev/null 2>&1
 fi
@@ -1086,7 +1086,7 @@ if [ "$SHADOWSOCKS_GO" = "yes" ]; then
 fi
 
 
-if systemctl -q is-active v2ray.service; then
+if systemctl -q is-active v2ray.service 2>/dev/null; then
 	systemctl -q stop v2ray > /dev/null 2>&1
 	systemctl -q disable v2ray > /dev/null 2>&1
 fi
@@ -1159,7 +1159,7 @@ if [ "$V2RAY" = "yes" ]; then
 	#fi
 fi
 
-if systemctl -q is-active xray.service; then
+if systemctl -q is-active xray.service 2>/dev/null; then
 	systemctl -q stop xray > /dev/null 2>&1
 	systemctl -q disable xray > /dev/null 2>&1
 fi
@@ -1233,7 +1233,7 @@ if [ "$XRAY" = "yes" ]; then
 	systemctl enable xray.service
 fi
 
-if systemctl -q is-active mlvpn@mlvpn0.service; then
+if systemctl -q is-active mlvpn@mlvpn0.service 2>/dev/null; then
 	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
 	systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1
 fi
@@ -1295,7 +1295,7 @@ if [ "$MLVPN" = "yes" ]; then
 	systemctl enable systemd-networkd.service
 	echo "install mlvpn done"
 fi
-if systemctl -q is-active ubond@ubond0.service; then
+if systemctl -q is-active ubond@ubond0.service 2>/dev/null; then
 	systemctl -q stop ubond@ubond0 > /dev/null 2>&1
 	systemctl -q disable ubond@ubond0 > /dev/null 2>&1
 fi
@@ -1351,7 +1351,7 @@ if [ "$UBOND" = "yes" ]; then
 	echo "install ubond done"
 fi
 
-if systemctl -q is-active wg-quick@wg0.service; then
+if systemctl -q is-active wg-quick@wg0.service 2>/dev/null; then
 	systemctl -q stop wg-quick@wg0 > /dev/null 2>&1
 	systemctl -q disable wg-quick@wg0 > /dev/null 2>&1
 fi
@@ -1404,7 +1404,7 @@ if [ "$WIREGUARD" = "yes" ]; then
 	echo "Install wireguard done"
 fi
 
-if systemctl -q is-active fail2ban.service; then
+if systemctl -q is-active fail2ban.service 2>/dev/null; then
 	systemctl -q stop fail2ban > /dev/null 2>&1
 	systemctl -q disable fail2ban > /dev/null 2>&1
 fi
@@ -1419,7 +1419,7 @@ if [ "$FAIL2BAN" = "yes" ]; then
 	echo "Install Fail2ban done"
 fi
 
-if systemctl -q is-active openvpn-server@tun0.service; then
+if systemctl -q is-active openvpn-server@tun0.service 2>/dev/null; then
 	systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1
 	systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1
 fi
@@ -1570,7 +1570,7 @@ fi
 
 echo 'Glorytun UDP'
 # Install Glorytun UDP
-if systemctl -q is-active glorytun-udp@tun0.service; then
+if systemctl -q is-active glorytun-udp@tun0.service 2>/dev/null; then
 	systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1
 fi
 if [ "$GLORYTUN_UDP" = "yes" ]; then
@@ -1639,7 +1639,7 @@ systemctl enable chrony
 if [ "$DSVPN" = "yes" ]; then
 	echo 'A Dead Simple VPN'
 	# Install A Dead Simple VPN
-	if systemctl -q is-active dsvpn-server.service; then
+	if systemctl -q is-active dsvpn-server.service 2>/dev/null; then
 		systemctl -q disable dsvpn-server > /dev/null 2>&1
 		systemctl -q stop dsvpn-server > /dev/null 2>&1
 	fi
@@ -1681,7 +1681,7 @@ if [ "$DSVPN" = "yes" ]; then
 fi
 
 # Install Glorytun TCP
-if systemctl -q is-active glorytun-tcp@tun0.service; then
+if systemctl -q is-active glorytun-tcp@tun0.service 2>/dev/null; then
 	systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1
 fi
 if [ "$GLORYTUN_TCP" = "yes" ]; then
@@ -1788,7 +1788,7 @@ chmod 755 /usr/local/bin/omr-6in4-run
 chmod 644 /lib/systemd/system/omr-bypass.service
 chmod 644 /lib/systemd/system/omr-bypass.timer
 systemctl daemon-reload
-if systemctl -q is-active omr-6in4.service; then
+if systemctl -q is-active omr-6in4.service 2>/dev/null; then
 	systemctl -q stop omr-6in4 > /dev/null 2>&1
 	systemctl -q disable omr-6in4 > /dev/null 2>&1
 fi

From 455f3c86d86f47dd3296954b4488582427e2bdd6 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 16 Oct 2024 13:43:00 +0000
Subject: [PATCH 152/164] Enable FastOpen on Shadowsocks-go

---
 shadowsocks-go.server.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json
index fd5731e..f6bd1ed 100644
--- a/shadowsocks-go.server.json
+++ b/shadowsocks-go.server.json
@@ -7,13 +7,13 @@
             {
                 "network": "tcp",
                 "address": ":65280",
-                "fastOpen": false,
+                "fastOpen": true,
                 "reusePort": false,
                 "multipath": true
             }
             ],
             "enableTCP": true,
-            "listenerTFO": false,
+            "listenerTFO": true,
             "enableUDP": true,
             "mtu": 1500,
             "psk": "PSK",

From 3b4f875051892fd68a280b84cce91f2adda2d306 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 23 Oct 2024 06:11:05 +0000
Subject: [PATCH 153/164] Update OMR admin, omr-service and shadowsocks-go

---
 debian9-x86_64.sh | 6 +++---
 omr-service       | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 539f49c..2ca9e36 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="b31e764e7b6159b748b3b176bc26395e051a1f38"
-OMR_ADMIN_BINARY_VERSION="0.12+20240920"
+OMR_ADMIN_VERSION="371ce38ec213fb6d18b79a91e5aa354ea36b649f"
+OMR_ADMIN_BINARY_VERSION="0.13+20241016"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -93,7 +93,7 @@ EASYRSA_VERSION="3.0.6"
 #fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
-SHADOWSOCKS_GO_VERSION="1.8.0"
+SHADOWSOCKS_GO_VERSION="1.11.3"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
diff --git a/omr-service b/omr-service
index 80250ba..12800ed 100755
--- a/omr-service
+++ b/omr-service
@@ -124,7 +124,7 @@ _omr_api() {
 }
 
