From 3ba380d2fee4a51efead3500260320e7f0e88022 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 30 Oct 2020 14:21:28 +0000 Subject: [PATCH 001/164] Check if Glorytun TCP client side answer, else restart it --- omr-service | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/omr-service b/omr-service index 568ce7b..114c1b8 100755 --- a/omr-service +++ b/omr-service @@ -27,6 +27,12 @@ _glorytun_tcp() { for intf in /etc/glorytun-tcp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done + if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then + if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" + systemctl restart glorytun-tcp@tun0 + fi + fi } _omr_api() { From ef69f2bfecc5e26043059b81472463f7dc94f4b6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 31 Oct 2020 11:52:02 +0000 Subject: [PATCH 002/164] Increase MLVPN reorder buffer size --- mlvpn0.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mlvpn0.conf b/mlvpn0.conf index 711c84d..cc24e47 100644 --- a/mlvpn0.conf +++ b/mlvpn0.conf @@ -5,7 +5,7 @@ interface_name = "mlvpn0" timeout = 30 password = "MLVPN_PASS" reorder_buffer = yes -reorder_buffer_size = 64 +reorder_buffer_size = 128 loss_tolerence = 50 [wan1] From f4beb2f5a59c87f04b838fae244286dca6da822d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 31 Oct 2020 11:53:25 +0000 Subject: [PATCH 003/164] Increase version --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 812dcb2..3e4ada9 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1019" +OMR_VERSION="0.1020" DIR=$( pwd ) #" From 68211f2033de3c476947167d7a4b6082e1138d48 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Nov 2020 16:45:29 +0000 Subject: [PATCH 004/164] Fix on current-vpn file doesn't exist --- debian9-x86_64.sh | 1 + omr-service | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3e4ada9..3f1b13b 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -389,6 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then pip3 -q install fastapi netjsonconfig python-multipart -U mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf + [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in diff --git a/omr-service b/omr-service index 114c1b8..38002d3 100755 --- a/omr-service +++ b/omr-service @@ -27,7 +27,7 @@ _glorytun_tcp() { for intf in /etc/glorytun-tcp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done - if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 From 9b47f9b25b005e973dc7192112724139dddc1c41 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Nov 2020 16:47:24 +0000 Subject: [PATCH 005/164] Fix IPv6 ULA problem --- omr-6in4-run | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-6in4-run b/omr-6in4-run index faf15cb..ea5faad 100755 --- a/omr-6in4-run +++ b/omr-6in4-run @@ -16,7 +16,7 @@ if [ "$1" = "start" ]; then ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP} ip -6 addr add ${LOCALIP6} dev ${DEV} ip link set ${DEV} up - [ -n "$ULA" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV} + [ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV} fi if [ "$1" = "stop" ]; then ip tunnel del ${DEV} From d068d1475148216d068aa1ef52f8e274f177f3e8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Nov 2020 16:47:41 +0000 Subject: [PATCH 006/164] Fix on current-vpn file doesn't exist --- debian9-x86_64.sh | 1 + omr-service | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8e83633..bd7a38c 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -389,6 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then pip3 -q install fastapi netjsonconfig python-multipart -U mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf + [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in diff --git a/omr-service b/omr-service index 114c1b8..38002d3 100755 --- a/omr-service +++ b/omr-service @@ -27,7 +27,7 @@ _glorytun_tcp() { for intf in /etc/glorytun-tcp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done - if [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 From 5cb79c7f77e03fc9152a6d995905ea69d5a7b770 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 3 Nov 2020 17:09:08 +0000 Subject: [PATCH 007/164] Use latest API --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bd7a38c..9aa5197 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="8d0706e8c234f9a0eaa88ace6d58c2d0f45156cf" +OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" #V2RAY_VERSION="v1.1.0" V2RAY_PLUGIN_VERSION="v1.4.3" From ec22ebbf04d61d9f8e78e9e3f6240e929c5e1735 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 6 Nov 2020 16:29:47 +0000 Subject: [PATCH 008/164] Update server kernel --- debian9-x86_64.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 9aa5197..d0ac75c 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -32,8 +32,8 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.65" -KERNEL_PACKAGE_VERSION="1.13+9d3f35b" +KERNEL_VERSION="5.4.74" +KERNEL_PACKAGE_VERSION="1.14+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" @@ -195,8 +195,8 @@ rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb fi # Check if mptcp kernel is grub default kernel From 521a620e99324fd98951737763fefc4b3ce5acf9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 6 Nov 2020 16:30:53 +0000 Subject: [PATCH 009/164] Update version --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e4a8043..d76c87e 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1020" +OMR_VERSION="0.1021" DIR=$( pwd ) #" From 11eb98aa91cb9f43d8f4645eb33b46b79edf8f2b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 10 Nov 2020 07:53:07 +0000 Subject: [PATCH 010/164] Changes needed to work on AWS EC2 with Ubuntu --- debian9-x86_64.