 _lan_route() {
-	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' |
+	jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
 	while IFS=$"\n" read -r c; do
 		if [ -n "$c" ]; then
 			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')

From 458b472a78f37dd83cb8c4834bb594fe9bc03f73 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 30 Oct 2024 14:58:01 +0000
Subject: [PATCH 154/164] Update OMR-Admin, for update to Debian 12 and fix
 when IPv6 is disabled

---
 debian9-x86_64.sh | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 2ca9e36..6437553 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="371ce38ec213fb6d18b79a91e5aa354ea36b649f"
-OMR_ADMIN_BINARY_VERSION="0.13+20241016"
+OMR_ADMIN_VERSION="8caecd236d8d8239e7d77fa3f6de62619bd564ee"
+OMR_ADMIN_BINARY_VERSION="0.14+20241025"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -102,7 +102,7 @@ VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}
 
-OMR_VERSION="0.1031-test"
+OMR_VERSION="0.1032-test"
 
 DIR=$( pwd )
 #"
@@ -246,21 +246,23 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="10"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Debian 10 Buster to Debian 11 Bullseye"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	sed -i 's:buster:bullseye:g' /etc/apt/sources.list
+	sed -i 's:archive:deb:g' /etc/apt/sources.list
 	sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
 	VERSION_ID="11"
 fi
-if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
+if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Debian 11 Bullseye to Debian 12 Bookworm"
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
 	apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade
+	sed -i 's:archive:deb:g' /etc/apt/sources.list
 	sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list
 	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade
@@ -277,7 +279,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
 fi
-if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then
+if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then
 	echo "Update Ubuntu 20.04 to Ubuntu 22.04"
 	apt-get -y -f --force-yes --allow-downgrades upgrade
 	apt-get -y -f --force-yes --allow-downgrades dist-upgrade
@@ -1530,17 +1532,17 @@ if [ "$OPENVPN" = "yes" ]; then
 		fi
 	fi
 	if [ "$(ip -6 a 2>/dev/null)" = "" ]; then
-		sed -i 's/proto tcp6-server//' /etc/openvpn.tun0.conf
-		sed -i 's/proto udp6//' /etc/openvpn.tun1.conf
+		sed -i 's/proto tcp6-server//' /etc/openvpn/tun0.conf
+		sed -i 's/proto udp6//' /etc/openvpn/tun1.conf
 		if [ "$OPENVPN_BONDING" = "yes" ]; then
-			sed -i 's/proto udp6//' /etc/openvpn.bonding1.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding2.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding3.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding4.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding5.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding6.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding7.conf
-			sed -i 's/proto udp6//' /etc/openvpn.bonding8.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding1.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding2.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding3.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding4.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding5.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding6.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding7.conf
+			sed -i 's/proto udp6//' /etc/openvpn/bonding8.conf
 		fi
 	fi
 	mkdir -p /etc/openvpn/ccd

From 2a0501172fa820ec02ac0cc23ed5e8bf19aae87e Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 18 Nov 2024 10:24:10 +0000
Subject: [PATCH 155/164] Update XRay

---
 debian9-x86_64.sh | 17 ++++++++++-------
 xray-server.json  | 13 -------------
 2 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 6437553..d42dce6 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -85,7 +85,7 @@ DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
 V2RAY_VERSION="5.7.0"
 V2RAY_PLUGIN_VERSION="4.43.0"
-XRAY_VERSION="1.8.24"
+XRAY_VERSION="24.11.5"
 EASYRSA_VERSION="3.0.6"
 #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17"
 #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then
@@ -864,18 +864,18 @@ if [ "$OMR_ADMIN" = "yes" ]; then
 	sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	[ "$NOINTERNET" = "yes" ] && {
-		jq '. + {internet: false}' omr-admin-config.json > omr-admin-config.json.tmp
-		mv omr-admin-config.json.tmp omr-admin-config.json
+		jq '. + {internet: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
+		mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		#sed -i 's/"port": 65500,/"port": 65500,\n    "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	[ "$GRETUNNELS" = "no" ] && {
-		jq '. + {gre_tunnels: false}' omr-admin-config.json > omr-admin-config.json.tmp
-		mv omr-admin-config.json.tmp omr-admin-config.json
+		jq '. + {gre_tunnels: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
+		mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
 		#sed -i 's/"port": 65500,/"port": 65500,\n    "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	[ "$LANROUTES" = "no" ] && {
-		jq '. + {lan_routes: false}' omr-admin-config.json > omr-admin-config.json.tmp
-		mv omr-admin-config.json.tmp omr-admin-config.json
+		jq '. + {lan_routes: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
+		mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
 	}
 	chmod 644 /lib/systemd/system/omr-admin.service
 	#chmod 644 /lib/systemd/system/omr-admin-ipv6.service
@@ -1196,6 +1196,9 @@ if [ "$XRAY" = "yes" ]; then
 		[ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2"
 		XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n")
 		[ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2"
+		#jq -M 'del(.transport)' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+		#mv -f /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+
 	fi
 	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
diff --git a/xray-server.json b/xray-server.json
index 5db520d..3c0d0f4 100644
--- a/xray-server.json
+++ b/xray-server.json
@@ -3,19 +3,6 @@
 		"loglevel": "error",
 		"error": "/tmp/v2rayError.log"
 	},
-	"transport": {
-		"tcpSettings": {},
-		"wsSettings": {},
-		"kcpSettings": {
-			"mtu": 1460,
-			"tti": 10,
-			"uplinkCapacity": 100,
-			"downlinkCapacity": 100,
-			"congestion": false,
-			"readBufferSize": 8,
-			"writeBufferSize": 8
-		}
-	},
 	"inbounds": [
 		{
 			"tag": "omrin-tunnel",

From 4b590a13eb2f601ce544fc622da3e4a54e4f5db7 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 29 Nov 2024 14:52:55 +0000
Subject: [PATCH 156/164] Update omr-admin, add kernel 6.12 support

---
 debian9-x86_64.sh | 45 ++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 38 insertions(+), 7 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index d42dce6..bdc55f1 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -6,7 +6,7 @@
 # See /LICENSE for more information.
 #
 