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index d0ac75c..4b6b45b 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -207,8 +207,10 @@ if [ "$LOCALFILES" = "no" ]; then else cd ${DIR} fi +rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} +sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox From c1e2859ff3ed4e733e667213205199ab1b21353f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 10 Nov 2020 07:53:59 +0000 Subject: [PATCH 011/164] Increase version number --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1a12d74..7ba12f8 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -50,7 +50,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1021" +OMR_VERSION="0.1022" DIR=$( pwd ) #" From f89e40f9d96a57c557384d165635d5d35b048a96 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 23 Nov 2020 15:42:15 +0000 Subject: [PATCH 012/164] Update glorytun UDP --- debian9-x86_64.sh | 4 +++- glorytun-udp-run | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 4b6b45b..085a360 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -35,7 +35,7 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev KERNEL_VERSION="5.4.74" KERNEL_PACKAGE_VERSION="1.14+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77" +GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" @@ -46,6 +46,7 @@ DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" +DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" @@ -413,6 +414,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin + sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json fi openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json diff --git a/glorytun-udp-run b/glorytun-udp-run index d393056..9aeb930 100644 --- a/glorytun-udp-run +++ b/glorytun-udp-run @@ -12,8 +12,8 @@ fi DEV="gt${HOST:+c}-udp-$(basename "$1")" exec glorytun \ - bind $BIND $BIND_PORT \ + bind from addr $BIND port $BIND_PORT \ keyfile "$1".key \ ${DEV:+dev "$DEV"} \ - ${HOST:+to "$HOST" "$PORT"} \ + ${HOST:+to addr "$HOST" port "$PORT"} \ ${OPTIONS:+$OPTIONS} From 3a0fde41b46e34824397bf15c9babe65b4839e6b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 23 Nov 2020 15:42:35 +0000 Subject: [PATCH 013/164] Add a check to not restart glorytun tcp too often --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 38002d3..a235ad0 100755 --- a/omr-service +++ b/omr-service @@ -28,7 +28,7 @@ _glorytun_tcp() { [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then + if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 fi From e0fbb8faa9ba936cbd1b8b2c19a8c333bf236019 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 16 Dec 2020 15:44:13 +0000 Subject: [PATCH 014/164] Update API, kernel and add OpenVPN Bonding support --- debian9-x86_64.sh | 47 +++++++++++++++++++++++++------ omr-6in4-run | 2 +- omr-service | 18 ++++++++++-- openmptcprouter-shorewall.tar.gz | Bin 4056 -> 4076 bytes shorewall4/interfaces | 2 +- 5 files changed, 57 insertions(+), 12 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 085a360..34dc176 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -15,7 +15,7 @@ OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -UPDATE_OS=${UPDATE_OS:-yes} +UPDATE_O7S=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} @@ -32,17 +32,17 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.74" -KERNEL_PACKAGE_VERSION="1.14+9d3f35b" +KERNEL_VERSION="5.4.81" +KERNEL_PACKAGE_VERSION="1.15+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03" +OMR_ADMIN_VERSION="595b55f7309b8b940b6599bb49c824376750860e" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" -#V2RAY_VERSION="v1.1.0" +V2RAY_VERSION="4.31.0" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" @@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1018-test" +OMR_VERSION="0.1023-test" DIR=$( pwd ) #" @@ -389,7 +389,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then echo '-- pip3 install needed python modules' #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - pip3 -q install fastapi netjsonconfig python-multipart -U + pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn @@ -563,7 +563,10 @@ if systemctl -q is-active v2ray.service; then fi if [ "$V2RAY" = "yes" ]; then - apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray + #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray + wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json @@ -765,13 +768,37 @@ if [ "$OPENVPN" = "yes" ]; then if [ "$LOCALFILES" = "no" ]; then wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf + wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf + wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf + wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf + wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf + wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf + wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf + wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf + wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf else cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf + cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf + cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf + cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf + cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf + cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf + cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf + cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf + cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi mkdir -p /etc/openvpn/ccd systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service + systemctl enable openvpn@bonding1.service + systemctl enable openvpn@bonding2.service + systemctl enable openvpn@bonding3.service + systemctl enable openvpn@bonding4.service + systemctl enable openvpn@bonding5.service + systemctl enable openvpn@bonding6.service + systemctl enable openvpn@bonding7.service + systemctl enable openvpn@bonding8.service fi echo 'Glorytun UDP' @@ -1039,6 +1066,10 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] & sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf fi +if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ]; then + sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat +fi + if [ "$TLS" = "yes" ]; then VPS_CERT=0 diff --git a/omr-6in4-run b/omr-6in4-run index ea5faad..ae91dce 100755 --- a/omr-6in4-run +++ b/omr-6in4-run @@ -3,7 +3,7 @@ set -e if [ ! -f "$2" ]; then - echo "usage: $(basename "$0") FILE" + echo "usage: $(basename "$0") start FILE" exit 1 fi diff --git a/omr-service b/omr-service index a235ad0..d3c098f 100755 --- a/omr-service +++ b/omr-service @@ -62,9 +62,9 @@ _gre_tunnels() { if [ -f "$intf" ]; then . "$(readlink -f "$intf")" iface="$(basename $intf)" - if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then + if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then ip tunnel del $iface 2>&1 >/dev/null - ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP + ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR ip link set $iface up ip addr add $LOCALIP dev $iface ip route add $NETWORK dev $iface 2>&1 >/dev/null @@ -73,7 +73,20 @@ _gre_tunnels() { done } +_openvpn_bonding() { + if [ "$(ip link show ovpnbonding1)" != "" ] && [ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ]; then + ip link set opvpnbonding1 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding2 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding3 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding4 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding5 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding6 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding7 master omr-bonding 2>&1 >/dev/null + ip link set opvpnbonding8 master omr-bonding 2>&1 >/dev/null + fi +} +ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp _glorytun_tcp @@ -81,5 +94,6 @@ while true; do _omr_api _lan_route _gre_tunnels + _openvpn_bonding sleep 10 done diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 5a984469460479c249eee19de9ccf473c2daf5e9..dbbaefbae4907faea3d9be6dd77f680a5a4cbb83 100644 GIT binary patch delta 3895 zcmV-756JM?AM76;ABzY804v&G00ZqD?Q)~Y@&2Nxn6jO_-HP>TNs%2Qe|uTUn_Ot` z3h3$So}TIH?ty_x;QMjtOn&+1aL@qgw%hawP&_uz;k8`ex;ac(JM(PZnIOS*SKVYn^S@GkCKg@w|DFEB~=}an@Yt z+&pg;n2`}%|F;_FXXyXC?ek`<(`ljq@3tGI|9=Zu_x~T< zFhalHt~E%Nn9h7LbBUap2(;?v2AH2t9e@KHu4LAzH;wAJRpJMV( zcu!g|{MA;Y*(Ucd5Fy;0K+ARJG_qJ2IA-2`=!7o>V@T+_BnlqlXD4+3LSBL;nLsEB z-KiHrw7Fl#F7aXlp0yr?P=6l4Yz^`IPOr@hvyHB)H`$5R4* z_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m97(nK*O>PA!!kr+Wa`F_H;bS` zb+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zGe*{g(RKcu3u;NZ2n%OcIa?_{D z;uPY>!_0Y%PDAJ+7kUH~KlOuXz6>9t(+Gxo;?kmCqw-(xwf?7gPoq!Od<@;{5@y6}a)WtTy$>MH_>WsCzP9TsVGpoyLT7%!*pIMl z{nu)>e+%os#`$>}|K9|5t^b&P(D=khk@x7+==H$~J?DM~aUp(U(T(^n#7qcLE(>OI zj8QyVK0dlp3?-B^a=Z zf2yF2MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@#&PxCP7LcX3)B%3&)|Bwp z@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P<(lTGcRL-f*|SE2HC^&HmU-a6l=Xg_KM6R z8mC7dL_^c_*Em-64lPH2uo&mjP$GRzQM6lG9i)9T8bg;|NkrkH4}dSn(H}$lf4d}D z97j2oas2-l!sYCckA5lai2v<&ySV=c$XjLne+&4G_-~+zd};VUg|qWA2lxZ$0MwK0 zJq7qmknR=BB5olO*~~<64_OXhq}L32Agg?um=J@vqvY>O50Y90zioPf18Qt?ADerp1?nYOE2+?_7#mo~}Z_pIQL7msd z?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9T5}czQ+HaU4w4E^ z2X1rdw&}f%1|Nha1DP`ye=2klgfaOm>2@G1p>8*Na;Cv^6ij}JXj>m=LHH6ceG>R< zy#!2|)U|FXiY{6fJyK!SZl`nB`Q1F0(@h?qP|q}n>2U6);jLDSiW7%|j@<&O+HGH4T;#b=N@gCKO@4wW7J4kI zJS=VSX(zJ2JV|e7vdyAZ%IXtTbdP32^|kY}Lqit7YnaI$M#iV}|7NS%?O^`j?wofz z%@*eWt#+r}|M4c1=m#TzM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z z(MN^G)t=({Z2xz+I4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{ zZd5shc1*n+P{IIZG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6FY``1C|2a?e{VDtOX z`v$cA7IaXEvVRTwvLW3<%6~{DV95c7G=M)D=Ez|GN?a+h*nm}vWh>girZ@=p=|JEEn37C+Eb8V z_z}RbG|BG>_u?9$Diur6?Y_bf%ncUV>Ta!l`ySO}4y{H2!?(b0G@^nrX{68Llt3Sg z>u4VANra=AOcMcUH8_*8eE)XF8#*qBB@@(z#eQEN*g9{24SPo?zu~1Q8y{C)d3o}i zIphs#9Si0#kTh8bY_GnILMU-UxBhEvKe~aps4Ef}?n;WR(;ri^r~wMs)B?e9G;s_R z$fZ(I`;eI<0c%V>y7&CcI{l#%va{@D7EGL3@e=8vdAejMy_CGZaKjneqiJb|M1_ZL z6oWEgNkff)`3~D0O5i~#ee?tc<16#d#MbtXj?j<}<6J}-)7% zBZ@IFh8@5Z=vv4Yr9MAatey{R1a8Nz1;N_7TjtOn=i1I z$tDxUCU-sZXk49(su{YA9QLS!oIYFP5m?KQV`(f2tv7uOial-m9g~gA?k4(lxP$b^4!KJYx zZKNxb#RS4kfhY_U)CPB{DPz3t$;d{MOt)zq5iUtH!+w55p`E2z}<8i z0vsu1ne0@>WP!)zMZ8n_5ooy5in5h{(!u_0`XpJF%nYd+e^wGS7^=@hCP1ASwmI(i<)3=LAOW~XnZABN z$;X!Tla06jwXxOfHXuBYAw(K*CD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV z{Wyk%-Ok>8OQ>j4MXT#Saxj*Sy!7LK8j?hpJ3#ylt4FRn5KH~s721`A0C_V*INI>+yQ4MRM2i@F`dQ? zXN=P(jLn>;$t*yeKD+}Dz$-S)lN>3S)(XLreK1qWG+`~5bOxFz*oVODP;O?^_*OHn zdFT~Ye`J+^mJH2ieMm1gRchf+uX-5YuG56(8oaxeC(J^UfpR^XU)To_@0 z(A_K93M*fddV$qE%$G8QUM+C)Wy!vp)k0@eAY0OG!M|E#wTjs+TdiZZE3oIj+%kwG zdI#wm7sx!hg8>{9YyV<#&RxkC`tfuoZCq>pe?D7ejCk`pEk$Ey=jFEH|00MW<2goq^MjdmedI*{T)Lq%b=@!A{?jdY{``S={-6&z$`nbS zt?YWPLTl0IDpbump!1FRZ`wz+<-<|j*8M*m{dN>)umXpdjs9PR+3-do%yKPn)n*}VW_M9A_o5MT+uB#gq)dJ_F#x_prr=dQdQ(9w#HvNp$ZZ3>+gDm};)NTfh za)XS0s%m$2+Wa!jcms$hhyMcPuJ`|&-QxQ{t!AfF#{ai~>&00ZqD?Q)~Y@&2Nxn3A2l-HP>TOOYKSf19l2&0T2k z3h3$So}TIH?ty_x;QMjtOn&+1aL@$ko}JMnK=If*hx69ydF!lw*6g01f75KW&br-i zNb`Vg%3vAAPDsc%VGzWhqT5yeJB6dl5iy^F(0z7hGg7OOh8s^BQHp6yQv0YNWj_ds z=RXAD+=;!wC(eDajEM^rf1Vpb35lP)h&*^R_k_eR3zt;qj!!afwTxR8*!|Ggj1g~< z)5_7CK;?)RELl@Ijx)8fAxIo2N~Xnex}jMbC+eC37bZQ7P08TQTiFtZmC6s^13Bi$ zmNt|WT{2Aa?YG3X16?`w;>D_FJXvt~e zv1a#TRgoRPbpCsO?1m4{#EtghO}4`h|KDz&wu}D1+b;e8o4~sN|KNrZ`t`GVlhlam z%oj74$eD?dK6rKl?w`cZK`k>K0&e}mdt8PzDAa+Y5G-CofA8@rChvszqz%JgYd2eG z&!9)D)gzjI+ORyvp2qmFA^&*Hi_siHN zUQEEVHi8i9&jXkZFNj+DQ#Yhypn3C%1P}CLppJ>+MiG<^T;C0y8PS*bGj9Tw6>sAD zkxQJ2ED#qxf4S4Nt$l2WnKT3fAh4%u{)M<6l%wpl*V^?~DlOr7LZGkSIWe|BB*6kJ zzK2G?keLImOKa9?7nmRj>tgsMhQx~_sUH6t)Bb)~hA50o-PrMF5mcz{74{I@SDvK0 z?|`1A3hljfKKfZxB|?a-T9VP{1w2R4bW9b@3Ir?ee;A^fEn^`!eVQyzAZ|R&oX6-S zgdTFCM?motKZxeb@F6;hV5lc9E$THZ9~M6M7}w&Z|7VWNXi^SoG5B^yvYlc+gWp%{ ze~R}s`c%!w(5)?DMr@P&#gV0i-vcb1(3u}F_9N_C|Fzp^h4|k*KW~=t|1DtG`j6QM zjZb_Oe|e8Sjb0y|&~xr*5EtSn7Tt*NLd=8^<+5NV#~8(<<>R9p#ZW@&(rUza=1}+E zeT1;`3}F-#)&@~+U6tM~|6%p?e>@0t8ugyGl;mCsJoFvLXh@dYq zbMaW_!FZD=2QnDfh3*YK=uAHog?e&aK{@VKb@m)?WmQndqC}Wk)uBN}6vU;kJtzL3 ze_%Bbhm*0x|3d`m7T15B&S~lY-vYAKmO8+%-I@~K8s5U|?wtSUoAdv?y#MniaHE?x zFN#L5MH2z~zg5vj#s;=sL0aZ3*owAUt`UFtun1<}-}gOY4{AvYfB3wXZl|&RC`T+QH9Q`q*ze|F}agM7}iqpTOC9nFIWRa{%f|_MQTKB}n&*Wf8ZKh-_vexQ8r< zFVbs%FY^h2-@+=`a9kM32=m($He zN94Z)+ys{%-T=DKbR8hJzh~(7f_YIQe<-|i7TWbDbN!+gsk51 zikw4?RmpYDr-BvQy#K8Y9#*8U=MsMW16KcK-Z}Q7>!JZc3tinePM-|!s;LN<~ zJIt6+t6hm#JXz4W$$+0s+(k@8)yzqXRx%#E#I40aD)TuAaqA>hdB<`+f7X}B{o6G; ztaX_js*LXWkCb;KVRxgeK!oT#uVUs2tT$+i;-Jp!;&!OAi+8Gu7zT?1)9Sr5tA-Cc-8Q|q(cpuyWFT|qLWM4Z zFeZN`-40|W)a^!3&NO(Ae}c&`5pC<^EC^rXrB4EXt(Sl)le*RoMbSmeqDLyM*6nmo zJO43{<#dzBC)6{|VLF_9X?VNcrsBk*pksGIgq)IPtCO^Rw3q2B59+o!vv=dohI3B0BGudX*8fEnf zD!NBAq59hS*`Xne-*wF74kP2!`G2e3>UJ>yKRxfBcFwy%*J_`2I%WR<7L)o1BY#!K zZ{+w3=MggdSrmZNo_Ri;$K)xF7nhC3^Ye3kRSi5rW6tQKLgVUB@qD)byIUNW_*9cv zgeM04jtSoAkqG2YWfHE4WDT9i4 z`&Z~jGOjdJw(feZ11bWb!>|lcpMU-9pz{OC=pC^6edv7y+I|ZZH(6n=HQmrbx+NJK#O7=G(b(v3ViP|C_?0I49pPSF2UMkE3A)`^ z_<^~>B3s?9wQt{}dc>jC2w?aY*o{V1FeZ)kIh+#cV{skLgFT6G6q9Kp0IddRGM4Y( z&Uiz|<*;Oey0F;q%L7~It$$&!di)z+in8%>)s>gWznMeckk+wa4g*P(b-?x-%P52r zCv+RX#`dEdc#DQ2f#I&C$U6NoC5sxMa7`@`3`Y~kK!IE;6}1nUITEnOG@^UYziiMS zDj_?