-KERNEL=${KERNEL:-5.4}
+KERNEL=${KERNEL:-6.6}
 UPSTREAM=${UPSTREAM:-no}
 [ "$UPSTREAM" = "yes" ] && KERNEL="6.1"
 UPSTREAM6=${UPSTREAM6:-no}
@@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="8caecd236d8d8239e7d77fa3f6de62619bd564ee"
-OMR_ADMIN_BINARY_VERSION="0.14+20241025"
+OMR_ADMIN_VERSION="be866bf752119b3460d907f92572fcac773c1a97"
+OMR_ADMIN_BINARY_VERSION="0.14+20241125"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -116,7 +116,7 @@ echo "Check user..."
 if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi
 
 # Check Kernel
-if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ]; then
+if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ] && [ "$KERNEL" != "6.12" ]; then
 	echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported"
 	exit 1
 fi
@@ -498,6 +498,32 @@ elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then
 	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 
+#	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
+#	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
+#	apt-get update
+#	apt-get -y install linux-xanmod-lts-x64v3
+	[ -f /etc/default/grub ] && {
+		sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1
+		[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
+	}
+elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then
+	# awk command from xanmod website
+	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
+	if [ "$PSABI" = "x64v1" ]; then
+		echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel"
+		exit 0
+	fi
+	if [ "$PSABI" = "x64v4" ]; then
+		PSABI="x64v3"
+	fi
+	KERNEL_VERSION="6.12.1"
+	KERNEL_REV="0~20241122.ge695ae7"
+	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
+	dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+	dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
+
 #	wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg
 #	echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list
 #	apt-get update
@@ -1203,7 +1229,7 @@ if [ "$XRAY" = "yes" ]; then
 	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
-	#if [ ! -f /etc/xray/xray-server.json ]; then
+	if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ]; then
 		wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json
 		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
 		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
@@ -1218,8 +1244,13 @@ if [ "$XRAY" = "yes" ]; then
 		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json
 		sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json
 		sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json
-		
-	#fi
+		#for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do
+		#	if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then
+		#		jq '. + {"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+		#		mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+		#	fi
+		#done
+	fi
 	#if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
 	#	sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
 	#fi

From be6a17dcddae80dcbbc5324f9ed6715140192dfc Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 29 Nov 2024 14:53:26 +0000
Subject: [PATCH 157/164] Fix omr-service OpenVPN route setting

---
 omr-service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/omr-service b/omr-service
index 12800ed..06ea52d 100755
--- a/omr-service
+++ b/omr-service
@@ -137,7 +137,7 @@ _lan_route() {
 						networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
 						netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
 						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
-						[ -n "$networkonly" ] && [ -n "$netmask" ] && [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ] && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
+						[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
 					fi
 				done
 			fi

From c942c303843e6c27f008d74e2d8138328a592e7b Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 29 Jan 2025 13:51:48 +0000
Subject: [PATCH 158/164] Update omr-admin API, disable fastOpen, add vpn1
 management in omr-service,..

---
 debian9-x86_64.sh                |  48 +++++++++++++++++++------------
 omr-service                      |  14 +++++++++
 openmptcprouter-shorewall.tar.gz | Bin 4154 -> 4164 bytes
 openvpn-tun0.6.1.conf            |   4 +--
 openvpn-tun0.conf                |   2 +-
 shadowsocks-go.server.json       |   2 +-
 shorewall4/params.vpn            |   6 ++--
 7 files changed, 51 insertions(+), 25 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bdc55f1..719a1bf 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -54,6 +54,7 @@ IPERF=${IPERF:-yes}
 LOCALFILES=${LOCALFILES:-no}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
 INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")}
+[ -z "$INTERFACE6" ] && INTERFACE6="$INTERFACE"
 KERNEL_VERSION="5.4.207"
 KERNEL_PACKAGE_VERSION="1.22"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
@@ -71,6 +72,7 @@ GLORYTUN_UDP=${GLORYTUN_UDP:-yes}
 GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9"
 GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
 GLORYTUN_TCP=${GLORYTUN_TCP:-yes}
+# Old Glorytun TCP version if sources is not enabled...
 GLORYTUN_TCP_BINARY_VERSION="0.0.35-6"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b"
@@ -78,8 +80,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="be866bf752119b3460d907f92572fcac773c1a97"
-OMR_ADMIN_BINARY_VERSION="0.14+20241125"
+OMR_ADMIN_VERSION="530d20c6b482d491accfa4ea5dd44afa5d1eccdc"
+OMR_ADMIN_BINARY_VERSION="0.14+20241216"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -224,6 +226,7 @@ rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
 rm -f /etc/apt/sources.list.d/buster-backports.list
+rm -f /etc/apt/sources.list.d/stretch-backports.list
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
 	apt-get update
 else
@@ -509,15 +512,11 @@ elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then
 elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then
 	# awk command from xanmod website
 	PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n")
-	if [ "$PSABI" = "x64v1" ]; then
-		echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel"
-		exit 0
-	fi
 	if [ "$PSABI" = "x64v4" ]; then
 		PSABI="x64v3"
 	fi
-	KERNEL_VERSION="6.12.1"
-	KERNEL_REV="0~20241122.ge695ae7"
+	KERNEL_VERSION="6.12.10"
+	KERNEL_REV="0~20250117.g773b57f"
 	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
@@ -614,7 +613,7 @@ if [ "$KERNEL" != "5.4" ]; then
 
 	if [ "$ID" = "debian" ]; then
 		echo "MPTCPize iperf3..."
-		mptcpize enable iperf3 >/dev/null 2>&1
+		mptcpize enable iperf3 >/dev/null 2>&1 || true
 	fi
 
 	#if [ "$UPSTREAM6" = "yes" ]; then
@@ -625,8 +624,10 @@ if [ "$KERNEL" != "5.4" ]; then
 	#fi
 fi
 