|PG-TxnH4XQ4w|P+hSE#P8w)p_p*@VUYV^0%I@-iyDKFnhF?4gN!J~z!-J_Q=n@hTa^0zSh0FO ztc`PSC`DJV!oZnMoG50C;FHmE7JIqtDJ;0vAU0oMEt5?qicRi%WRzfgZ!$D0^Tf{3~+65wvS3;~W5vP^cWVzR(v@*>`;{0KB$ zX+_yeKj~n9Hhq#TOJ;`D41X&L8VuFvArqiZjB!*_z#>~R4Tfg0N| z@>xHi9k3Fx#<8yIB5MlkMB5zq`|?k{UyuOYqfB2vpyXpq`pL#y|JvB^C7ppL3icuJI+UB)G``i0YaV(<6@OXfpCv=HSs&6%O_kdC z)2kiEx9c>axd!iUB{{DNzCB%{QxAX0wG}uf9T!H}A9VLhw!+Gnq+Vb(5A&tWpjQi= zd|9%uX0_1S6v&n|Tkx;eSgm3<%U0`{?F#IDpNgLN%zkkmb86)1jPD|04*?GBb_p|6o)&2==Y|8^oqZd6@S^fgHD4O`QunJcoDcJZ`(BM z%|@$x@{bD0X>~6Eceai@2Yc%>R69XkAnN;sjLUtp0!IZVGkZ>s&&^>Tfbr2zr%&jz zN9j@J2r1tkr|$&4=eTB_{xzDwGJE}}jNgA8h~i+eaHj{|2D~f&w@-`Te`v#58UNn` zUfciM$$#YnITQJ>^MF>nOacDLDL~Ff4)7Y#7jDK~ulGfpV)L6}lk1HgbjkOgvg_Ig zMXkU&sj-by`e~@o=akmipiMs`wVMm0+#pN8CbgRZqud~4pQ_qjoi@KrGu{B=$>F~M zx$FJ^R=4>6PrFs_|9cxaDt`Emfpw?n5VBgk;(t}~Ru--76$5Q-t&o-6C-OMySN1Wc z%4)^HadPs7rmwAU3G09x@xSu>f342u_usl_<^8`mfzNpV?`JfT^7a2R`+qh2r%vPm zX@Bx<)-)I;AHyR>kkt)T8lpZs*ME(7`T@T5MgHtnmh?3lZ}H(Q`(^;WDD&15N+_X( l5+F(_p@b4jD4~QBN+_X(5=tncgc80w{2Q_uZ#@8b005%qpnCuS diff --git a/shorewall4/interfaces b/shorewall4/interfaces index 2f3e3ac..715e62b 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -21,4 +21,4 @@ vpn mlvpn+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags - +vpn omr-bonding nosmurfs,tcpflags From 9c66b1ba5fed86f6d8b5143b3817949c6f4a698b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 17 Dec 2020 15:48:26 +0000 Subject: [PATCH 015/164] Fix OpenVPN Bonding --- omr-service | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/omr-service b/omr-service index d3c098f..9e17665 100755 --- a/omr-service +++ b/omr-service @@ -74,18 +74,32 @@ _gre_tunnels() { } _openvpn_bonding() { - if [ "$(ip link show ovpnbonding1)" != "" ] && [ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ]; then - ip link set opvpnbonding1 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding2 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding3 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding4 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding5 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding6 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding7 master omr-bonding 2>&1 >/dev/null - ip link set opvpnbonding8 master omr-bonding 2>&1 >/dev/null + if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE)" != "8" ]); then + echo 0 > /sys/class/net/omr-bonding/bonding/mode + ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding1 up + ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding2 up + ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding3 up + ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding4 up + ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding5 up + ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding6 up + ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding7 up + ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null + ip link set ovpnbonding8 up + ip link set omr-bonding up mtu 1440 2>&1 >/dev/null + ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null + ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null + ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null fi } +modprobe bonding 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp From f5fc2cbc31e09c0fb40c3533fa345574345c15ba Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 21 Dec 2020 14:19:12 +0000 Subject: [PATCH 016/164] Update API and load BBRv2 module --- debian9-x86_64.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 34dc176..eb73d72 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="595b55f7309b8b940b6599bb49c824376750860e" +OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" V2RAY_VERSION="4.31.0" V2RAY_PLUGIN_VERSION="v1.4.3" @@ -319,6 +319,10 @@ fi if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi +# Load BBRv2 Congestion module at boot time +if ! grep -q bbr2 /etc/modules ; then + echo tcp_bbr2 >> /etc/modules +fi # Load mctcpdesync Congestion module at boot time if ! grep -q mctcp_desync /etc/modules ; then echo mctcp_desync >> /etc/modules From deb52dba7fea224e9f8eac159d0481b70297f4bb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Dec 2020 09:10:45 +0000 Subject: [PATCH 017/164] Fix for v2ray, for openvpn bonding and on some vps --- debian9-x86_64.sh | 4 +++- omr-service | 12 +++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index eb73d72..8be8496 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -568,6 +568,7 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray + rm -f /etc/systemd/system/v2ray.service wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb @@ -577,6 +578,7 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + systemctl daemon-reload systemctl enable v2ray.service fi @@ -1070,7 +1072,7 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] & sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf fi -if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ]; then +if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat fi diff --git a/omr-service b/omr-service index 9e17665..1aa788f 100755 --- a/omr-service +++ b/omr-service @@ -5,10 +5,12 @@ _multipath() { # Force multipath status source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do - if [ "$intf" = "$NET_IFACE" ]; then - [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on - else - [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off + if [ "$intf" != "bonding_masters" ]; then + if [ "$intf" = "$NET_IFACE" ]; then + [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on + else + [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off + fi fi done } @@ -74,7 +76,7 @@ _gre_tunnels() { } _openvpn_bonding() { - if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE)" != "8" ]); then + if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then echo 0 > /sys/class/net/omr-bonding/bonding/mode ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null ip link set ovpnbonding1 up From 19166a0c58cfcc4eb1632412436789669dcb3f43 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Dec 2020 10:59:19 +0000 Subject: [PATCH 018/164] Fix v2ray update --- debian9-x86_64.