-apt-get -y remove shadowsocks-libev >/dev/null 2>&1
+echo "Remove Shadowsocks-libev..."
+apt-get -y remove shadowsocks-libev >/dev/null 2>&1 || true
 if [ "$SHADOWSOCKS" = "yes" ]; then
+	echo "Install Shadowsocks-libev..."
 	if [ "$SOURCES" = "yes" ]; then
 		#apt -t stretch-backports -y install shadowsocks-libev
 		## Compile Shadowsocks
@@ -1229,7 +1230,7 @@ if [ "$XRAY" = "yes" ]; then
 	jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak
 	mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json
-	if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ]; then
+	if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ] || [ -z "$(grep -i transport /etc/xray/xray-server.json)" ]; then
 		wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json
 		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
 		sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json
@@ -1244,12 +1245,23 @@ if [ "$XRAY" = "yes" ]; then
 		sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json
 		sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json
 		sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json
-		#for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do
-		#	if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then
-		#		jq '. + {"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
-		#		mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
-		#	fi
-		#done
+		for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do
+			if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then
+				xrayid="$(/usr/bin/xray uuid)"
+				jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+				mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+				jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-vmess-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+				mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+				jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-socks-tunnel") | .settings.accounts) += [{"user": $xrayuser,"pass": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+				mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+				jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-trojan-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+				mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+				[ -e /etc/shadowsocks-go/upsks.json ] && shadowsockspass="$(jq --arg xrayuser $xrayuser -r '.[$xrayuser]' /etc/shadowsocks-go/upsks.json)"
+				[ -z "$shadowsockspass" ] && shadowsockspass=$(head -c 32 /dev/urandom | base64 -w0)
+				jq --arg xrayuser "$xrayuser" --arg shadowsockspass "$shadowsockspass" '(.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients) += [{"email": $xrayuser,"password": $shadowsockspass}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp
+				mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json
+			fi
+		done
 	fi
 	#if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then
 	#	sed -i 's/"sockopt": {/&\n                    "mptcp": true,/' /etc/xray/xray-server.json
@@ -1451,7 +1463,7 @@ if [ "$FAIL2BAN" = "yes" ]; then
 	apt-get -y install fail2ban python3-systemd
 	systemctl enable fail2ban
 	wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf
-	wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf
+	wget -O /etc/fail2ban/filter.d/openvpn.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf
 	echo "Install Fail2ban done"
 fi
 
diff --git a/omr-service b/omr-service
index 06ea52d..9021e59 100755
--- a/omr-service
+++ b/omr-service
@@ -190,6 +190,19 @@ _openvpn_bonding() {
 	fi
 }
 
+_vpn1() {
+	vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
+	[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
+	if [ -n "$vpn1route" ]; then
+		ip r del $vpn1route
+		vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
+		ip r a default via $vpngw dev vpn1 table 991337
+		for route in $(ip r show dev vpn1); do
+			ip r a $route table 991337
+		done
+	fi
+}
+
 sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
 modprobe bonding >/dev/null 2>&1
 ip link add omr-bonding type bond >/dev/null 2>&1
@@ -214,5 +227,6 @@ while true; do
 	[ "$lan_routes" != "false" ] && _lan_route
 	[ "$gre_tunnels" != "false" ] && _gre_tunnels
 	_openvpn_bonding
+	_vpn1
 	sleep 10
 done
diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz
index 92957efcab04f4eca8eb09a1b98a997dd26d155f..fcc04f34f15f1a5273a4cc83694f962f2c58783d 100644
GIT binary patch
literal 4164
zcmV-K5WDXmiwFSK-F#;N1MNI(bE8O-{T2O+3fs5S9cR5?V{ho@Fd&IF0tS#hp124C
zOV}nx5;{Qb@lEu9-^?mN2+6J9X~{j;OWGl*tgOs>WMyVS6%&84hyrKw+q>gI4WQF%
z(JMgyTJOSrz18S6o2_QI+jv*2*IRHQwIkLkg;f|i0U_@K-;X{=w=e(yDV&y0iTUIQ
z?z1zSk#d<--Dpw`6HIlI=tl`D`+h*Y#e*NroyhYS#JTrZ5pjXSb3@1>(UTXF2XE${
zljvpXl9Rc!ASt(U%IyT${nXct5pR)Z>GVyYbjk~stf?HwncCP8B#sj$)8aVY&@7D;
zb<Kc;NiSnlGC1>AwuE7+^pp2M&iJvV4JAdF43qrrZ^X6*%eHu9AX$vSw)qjSioDH;
zN`iIy<j$6EaOprFOr1+z<H{WVuck|`UaS3BEB)jyrrtwRzHjN<g&(5jx@0t2a*cYf
z*s$4XZkIE7GbgcIzsThOT)Al0H#yh4jeM14L)d2R1(VH!old8lE2v7=m8_YzYHpWb
zxY51mhvh|>t6?+GMb~$A$#R+R6R3GJSJdQHX}f6XEZkh(+nr9nsJugH=q)#E+pcx;
zy=AJST_qRuT+w<bKZe%Mv5z(eA4_&F)&<%1Yv;eWh}_`8nYiI0tjTWJWB(hVnqdFI
z^usVh-=O{PG&_a;e+$^O{~z5TM7!Rq)JU0_&U`s@iJYnk>4Rk_VE#$;?3Yv3Az;=Y
zyvJ2Qok9gT3jXpX@E)Hc@?Q8r8Zi9jMy=i=_b=cf+>AiWb>`HwSm-!r-hJQ%F9dx^
z;JPIAAEIX`aQ{wT{1usiD+%1G7lOCBUqvqQA_A7R>IYDM?!#<&LDXt7bpt8}sy7db
z|3DK1bxagD3?XmeF5JMG5q)((^CnPO@h0vfbcqv^CE~&-cbe3-j}<ZFihu(I_OzLQ
zC$0ziC_Cx3Mx~xei#eVX=&Scmg!K=Izr=zcpwcg7=0NR|k`>woCJ4f^=st-d@#09T
zM88M0zaLfs3L{fDa=cjx1<D771Nio}B{?~?Lr+76#=$wC{;H`GAw*U!$>{R}-Xmx_
zh6-j0oE3Kl-prOUlbb$GmgnF%9%jyCcpg9xxzHof@biTq&R4-hcpkz~Ph6VStCc=3
z7u;i1j#i8R<hYb3;gDp5ZD%CADdscyeYO1Oct1bBmNl7ilbHv@TSl7QrKjQN<UR&&
zc?I+7wbK4PDBt_wr52AnD89AfD}ch%37q*6eLup!^<SgWdI!NDECE}!PO}UCzt-*6
z3jhBWuy6gx^n>~*J`BCb1@&GZoxpSMXW$p2C+6MA!UdlRF3M%jOpefthpWd&H;f>M
z(j~>n!kI(ad-oCC$}_l8U`kd?h<U-ugCCx`QA9m!<P-GwU_n;kl+ioRAu{minF@df
zniA@J7Es?8%8oiKccW#?z<*3zBK=Myn@db^%((a5=&2T`t_0q+di7?l(rANEui>>F
z=f!@Zw`ux=he`dS{$rLod7taawSR;tX5t6a4@`c>!*J||%4fHU8)6}n3njzVEP_Tt
zlkQo#5JF#K<l?c&gYhO$4n#1n3*8%d(3y)=6t<J&a*g9&ZO(z+t*i>lSd<7;s|r*o
zj{?u}t>?tQ6RZc~cry0bfA9dEoc*u2+s(rMzXhbBEj57Ox;6#8HN1t@-8=ug&3E-y
z7c4-#-R`pIKeb~1zX{yvrp=3@(W}!yfCU95ZDed=8zrP=wgQ%%wPFSLJ;2hRd6Spp
z%Gme(x7O(7pZ~&tG5_BJzTo+<PF19M_FFvref8Ndvm%Fo?t98!)RF}7eJ#m=t|_u`
zw@xeCfGE<9q$Fv1BwLqPW5cvc_)IcemcW{4Bh3qfq+45L56`=(a#)ft^$OW5GV^Gh
z9$63#O{dRPIr@_%C$ku_t~x~^K1RXp8cL+EDT;P0tAnJ+Mq}v6D~TvP^bAPjIQnBq
z|BwXes&8$T3V16BR<mQi`lYbP|F>GLTK@TOr&a9#c@y{o|8Jm*e69OGhr4bO1ANCZ
z0JS6s4*|XrBzwhD51b1`wj&YTLzcnk=`}+h$SR)%CdA+^DO(;loK@jE;*D!e3!19Z
z=q1j#<k1HG5cC7LqNVktd)2b}bTiQ@`E!7q;F9Zm^FxZyH#=KJgn^-r_0mtK#Cnfc
zlyw4%@>hy%4kdAoG$aLjB7>0C8(xt!h_PxJyl|bRQKj2b+BDH${19Qp<UgY|TDTLc
zzDsZN+iJ<)7U8VIR}H5ndGXPidDHh8L1C-*1zyo)N#`a5ell^F5fN20BPm?Vc<^Gg
z7Ws+HXFtHLlThS6i^y1Cp7n1x<gnVMa%f|8Z}CWZS7UZJx(Y;y&hpAfp1^vGCNB=k
zye@7}Q}*#rnj!}NGRO4f-kF}zKL0;|;Z`bWzR5ChKZ2EECUWM-<o7NuIrIIgJFQRy
zNd+eZw>@;b+P#YgUxdX2nNb%ibm<2X`7hFGLsUY|ZusO({pZl1{1(!>KF<8$C0Z?r
zzu4#{V9KO!bVFWrUbE<x3M+To?PmL5=CPV?^Y~2jOmmnF=RqpoXf&ueaVY56UEm?7
zWUZ^)%7haEXdj-Z$slpSoi14@BLlp905zu5kPZfAQAeho*2Tp|mOI<MvN6G94LucA
z-s0%nPGo&~mORd6n?=i%)n};a9?h8QTgPX|hSYyoFp@itjL*ma^+vtjT|fWpV*KA|
z74QGv1`ZxKp;uYQ_cw89+}^RZWK;E6$=yLH-R9s%xDVtDB2mijgz+0Wi>31jk^L<6
z!D!FC1>8sEDT<bt)#~%}b7fr&EJ1b7=)+v)Do@dTcKD}T92eVElURf&2K<hR4rz%%
z>_o1J0(auU<(422Gpw<0ODY6plGwX*!_qNY$C`HojWD1w8Z=XeCf*&sK{t|drJ1sI
z*Q+0~ApklI%K+PR_%`VLKr(tqtbQMQ-+;Q`LK_sK9KHp8*^q7_<UeL3V95cBG=M)D
z=E&gijkr=^u>q?T%T~03O&=yhd*W5e1`hA9aAl&3aS9f1mdvYWPxTpMt(OgofX;!n
z3#0DKiqxxqbb=}bz16uJhG=+L7TxXKJ4x;6<$r|ue?oIDexRw!T_S`o!GPt67jo4`
zLs}}uE3A#G8#+k0Bx8%%d<{Pu8~tr;Y)1gUZb^1WxEECbRVrD6Zub>_U~aKUS9crr
zJM^fYa;P-|D82=HqY)L9Nh5s@rv%zqTu1YuPa<5!c$x@6tHGU&`G?mt-q3M5ESb<;
zSnT)Zfvxk_uy=Cy2PQ??__XfI%d<bsA#X^VSWt(7q{%v9d(~AKK#mi*)!!rg(e=G$
zRgpk(*HUDi{+N<Q6;QaQ8VHJ`iDRHZE~S#%hsYcWSY@i=y|=im(jO`zy-ROq{=}K(
zlSl{E(<MXcCFIqm8_ZB2O-nN*Dm-w*2pR*LG}M^wu+5<a7KGA=PmnRbGVe^RZSUj+
z73ny}MT9}_g9?m69W1I0LZT|5991%+7z2IS5mbS$g=|sk^JB&8Ensb&F+&OZ<SOu;
z>BI>mwg^5St!9yzNl#(Ht@@Gq0&AIcGEr>&)FX?=)w!sefxFCLPfEz?izS|bw){Mn
z#?ofhcc9pNrGJ6(aU6&NV>yJ;G+-=sPJq!I(UHZ8e}r*0!0HLw2#<yKeh6XNeD((h
zt>GuQ!R5rK|33R8d<i3W{s|`d)Wwa?H0=HKL&-3QnX=*2b`ii#{5hU21@fcxS1w?n
zHd9|ui=#{g4IF~34p>OKPTSOq_1F$&$Ph(a)@^XfyeTnvizpLT^f}~6R%MgFG9}f5
zTQLcC@iZ@XFQC_m_;~LcG2*W!%IAtVWx-~?k#SDvXYT|&`gt55oTu&#RahAEvTB=x
z0Y*6HDk%I&ADN7Yph&!7gGr+aZKNxb#pJ<60VfRe(*|p)DPw%<$ry+d64};JQt@F$
zOl{HGg{_x$e1yUHi`a5S0^Ci9A;646jLB|Q3>A0`UBo+;A3^)pZK9&2Uv$tuo4zrY
zB{M~8h84REhU)VW2T&76IYaPr%NwH2T8GcGK}6EE;D81ynEJ7Lt!lT>X@<<)6PA>r
z2SAhsijRXnW_@ugtBR~jz{wJZ2_<?l8^oxf8*w#2A7as{KiZ;Hx|Sr}HZ0p(i#Ww5
z$0uz~n}$)ea1uOis#%J)6dGWu1L)1oMbn6f{t?;B0ww}mY{R&x{eW7)azGcyx~j8L
zJ7t|{o8x|8{-yUD5`b}(>EQ!PKDMM^Y<%#qjjdj%2F`g54$^>>WE*_}x9C$sJR~rZ
zf0cT*^}U^$ODc^5sRd>g#RyRPc?{vYot}G(sc1+?{jw88sk2TjHxtg9o@7xJHrh<^
z7OH)A8nP<0>BERj{syX;hCoO}QFLHg+7i;PPLjXCs98x$H)NQgdhet`n)DB^b@*#+
z{$bRBa}o+@H?o*aV1_fsiTJUZX=OYE5T_6CVD9sZ4Ra(z3Tm}RurMD~R5DFi#l;<g
z>Iu3b@H*t1=?uQrjB6fxL={=#UnN7cS^v?brb-R`>6MRT)pZ)mT!US=;%L_dtDY>*
zsck>zstSyfj!Po!54w*fU0Y>y5(}`NgW23<n@X~@$>zoTUe-&TZGmhtvjhKXiS_zr
zJ8!*$+1-Ex_vMa39MNY-*SIw1$sG*fm{^Awi*xQuw$O$rGifWW_4{mjG2+eZBo~#L
z-4}a?|8fvQ#CdEP`}Y4f>y3ByR;^QScK~X*|EJY%70>_Q0&?d+lRZBeNmoZs_`fSR
zaHg*NmD_(h#m=Aac;^q=kdw3_@w=6M?^S3i`d)=La}MZiCH_kLh<1E9ircyWhoj$)
z!WdTIFrv$TMvB87K=gZ4KzhYr$%<^<L8pPI{CO-Hya-&A(>AScrB-dU&i|*xWspDa
zK(=eUko8^2#x7)Y7qYbr+0G(67mN&W^-hfI!X)T0R3k=RAnM1MjLUpS162hq410Nx
zFY{q?!i=DrKwlfC@At#fDN?>aOAac1;J8|a{#9$hGCh-2gcg4a!pL7P-RV)c0q^tw
zt!6iO{-*&tT=@UDfY<i_wllFnMn(Q~98hl*A;9+>0%UaL2*-fFax?B`xv$z3o81f>
zr?+;{#ov2M)8#FSa*lIcVi%|6(@<Z|DJii<n|wxUKNm*1MV5RIYCi);xkbi4RkgqP
z&g#=|S?w<iWLq?uFJ0|tuqOUDI0zL@j{gP7edqtt=jZ%?y;Ge3c@sFzfB24pb*E<#
zvRc04Rq<99t@Mb2Hn!HtQsxtRob)^U7*pwV9i4NW9DkzeTQ|6X4Zw}~-}wArz1_;s
z|5~Sr|KA3_;QZgOs3OJj|04Q-HTtJU<OpGZ{B7368O0yNBYBY3EmY#7zBtx@jd$_^
zzT_Z(dXyzOCgUwXw$g6~B#Fr^NqqkiWB~;fP(T3%6i`3`1r$&~0R<FLKmi35P(T5H
OMffKzl~0NQcmM#NA~j|J