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1e8a1d3..18fcc3e 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -568,7 +568,6 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - rm -f /etc/systemd/system/v2ray.service wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb @@ -578,6 +577,9 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then + mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service + fi systemctl daemon-reload systemctl enable v2ray.service fi From c0a99de20c167332f1435106e30324f498dcb7c9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Dec 2020 11:32:08 +0000 Subject: [PATCH 019/164] Add openvpn-bonding --- openvpn-bonding1.conf | 17 +++++++++++++++++ openvpn-bonding2.conf | 17 +++++++++++++++++ openvpn-bonding3.conf | 17 +++++++++++++++++ openvpn-bonding4.conf | 17 +++++++++++++++++ openvpn-bonding5.conf | 17 +++++++++++++++++ openvpn-bonding6.conf | 17 +++++++++++++++++ openvpn-bonding7.conf | 17 +++++++++++++++++ openvpn-bonding8.conf | 17 +++++++++++++++++ 8 files changed, 136 insertions(+) create mode 100644 openvpn-bonding1.conf create mode 100644 openvpn-bonding2.conf create mode 100644 openvpn-bonding3.conf create mode 100644 openvpn-bonding4.conf create mode 100644 openvpn-bonding5.conf create mode 100644 openvpn-bonding6.conf create mode 100644 openvpn-bonding7.conf create mode 100644 openvpn-bonding8.conf diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf new file mode 100644 index 0000000..d675d34 --- /dev/null +++ b/openvpn-bonding1.conf @@ -0,0 +1,17 @@ +dev ovpnbonding1 +dev-type tap +cipher AES-256-CBC +proto udp +port 65351 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf new file mode 100644 index 0000000..8920940 --- /dev/null +++ b/openvpn-bonding2.conf @@ -0,0 +1,17 @@ +dev ovpnbonding2 +dev-type tap +cipher AES-256-CBC +proto udp +port 65352 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf new file mode 100644 index 0000000..b04099e --- /dev/null +++ b/openvpn-bonding3.conf @@ -0,0 +1,17 @@ +dev ovpnbonding3 +dev-type tap +cipher AES-256-CBC +proto udp +port 65353 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf new file mode 100644 index 0000000..d977b4e --- /dev/null +++ b/openvpn-bonding4.conf @@ -0,0 +1,17 @@ +dev ovpnbonding4 +dev-type tap +cipher AES-256-CBC +proto udp +port 65354 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf new file mode 100644 index 0000000..e5866b4 --- /dev/null +++ b/openvpn-bonding5.conf @@ -0,0 +1,17 @@ +dev ovpnbonding5 +dev-type tap +cipher AES-256-CBC +proto udp +port 65355 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf new file mode 100644 index 0000000..fb9ad29 --- /dev/null +++ b/openvpn-bonding6.conf @@ -0,0 +1,17 @@ +dev ovpnbonding6 +dev-type tap +cipher AES-256-CBC +proto udp +port 65356 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf new file mode 100644 index 0000000..f197366 --- /dev/null +++ b/openvpn-bonding7.conf @@ -0,0 +1,17 @@ +dev ovpnbonding7 +dev-type tap +cipher AES-256-CBC +proto udp +port 65357 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf new file mode 100644 index 0000000..2e6d7a6 --- /dev/null +++ b/openvpn-bonding8.conf @@ -0,0 +1,17 @@ +dev ovpnbonding8 +dev-type tap +cipher AES-256-CBC +proto udp +port 65358 +persist-tun +persist-key +reneg-sec 0 +verb 3 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 100 2400 +mode server +tls-server From 6e53e22761383f8620ff27913aef423837b1370d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Dec 2020 12:16:02 +0000 Subject: [PATCH 020/164] Force fix previous error --- debian9-x86_64.sh | 3 +++ old-v2ray.service | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 old-v2ray.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 18fcc3e..fd1219f 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -569,6 +569,9 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then + wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service + fi dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then diff --git a/old-v2ray.service b/old-v2ray.service new file mode 100644 index 0000000..9ed715a --- /dev/null +++ b/old-v2ray.service @@ -0,0 +1,25 @@ +[Unit] +Description=V2Ray - A unified platform for anti-censorship +Documentation=https://v2ray.com https://guide.v2fly.org +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple +#Type=exec +Type=simple +# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. +# This service runs as root. You may consider to run it as another user for security concerns. +# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. +# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 +User=root +#User=v2ray +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=yes +ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json +Restart=on-failure +# Don't restart in the case of configuration error +RestartPreventExitStatus=23 + +[Install] +WantedBy=multi-user.target From 960cf901fe3ff622789faeaa3f0ce0e5e02942b0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 30 Dec 2020 11:44:39 +0000 Subject: [PATCH 021/164] Fix script and update API --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index fd1219f..fd1d386 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -15,7 +15,7 @@ OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -UPDATE_O7S=${UPDATE_OS:-yes} +UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} @@ -40,7 +40,7 @@ GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a" +OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" V2RAY_VERSION="4.31.0" V2RAY_PLUGIN_VERSION="v1.4.3" From 6a0c3d32472833174f171018680e58def7b637a9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 30 Dec 2020 11:44:54 +0000 Subject: [PATCH 022/164] Fix glorytun UDP timeout --- glorytun-udp-post.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh index 2c1dc40..51a20f0 100644 --- a/glorytun-udp-post.sh +++ b/glorytun-udp-post.sh @@ -13,4 +13,5 @@ done ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null } tc qdisc replace dev $INTF root cake -ip link set $INTF txqlen 100 \ No newline at end of file +ip link set $INTF txqlen 100 +glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null \ No newline at end of file From e6d3bb727981eb27f6e609aafde53077cc67dde1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 5 Jan 2021 14:11:09 +0000 Subject: [PATCH 023/164] Update kernel --- debian9-x86_64.