literal 4154
zcmV-A5XJ8wiwFRpt_foR1MNKhbE8JG`z!h@rewd%Zk_c3`igy}%OOA#&j<)0J5F5{
zg(YlLkw6d7I)17B->+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE)
zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm
z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_
zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt
zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ub<l3}91`~}&zVA&RLj3kQ^*fu}mRgt$T
zQAMz>p4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW
z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8
z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av`
zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_
zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t<!a#~Ia3id1j~-V{G<3esAZ~yz^p%b
zkL!>)g*tE)g4IjtJwC<gz3>5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp
zx+n@B;%6sx|At<IHJX7d3EjCDfw#F|$1d_>1eUcCgiwANz-)NIsI@<LLm~#Mw~SEm
zKoTQ$iWE1BAaCUQZs;tKzP?|0GbpThGuMw?<V0wNanX}IPwP6w6)}^FfCB{fq?vz1
zt_S&8cG_!PolT`B94`>`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z
z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi
zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S<vM(bE+QD}nM<<z&C17>
z&pgJpc<uj{VKSPOLz)e?os#UQST5lA)$*U?{rvb^)@;Gd79I?54b$u|J&!&o_c3&9
zYnV^3l@69+?LGi6<v;GB_|}H61Oh83be1Rd{TL3d|2VE)SpPM9-CpVc-vSP;|EPWt
z|HMa;_vjPv_0b7E=Y9cxA%3FX4f!tkOmI;yb!Kvmy?C^Kd~~B2atK{o4EfFy%HF$=
z;8vc&jRI4&UO~(YP9FU5!i{6%S>pg<e-9R94Ne(*$0bAt!7^6?ut0M}e2)+HeIe|K
zvvRjuwhDvCtR>Q~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3
zOZNLbbM(H@lN<jCQOqm|=O3v2oQGlP4Utc8Q#V9IBo|6X>qQKWgeKk7a3O-e#F2|f
zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN
zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy
zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`<IwZpCf6-I|80UXDChrMz!yCK
z)rpFf&wk5izpp;~rB>wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F
z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$
zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_
z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu
zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSs<KL-84ThX%mk-cj9
ze6pG74E;X9o8Z#xd-FqvFE%@0MGPZDo9dMxOo{d$uPB=Y6y*nsY>p*ygES-sdLoCA
z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFng<mzCRb>C8
zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT
zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l
zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv
z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK
zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n-
zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gw<!L
z$R5pv>RZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc
z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db
z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by
z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I
zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f
z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2<RMGyHM((tVsRFM<;AR(A!wL
zQG^W-%_6&<`_;^jUj0vm|5Zt@#g8;qxl4tRB^a=r@Is;5*pOB#$qH+$>V^)|Ey>s+
zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g
z%A}zogQo<xv3MQLgFcCH6_aTq0IddhGR{A~p7Dl`m&1|?&4tDOP#)PjZ;kua^WSh%
zl#NfDuDm+`%^dTFw2cLI7)hF}1Ge8-M<L`mq1*U1wjbTVTQw936n7&<*2#}4SwsPa
zYodXmIGQ*G3e2TaQHKzjV**;4Ms)A_R}Jz*BxHBl%_5jNi((SfLG^UWQ2Hr(W95bm
ztdFLp84?j5x={>`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs
zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+
z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0
z7%-M&7)=AlQfCAh%?TM<Jn>I3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO
zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%?
zkaUx_i52V99m<d)ingrV;F5V$qV5)>OjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$
zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!<D3Va&^_Z3+e$;e@N8@DqJvQXYaL
z@rDg1jU=>*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*`
z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z
zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN
zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe*
z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI
zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-<DYc#A$E#D@eX^3PJgxw*G<b4evp
zAhE!-qBsJSew;$MZfED-5-JkX5x?w&aptU3%T0yTrl(m1g&S?Acnhn2ej3s$)9FKr
zO#TL{n1w)?h@i;8(zGRHU7aR>f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$
zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2
zRx_@7=n++<g@2X|&8GcFlA0=U_@`exjaAo4D02;V-AbZe6Rdi=I48FKl&dN*N;+N=
z;r<}|ShBTMJ}0#Rn>m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^
z8N>;Bc65!G#yq-%0h}W1_+s&#8^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT
zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|Gx<o&VQzResCn+m^jh@t=-U>yY5$R|LK-H
zfBwWff3OXyW(`T+tsHu<LQ0YMDx{f9K<6v*N7_fU=fhFV-u*ue`F0eJVFd<9botLn
zF?a_M`Q8+e4)}qr$krWn8hFYdr;@>oz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go|
zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9
zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y
zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh;
zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QI<To%Z7
zXmVe=I?P~0{9kYoDxRJG3y_D-|FhlV_a8a7Jpc1Ha8~^A9R=%7&mm;BHsDq9Ru--7
zh=De>Hpoiu6M2mEEBzQ#<!lq3GmM;kqUl>VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@
z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk
zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF
E0Q3<h8UO$Q

diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
index daa78ab..e473ee9 100644
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@@ -9,7 +9,7 @@ proto tcp6-server
 port 65301
 persist-tun
 persist-key
-#duplicate-cn
+duplicate-cn
 verb 3
 server 10.255.252.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
@@ -26,7 +26,7 @@ push "rcvbuf 262144"
 tun-mtu 1420
 tls-server
 tls-version-min 1.2
-push "route 10.255.252.1 255.255.255.255"
+#push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
 ifconfig-pool-persist ccd/ipp_tcp.txt
 passtos
diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf
index d0d18f3..a6d1864 100644
--- a/openvpn-tun0.conf
+++ b/openvpn-tun0.conf
@@ -24,6 +24,6 @@ mssfix 1360
 tls-server
 tls-version-min 1.2
 #compress lzo
-push "route 10.255.252.1 255.255.255.255"
+#push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
 management localhost 65302
diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json
index f6bd1ed..4055a2f 100644
--- a/shadowsocks-go.server.json
+++ b/shadowsocks-go.server.json
@@ -7,7 +7,7 @@
             {
                 "network": "tcp",
                 "address": ":65280",
-                "fastOpen": true,
+                "fastOpen": false,
                 "reusePort": false,
                 "multipath": true
             }
diff --git a/shorewall4/params.vpn b/shorewall4/params.vpn
index e4082cb..074e6ec 100644
--- a/shorewall4/params.vpn
+++ b/shorewall4/params.vpn
@@ -1,3 +1,3 @@
-VPS_ADDR=10.255.255.1
-OMR_ADDR=10.255.255.2
-VPS_IFACE=gt-tun0
+VPS_ADDR=10.255.252.1
+OMR_ADDR=10.255.252.2
+VPS_IFACE=tun0

From 56a2c5f7ff60792870703793fed91f31f0dbc96a Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 4 Feb 2025 13:56:39 +0000
Subject: [PATCH 159/164] Update iperf3 to 3.18 using source and update kernel
 to 6.12.12

---
 debian9-x86_64.sh | 43 ++++++++++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 719a1bf..37dd3d3 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -515,8 +515,8 @@ elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then
 	if [ "$PSABI" = "x64v4" ]; then
 		PSABI="x64v3"
 	fi
-	KERNEL_VERSION="6.12.10"
-	KERNEL_REV="0~20250117.g773b57f"
+	KERNEL_VERSION="6.12.12"
+	KERNEL_REV="0~20250202.ga815caa"
 	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
@@ -561,7 +561,33 @@ if [ "$IPERF" = "yes" ]; then
 	#chmod 644 /lib/systemd/system/iperf3.service
 	echo "Install iperf3"
 	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1
-	apt-get -y install iperf3
+	if [ "$SOURCES" = "yes" ]; then
+		apt-get -y remove iperf3 libiperf0
+		cd /tmp
+		rm -rf iperf-3.18
+		wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz
+		tar xzf iperf-3.18.tar.gz
+		cd iperf-3.18
+		wget http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz
+		tar xJf iperf3_3.18-1.debian.tar.xz
+		echo "Install iperf3 dependencies..."
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		echo "Build iperf3 package...."
+		dpkg-buildpackage -b -us -uc >/dev/null 2>&1
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
+		cd /tmp
+		echo "Install iperf3 package..."
+		dpkg -i iperf3_3.18-1_amd64.deb libiperf0_3.18-1_amd64.deb >/dev/null 2>&1
+		rm -rf iperf-3.18
+		rm -f iperf* libiperf*
+	else
+		apt-get -y install iperf3 libiperf0
+	fi
 	if [ ! -f "/etc/iperf3/private.pem" ]; then
 		mkdir -p /etc/iperf3
 		openssl genrsa -out /etc/iperf3/private.pem 2048
@@ -577,12 +603,12 @@ if [ "$IPERF" = "yes" ]; then
 	else
 		cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf
 	fi
+	echo "iperf3 installed"
 fi
 
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 
-
 if [ "$KERNEL" != "5.4" ]; then
 	echo "Compile and install mptcpize..."
 	apt-get -y install --no-install-recommends build-essential
@@ -712,6 +738,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then
 	fi
 fi
 
+echo "Add modules on server start..."
 # Load BBR Congestion module at boot time
 if ! grep -q bbr /etc/modules ; then
 	echo tcp_bbr >> /etc/modules
@@ -759,12 +786,14 @@ if [ "$KERNEL" = "5.4" ]; then
 		echo mptcp_blest >> /etc/modules
 	fi
 fi
+
+echo "Stop OpenMPTCProuter VPS admin"
 if systemctl -q is-active omr-admin.service 2>/dev/null; then
-	systemctl -q stop omr-admin > /dev/null 2>&1
+	systemctl -q stop omr-admin > /dev/null 2>&1 || true
 fi
 if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then
-	systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1
-	systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1
+	systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 || true
+	systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 || true
 fi
 
 if [ "$OMR_ADMIN" = "yes" ]; then

From 0091388ff29571ac0a54693641e3566e4623200c Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 26 Feb 2025 09:25:39 +0000
Subject: [PATCH 160/164] Fix XRay API listening