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index fd1d386..e3c515e 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -32,8 +32,8 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.81" -KERNEL_PACKAGE_VERSION="1.15+9d3f35b" +KERNEL_VERSION="5.4.86" +KERNEL_PACKAGE_VERSION="1.16+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" @@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1023" +OMR_VERSION="0.1024" DIR=$( pwd ) #" From e87ff9af8e9bec07a7db6e77ca8c6a6c2b7fcc68 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 6 Jan 2021 07:53:55 +0000 Subject: [PATCH 024/164] Update kernel, API and latest glorytun udp fix --- debian9-x86_64.sh | 17 +++++++++++------ glorytun-udp-post.sh | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1e8a1d3..e2ee6ef 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -15,7 +15,7 @@ OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -UPDATE_O7S=${UPDATE_OS:-yes} +UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} @@ -32,15 +32,15 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.81" -KERNEL_PACKAGE_VERSION="1.15+9d3f35b" +KERNEL_VERSION="5.4.86" +KERNEL_PACKAGE_VERSION="1.16+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="a3ffef1222177bb48d3de121c5be9159bdfaeb7a" +OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" V2RAY_VERSION="4.31.0" V2RAY_PLUGIN_VERSION="v1.4.3" @@ -51,7 +51,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -OMR_VERSION="0.1023" +OMR_VERSION="0.1025-test" DIR=$( pwd ) #" @@ -568,8 +568,10 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - rm -f /etc/systemd/system/v2ray.service wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then + wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service + fi dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then @@ -578,6 +580,9 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then + mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service + fi systemctl daemon-reload systemctl enable v2ray.service fi diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh index 2c1dc40..51a20f0 100644 --- a/glorytun-udp-post.sh +++ b/glorytun-udp-post.sh @@ -13,4 +13,5 @@ done ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null } tc qdisc replace dev $INTF root cake -ip link set $INTF txqlen 100 \ No newline at end of file +ip link set $INTF txqlen 100 +glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null \ No newline at end of file From 5cf11f2650bb3400a1673e2f20451e3f40e2d224 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 2 Mar 2021 08:52:33 +0000 Subject: [PATCH 025/164] Server scripts update --- debian9-x86_64.sh | 92 ++++++++++++++++++++++++------ dsvpn-run | 2 +- dsvpn0-config | 1 + glorytun-tcp-run | 2 +- glorytun-udp-run | 5 +- omr-admin.service.in | 2 +- omr-service | 29 +++++----- openmptcprouter-shorewall.tar.gz | Bin 4076 -> 4080 bytes openmptcprouter-shorewall6.tar.gz | Bin 3809 -> 3780 bytes shorewall4/policy | 4 +- shorewall6/policy | 4 +- tun0.glorytun | 1 + tun0.glorytun-udp | 2 + v2ray-server.json | 2 +- 14 files changed, 104 insertions(+), 42 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e2ee6ef..84ef712 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -32,23 +32,23 @@ NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.86" -KERNEL_PACKAGE_VERSION="1.16+9d3f35b" +KERNEL_VERSION="5.4.100" +KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="f52acee888a39cc812ba6848aec5eeb1a82ab7ba" +OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" -V2RAY_VERSION="4.31.0" +V2RAY_VERSION="4.34.0" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server" +VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" OMR_VERSION="0.1025-test" @@ -167,11 +167,9 @@ Pin-Priority: 1001 EOF wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - -# Install mptcp kernel and shadowsocks -echo "Install mptcp kernel and shadowsocks..." -apt-get update -sleep 2 -apt-get -y install dirmngr patch +# Add buster-backports repo +echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list.d/buster-backports.list + #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then @@ -182,8 +180,12 @@ elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list fi +# Install mptcp kernel and shadowsocks +echo "Install mptcp kernel and shadowsocks..." apt-get update sleep 2 +apt-get -y install dirmngr patch + wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb # Rename bzImage to vmlinuz, needed when custom kernel was used @@ -400,6 +402,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in + wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip @@ -427,6 +430,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } chmod u+x /usr/local/bin/omr-admin.py + #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py + [ "$(ip -6 a)" != "" ] && { + systemctl enable omr-admin-ipv6.service + } systemctl enable omr-admin.service rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} else @@ -580,6 +587,8 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json + rm -f /tmp/v2rayError.log if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service fi @@ -644,10 +653,6 @@ if [ "$MLVPN" = "yes" ]; then systemctl enable systemd-networkd.service echo "install mlvpn done" fi -if systemctl -q is-active openvpn-server@tun0.service; then - systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 - systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 -fi if systemctl -q is-active ubond@ubond0.service; then systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1 @@ -703,6 +708,32 @@ if [ "$UBOND" = "yes" ]; then systemctl enable systemd-networkd.service echo "install ubond done" fi + +if systemctl -q is-active wg-quick@wg0.service; then + systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 + systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 +fi + +if [ "$WIREGUARD" = "yes" ]; then + echo "Install WireGuard" + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get --no-install-recommends -y wireguard-tools + if [ ! -f /etc/wireguard/wg0.conf ]; then + cd /etc/wireguard + umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key + cat > /etc/wireguard/wg0.conf <<-EOF + [Interface] + PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") + ListenPort = 65311 + Address = 10.255.247.1/24 + SaveConfig = true + EOF + fi + systemctl enable