---
 xray-server.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xray-server.json b/xray-server.json
index 3c0d0f4..14c62ee 100644
--- a/xray-server.json
+++ b/xray-server.json
@@ -206,6 +206,7 @@
 	"stats": {},
 	"api": {
 		"tag": "api",
+		"listen": "127.0.0.1:65080",
 		"services": [
 			"HandlerService",
 			"LoggerService",

From efd7ffd1db749d513a50918bcad28ebf7ef90ec4 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 26 Feb 2025 09:26:03 +0000
Subject: [PATCH 161/164] Add tcp-nodelay option for OpenVPN TCP

---
 openvpn-tun0.6.1.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf
index e473ee9..bc93c87 100644
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@@ -31,3 +31,4 @@ client-config-dir ccd
 ifconfig-pool-persist ccd/ipp_tcp.txt
 passtos
 management 127.0.0.1 65302
+tcp-nodelay

From f8484dc7424c5ee7a43d0e6e1f2e1a8d57242348 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 26 Feb 2025 09:26:38 +0000
Subject: [PATCH 162/164] Fix gre tunnel configuration

---
 omr-service | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/omr-service b/omr-service
index 9021e59..e927ab6 100755
--- a/omr-service
+++ b/omr-service
@@ -38,7 +38,7 @@ _glorytun_tcp() {
 	#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
 	if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
 		for intf in /etc/glorytun-tcp/tun*; do
-			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf}
+			[ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
 		done
 		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
@@ -157,7 +157,7 @@ _gre_tunnels() {
 					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
 					ip link set $iface up >/dev/null 2>&1
 					ip addr add $LOCALIP dev $iface >/dev/null 2>&1
-					ip route add $NETWORK dev $iface onlink >/dev/null 2>&1
+					ip route add $NETWORK dev $iface >/dev/null 2>&1
 				fi
 			fi
 		done

From 7aac683f4f68aea3f95a6ec6f3ce0757f54e3d70 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Wed, 26 Feb 2025 09:27:33 +0000
Subject: [PATCH 163/164] Update omr-admin with XRay fixes, update kernel 6.12,
 various fix

---
 debian9-x86_64.sh | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 37dd3d3..62adc75 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -80,8 +80,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
-OMR_ADMIN_VERSION="530d20c6b482d491accfa4ea5dd44afa5d1eccdc"
-OMR_ADMIN_BINARY_VERSION="0.14+20241216"
+OMR_ADMIN_VERSION="7e98b32ebf549f87e9d20072acc80a87a562cb7d"
+OMR_ADMIN_BINARY_VERSION="0.14+20250220"
 #OMR_ADMIN_BINARY_VERSION="0.3+20220827"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
@@ -166,10 +166,11 @@ fi
 #	exit 1
 #fi
 echo "Check about broken packages..."
-apt-get check >/dev/null 2>&1
-if [ "$?" -ne 0 ]; then
-	echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
-	exit 1
+if ! eval apt-get check >/dev/null 2>&1 ; then
+	if ! eval apt-get -f install -y 2>&1 ; then
+		echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..."
+		exit 1
+	fi
 fi
 
 # Fix old string...
@@ -227,6 +228,9 @@ rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
 rm -f /etc/apt/sources.list.d/buster-backports.list
 rm -f /etc/apt/sources.list.d/stretch-backports.list
+[ ! -f /etc/apt/sources.list ] && touch /etc/apt/sources.list
+sed -i '/buster-backports/d' /etc/apt/sources.list
+sed -i '/stretch-backports/d' /etc/apt/sources.list
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
 	apt-get update
 else
@@ -236,7 +240,7 @@ rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
 echo "Install apt-transport-https, gnupg and openssh-server..."
-apt-get -y install apt-transport-https gnupg openssh-server
+apt-get -y install apt-transport-https gnupg openssh-server libcrypt1 zstd
 
 #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then
@@ -515,8 +519,8 @@ elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then
 	if [ "$PSABI" = "x64v4" ]; then
 		PSABI="x64v3"
 	fi
-	KERNEL_VERSION="6.12.12"
-	KERNEL_REV="0~20250202.ga815caa"
+	KERNEL_VERSION="6.12.15"
+	KERNEL_REV="0~20250219.g6e42b4c"
 	wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb
 	echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release"
@@ -563,17 +567,19 @@ if [ "$IPERF" = "yes" ]; then
 	[ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1
 	if [ "$SOURCES" = "yes" ]; then
 		apt-get -y remove iperf3 libiperf0
+		apt-get -y install xz-utils devscripts
 		cd /tmp
 		rm -rf iperf-3.18
 		wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz
 		tar xzf iperf-3.18.tar.gz
 		cd iperf-3.18
-		wget http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz
+		wget --waitretry=1 --read-timeout=20 --timeout=15 -t 5 --continue --no-dns-cache http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz
 		tar xJf iperf3_3.18-1.debian.tar.xz
+		sleep 1
 		echo "Install iperf3 dependencies..."
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
-		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1
+		mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
 		rm -f /var/lib/dpkg/lock
 		rm -f /var/lib/dpkg/lock-frontend
 		echo "Build iperf3 package...."

From fd55a16550f888054e51901528fc350928f207a5 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 7 Mar 2025 08:05:23 +0000
Subject: [PATCH 164/164] Update Shadowsocks to 1.13.0

---
 debian9-x86_64.sh          |  2 +-
 shadowsocks-go.server.json | 14 ++++++--------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 62adc75..631e431 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -95,7 +95,7 @@ EASYRSA_VERSION="3.0.6"
 #fi
 IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
-SHADOWSOCKS_GO_VERSION="1.11.3"
+SHADOWSOCKS_GO_VERSION="1.13.0"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server-test"
diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json
index 4055a2f..7d4704a 100644
--- a/shadowsocks-go.server.json
+++ b/shadowsocks-go.server.json
@@ -26,14 +26,12 @@
     "api": {
         "enabled": true,
         "debugPprof": false,
-        "enableTrustedProxyCheck": false,
         "trustedProxies": [],
-        "proxyHeader": "X-Forwarded-For",
-        "listen": "127.0.0.1:65279",
-        "certFile": "",
-        "keyFile": "",
-        "clientCertFile": "",
-        "secretPath": "",
-        "fiberConfigPath": ""
+        "listeners": [
+        {
+                "network": "tcp",
+                "address": "127.0.0.1:65279"
+        }
+        ]
     }
 }
\ No newline at end of file