wg-quick@wg0 + echo "Install wireguard done" +fi + if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 @@ -974,6 +1005,14 @@ else fi chmod 755 /usr/local/bin/multipath +# Add omr-test-speed utility +if [ "$LOCALFILES" = "no" ]; then + wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed +else + cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed +fi +chmod 755 /usr/local/bin/omr-test-speed + # Add OpenMPTCProuter service if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service @@ -1094,6 +1133,12 @@ if [ "$TLS" = "yes" ]; then systemctl -q restart shorewall ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null set -e + if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then + rm -f /etc/openmptcprouter-vps-admin/cert.pem + ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem + rm -f /etc/openmptcprouter-vps-admin/key.pem + ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem + fi # mkdir -p /etc/ssl/v2ray # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer @@ -1227,6 +1272,7 @@ if [ "$update" = "0" ]; then Your OpenMPTCProuter Server username: openmptcprouter EOF fi + systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" @@ -1276,6 +1322,11 @@ else systemctl -q restart openvpn@tun1 echo 'done' fi + if [ "$WIREGUARD" = "yes" ]; then + echo 'Restarting WireGuard' + systemctl -q restart wg-quick@wg0 + echo 'done' + fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Restarting OpenMPTCProuter VPS admin' systemctl -q restart omr-admin @@ -1293,16 +1344,14 @@ else echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' + else + echo '!!! Keys are in /root/openmptcprouter_config.txt !!!' fi fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi - echo 'Restarting shorewall...' - systemctl -q restart shorewall - systemctl -q restart shorewall6 - echo 'done' echo 'Apply latest sysctl...' sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 echo 'done' @@ -1317,4 +1366,11 @@ else # done # fi echo 'done' + echo 'Restarting shorewall...' + systemctl -q restart shorewall + systemctl -q restart shorewall6 + echo 'done' + echo '====================================================================================' + echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' + echo '====================================================================================' fi diff --git a/dsvpn-run b/dsvpn-run index e4000c2..f4a2a5d 100644 --- a/dsvpn-run +++ b/dsvpn-run @@ -12,7 +12,7 @@ fi exec dsvpn \ ${MODE} \ "$1".key \ - auto \ + ${HOST:-auto} \ ${PORT} \ ${DEV} \ ${LOCALTUNIP} \ diff --git a/dsvpn0-config b/dsvpn0-config index 933e98b..647f160 100644 --- a/dsvpn0-config +++ b/dsvpn0-config @@ -1,4 +1,5 @@ PORT=65401 +HOST=0.0.0.0 DEV=dsvpn0 MODE=server LOCALTUNIP=10.255.251.1 diff --git a/glorytun-tcp-run b/glorytun-tcp-run index 9ccbee6..0572861 100644 --- a/glorytun-tcp-run +++ b/glorytun-tcp-run @@ -9,7 +9,7 @@ fi . "$(readlink -f "$1")" -DEV="gt${HOST:+c}-$(basename "$1")" +DEV="gt-$(basename "$1")" exec glorytun-tcp \ ${SERVER:+listener} \ diff --git a/glorytun-udp-run b/glorytun-udp-run index 9aeb930..fb66c92 100644 --- a/glorytun-udp-run +++ b/glorytun-udp-run @@ -9,11 +9,10 @@ fi . "$(readlink -f "$1")" -DEV="gt${HOST:+c}-udp-$(basename "$1")" +DEV="gt-udp-$(basename "$1")" exec glorytun \ - bind from addr $BIND port $BIND_PORT \ + bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \ keyfile "$1".key \ ${DEV:+dev "$DEV"} \ - ${HOST:+to addr "$HOST" port "$PORT"} \ ${OPTIONS:+$OPTIONS} diff --git a/omr-admin.service.in b/omr-admin.service.in index d76318a..ba30724 100644 --- a/omr-admin.service.in +++ b/omr-admin.service.in @@ -6,7 +6,7 @@ After=network.target network-online.target Type=simple Restart=always ExecStart=/usr/local/bin/omr-admin.py -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP [Install] WantedBy=multi-user.target diff --git a/omr-service b/omr-service index 1aa788f..4b8e54d 100755 --- a/omr-service +++ b/omr-service @@ -30,7 +30,10 @@ _glorytun_tcp() { [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then + localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.255.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 fi @@ -66,9 +69,9 @@ _gre_tunnels() { iface="$(basename $intf)" if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then ip tunnel del $iface 2>&1 >/dev/null - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR - ip link set $iface up - ip addr add $LOCALIP dev $iface + ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null + ip link set $iface up 2>&1 >/dev/null + ip addr add $LOCALIP dev $iface 2>&1 >/dev/null ip route add $NETWORK dev $iface 2>&1 >/dev/null fi fi @@ -77,23 +80,23 @@ _gre_tunnels() { _openvpn_bonding() { if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then - echo 0 > /sys/class/net/omr-bonding/bonding/mode + echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding1 up + ip link set ovpnbonding1 up 2>&1 >/dev/null ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding2 up + ip link set ovpnbonding2 up 2>&1 >/dev/null ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding3 up + ip link set ovpnbonding3 up 2>&1 >/dev/null ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding4 up + ip link set ovpnbonding4 up 2>&1 >/dev/null ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding5 up + ip link set ovpnbonding5 up 2>&1 >/dev/null ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding6 up + ip link set ovpnbonding6 up 2>&1 >/dev/null ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding7 up + ip link set ovpnbonding7 up 2>&1 >/dev/null ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding8 up + ip link set ovpnbonding8 up 2>&1 >/dev/null ip link set omr-bonding up mtu 1440 2>&1 >/dev/null ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index dbbaefbae4907faea3d9be6dd77f680a5a4cbb83..b7120120fce994d29ba0944d3beb4d99a80aeecf 100644 GIT binary patch delta 4068 zcmVXXzyDoEK6LgM)kK{$6}FYt+TA1q_y0)^*BP(tD- zFCq`#%snOX%fcl`bH^tcw`#`i2-yA5*NhQwk+aJ2n?U857c5y*IgT^6u^~ttCrYNp zak`;d8Yk+1ngJIkJ&aAs;LKau5{8w^58eYg;m4LXloVYuO!CJ+65AFm+v1IZWHAEU z=106L@-`!?2-fA3J6pKnr2~C1buM*{t8(~nIbCqgM&tWN5I1@M8hd0>{ zJN$ott8spY{{OsjcGhh-n&|(#XN}VTzXh!O|Br4Mp=4w!IDgWAe4me)Qce6+%IF7crgLbS`R{~KM!Cw zydY}nPu-A;f#%I45mw1nd+fxde0#Mu6j1PiSA0UG^6W)8G2ty!ag zU0{MBtc&537!ogzq+0xIO#Ay`8KN*Ubz{eyMNpx-SJ*>rUwM+FeFyX`RcP&<^YPD` zDiK0t)sl=pFW@^pFcZ0*asdK{Q{6 z57B7^Lp^b6QLji^fXDL z5LTWci~>`#TtLnXK_24p%#C9jS>u3Uya)fYgrJPkaSoY5FwZpr{MVGw*yBTcUnn~o ztlTxt7Gdz1X(IhfGn-4i;Fxpox$#pYxw;Z~)9N+P8nspjVtNCQoun*@3%zyMA3jW) z7tQbU%*p#gPp;x4WHFN1{F~dcfR$U_Vf}U|SWWWxj%~XdC4c@P8f_!OWYy99G88=YQSCyJj2Lf#C9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ z9Q~n}FmHwu>1&Fj-OB19?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w!2cU)B46wNPvPvmi~+yn7(hMA-b27Qf^@HcQ09RPfoL-l;U1zK zzDTbb@<3MkG%yi^x1@Z1+;CKf%FY^h2-@+=`U7kM32#-ZF?^eRbx#)hbp^&c&Dm}VX!DLJ-TQ!k2jIlfYl=C1A>=u609EbkVZtkqWDJJDs!6 zzs+Mg-Q@9q8TCwam=5P&8s2KPs5o&b=-6ElA*WwUm(o z(LIC~(`iTtgR*EM({B6X;v&y|GV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte z(Mzblb$)he$l`YmGr7aa_Ub+^G>IK*~0w4)$Wwf|K9}mo;P7sS>^XP zNow5LvbA8{^jOX9Nhp2H?Z&td;0rQQ%I=8q8#(^Md4$Y<76st6XPyt|F?ovP#bv$z z{QO*7RRd2@pELTX(74)DJfH3V?gqytKGh@^;fVpiW1_>gL?Cw}S44p`aqn^~kcb)9 zShppA6%sN@?A^Ih?|{wkL+=~V_FK?FA$z+wYdDVD8h z1DoDV1bvcK$r=vNuW)6eipdo$-Yl6{&7K;6FvQ9(TNDAE18WyX-Io=qSO4gQbx3;a zb2p06@vtJg+qHL;`O(WiMELKBmRkHkQE#_WSa{)_H5#J39Fd zFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>e zP`IWR2!^AHW1v7Tm5SPj%p3_=W9rd=z2{%n=?|5Vonx(WklI&q?yErL&fN6T64 z<*ui&;8ug!e1Wx0Hkl|kx$BWfg&Cp%sutyc-^u-d7z*>GBOJixh>040j>BGOl z_%H#)fUz9HXc{nM!ef z6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5fRgqN*I9b9lrNlU9gBTU8BWVU$L?Rk3Nb@U|Ye~{=!?LZFh+|YadDqgkX(B}{ zr|HwWp=DT0p(&O+fZkkRHjQ}bACWySU?Nas8%93s2eboL0@gTx)>U0(O<|pAo8x|8 z{;Bs15`cS@>GpF=$u{}|ZqlZNxJ`T{|19+yt8+Uy zn^c+yQXkA3iaDV4;}{ZlJA3mfp`uA0jm%CMXW=^a-Ap)BJuRXrRN74O78-tjBC;m4 z3B-s@{sx+uB|%7kL{W5L*|jBPU2S^!D3YOmf|0XQ0^N{dn(Doy7CEDTcx=L7YyA&% z2b`HuLA#N~bQ&|9F;1H>HglRLvjB1W@D4lxuh=k8a-?8dD+EjS!AvF7gtc7K8EB$l z9|EsKxtUGlTg|xUp;uIqRsLBrG@JDyz0_2xg+IOOVSKxPP7|7I@a|TU^P1q>({r~*_pLVC*|NSOVc>gcm^MjdmedI*{Sh}Gzb=|Mr{?jdY z{``)U5e^?wLEP5;KOFsb5N5Cfhq+w-GeR8h0HWU;0@5q~N>*g+4mu5Dn? zylv5_HR{do>EA0Lr`f##TzegN4))e%s8)iyK-BjM8JGKH0h56a8h<}Y-wFA^ag7@N zt2cmU_WDN|zkfdv#ld3XP7k^bcvt*yofY5zZ^2m^|K9>$+yC3iIOx%z&WY0jZ^w*pfBf?*4Us; zKO?l83!~g1OTQ+xn|}eL+#qA0D%xG0Hor_W-T>ms;lBX5>;3O$xA^`~tJ&$4@&7I0 zxcK2S2G*UPL&$3NidV&3S+ufO479PeLRNC0NaLhm*~fS)s}%#s$;lUbzO}w3tOIVu z|HkkCH9MQ%|LV5O`+si&U-16l&uAj$>)&Pe|7!M6oyY;w{#E4LoM|vhK88k$Agddw zG(>%IuKybE^aE_^i`?0(Ea_`9-r{3BduN7JhH>F$AnN#Of&=uCe3=5Wve=(gMR z2v9sW&*8jzcHV5a+Kukn`8SPbv)%1}LmCHcQwGZ@c0xkF34Y5W&Yjo`eB#^(%b2)8;kgl%kod`q$b&a? zPf7f;aLLi!@kz$5nsGYRn$3t0F6AKWlPzuvAjNR^n*d@*y0oS6vegJ&n;{z?2CR5Q~d z;MO0!$7M)^LJc?y!Qv(K9-m_JPIymRF#Oe4quD0+FAyQzoIuNU<}|Wc7&vC$edvTQ z1Y=0(x+Dr7;%6sx|3Y4ZC7D1d3Eim|LA1GF#xC(<0-m)VgiwDTz-)Ly)Y6~2Ar%A7 zn@1#gpceymOcXbYplsm!Zs^R2zPz7#6R50s6W5Pi;zVSDxai59rfuzGL(HTh5CDNa zRr4>z^`IPOr@hvyHB)H`$5R4*_0Ea0{UHe!Sn)kH`i0CKXkA*fM!UcSL0A{VCov>m z97(nK*O>PA!!kr+Wa`F_H;bS`b+538*uL^4NBa)wS*p<5JLlt{HB};n$f_k7eO|zG z1Wm_O!K^^A;!Yr%*)kS#)2GSe6ynCi%z2DXL+BwFdIS_d^@C`>3?HJ?2!?v%(xP6Y z@?qg~k8w3#`hVuQj3(uf7K3kRB-<(GGx&YA{-=0Pqfga*4BhGyX2ff9gLzoJ4%YeNc^UuT1a__en0?Ur#7B|$=+o%+!3jO* zeg<(Neqzy$_%6gu2vIHzW^#;CJX$_Jx={=zlrF7Cd}j`I@7+fTE6)%{fhk!oAm@c3 z4{>KMga27VP{!yuhs+?D=NbV1Yf5PB@u9shlpPIL?wV$cFnG)~k$$C_ z%_UxN%(?g6_^FXxT?xEt^_pjmTB`#wy@AJ0QkKMp-n#1#A12L<=J$E#g+k(%BrA@MTs!8szHN_D2O{>drtg6!D=85Cu4{IhX~Lu-v8@# z&PxCP7LcX3)B%3&)|Bwp@D^To=lnn4od4(L{r@+C8{M>dQ8ao@nh4PU&5AZMHn6P< z(lTGcRk?S=tX=bhAnDcy z*~9ZTssff2YrR7Dip(M!r$-({L(}uuI9BuyEk}Q_80XPYB7IF!v|Cvnq3rIhAqz{}#gK?2wOsDeQ>A~(pox5G z_&|AGj4QYaiXKmM^E9iH^yC2Dk|>J-##FXZWJp`6eO^ z3~j7eelR80d%U8oE}$xZrO4(`5?4q=QlKYt2wA=16*-3(tCqnF*LfOMx~*iYiGlxJ zj2Tn#jNZt1C)9iw-sG3%f;}z5S%r@pjw`bN!I^o}cbGAuR=X0fc(R~#lL0@OxQm#G zs+p4%tzoPf18Qt?ADerp1?nYOE2+?_7 z#mo~}Z_pIQL7msd?NDVG?^G2r3>F2ZNB7S3i1zuv0^hCG(0!9d=zah%!(8MnNXYM9 zT5}czQ+HaU4w4E^2X1rdw&}f%1|Nha1DP`yDs&NqG5IU$b|5REZZ~>zronR*On!-I zTOVgZ_!2LD68LMq1WcLKwQeYiE?O2nQeo9@r*qc%-8`1lO&*_6&oqbWaPFnytyYVQ z6NiG1-31YHN>;YIX-qf~fcD{enhp{N-032QGBO~#htOg=4e4M|7ENT@ZC_kmf{@?DLcRI}$=KrmBr`-SXCb0Ls38Ts?zrRUR}vM~vUd@fXe`WcITt0H;0kd^nHEQyecY>-Fd7=h~_oc!K(z(MN^G)t=({Z2xz+ zI4<$2Cb0-l4EP-rywM{O$eqX)QQ%D6yW9#SVum%=ZApcMOcHx{Zd5shc1*n+P{IIZ zG*D9p74P=1(2ZnVX{K!5^_mA%1VD#j8K6G<*Fon8lF>V0^ZU^I2DJSabWn)0e+~Mw zA>BgCe@G=@$pMBmfIk`L$YB3UTq&^FfK`fRE84)OHeW9uVI7j*`rM5obUdtx?so1SWq$PXPZ9n*qNNr; z&{X9v6+)L_z;eV3g=VvRyU7Y`t?7mi(k;o@AU0pakH$uS6Px%Ez^^pP?+Ewe8lWl_ zOVI7U!Vk<17TM}tMFU3q!(n>pkSX&npZFpxA^2W+pt zj6x`JLbv{FY(Khzx2P);8171ntkWM;vZw(H*VF>Ra5QlY6v(AgQTvdYBLQnnJ-YY& z%R2p`60)=GWEM=ES@9C-pn1AvD7}=tzHq}C+M{V{hD3#jZWMzuU`a!b`3~D0O5i~# zee?tc<16#d#MbtXj?j<}<6J}-)7%BZ@IFh8@5Z=vv4Yr9MAa ztey{R1a8Nz1;N_7TjtOn=i1I$tDxUCU-sZXk49(su{YA z9QLS!oIYFP5m?KQV`(g{H+>6=J#G3Oj1Ln)3>eEHjHUr&sdEC1=7^3gPW%Ims{vk5 z&_?)LXz#lSmdz)>VbU6XgcDp&eEi$VZ_!H>yYr7Q!KW^6bf#(V$L}hJIn33Ko;Irh zW)jTt-BKVwNPiU)2I@2Q)wDRsM9?50$m)Qlq^oP2da)kcp$rA0Xv?|{A(=NN7H$z` z!iv6t9LcI|@>iy$T5u|+$u7Rli`@(86(V`PcZC@7*AnG(#hbEVv)ITuXY;dn1QGo- z$q!DmaE2x<40&0#O~C*soNyHsex#2~#zRmf-mt-?u_A4xE0VXCU!8(#=fJG#t(SkI; zQn{8S-8L-ST8TJDm6LaEO`9fCv~rq0ts7c~wG^6SsRQWE^<~qDhyD@S;{qlEHMU{o zvwlE3U?pIUV_nrn))dx>wmI(i<)3=LAOW~XnZABN$;X!Tla06jwXxOfHXuBYAw(K* zCD}$_z)kv;5ML7*$v;cI#_HV8%_f!Rfz$`HhGGsV{Wyk%-Ok>8OQ>j4MlrN z94VOA3c-?nFjL7iVJ(+*2AU|?hrsJlZf4W?Rx_@7=oM9Dm4B8D&1QW_FEv$a;ZLu6 z7~ihbgytH&yOrd;CiwPriB3KIA=g&mm~>niVSmuwE7=MwUy^!()jZ6XGJ{?%aPnoz zzM9oSXHy_s(rm%MT4S|}*(_VFW40@>=f2!Bh$DIj=^7WvJh_7b920B*VsXx0$rk$Y zbS7xm^A;QXK98qTibW(kuQ-R%GiAIt^mvk7LQ;Mc|seZPTbV>do%y zKPn)n*}VW_M9A_o5MT+nyoSg_#>wPIU6~^Yd~MP8F#(j7j25oZ-z~-H+Ik^-+Rigs~Z&60_UX0 zHcsiMp+28eT4RGY{fyLZE{t-6Ed83)ZU&5UgN%KuYIk+o{4&jW1BfSw{{rN$_y3#S z;`=|XW~Woe|F?kS;)m}TSa*63A*7OkCT37A7iSlRty{` zCtqm#+WMBT4!9BjE5HBO>}-Djt=lf||Gf!(#`}LiqluKS|CibStJyzwA_qwOlW()8 z!6^9{9w~yXZlKZ-_1U@pYrNAB@TD*EXRorPugQ3e5AE!m0raBGTT3XRgc3?9p@b4j eD4~QBN+_X(5=tncgc3^l>hN!#D3UQs zC@f){iUb^>b$na<->-Xk5klVeW><1@32m1IGt)giGd)lD41;FA=f$Bt`{mXCs0GwN zIbq*G8n<|eRA4=MOu5*DW_Ew+aV#ZLf?-+Rqna`|5G}s z9T4N*51j{lvFMXVgEXCZ){OF`<}9<28kQaUA#uH1KU~_e>wCn$@mDc%poHs0kVE2o zHzK$0!Z{-GW8jeb()P$&Tq74(2YEjXRei#nq+2`KE7cBo!IV^m<2XZ|>H_6Bks2n) zX}W5voT#a~$rb&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0 z-|trV|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>F zQSgJu(7n5l$!p;a>A>(eI<58zxp@Tt;1nt}9ec_AiivJx;ogLH_(;%$gpNZZ|2BTG zL+5+)=O97*WR-3WZm%_???8xz3SrXK?T(uX6h@ob$Z&a@c$*~`S?Gv5Qb2E6uEaE!>@OC z=-M|6K!*4}!8hVLfSLeOP6B6Aj5r>x?(Uo@h8$KdVUPC=YEI`u*P8RP@rc2JQXT@$CGE z>+<~XSMlGAP~gK7_;J5=JiGtX>%3~8wA!7{X}8tsCh`ACHU2L_pRxa=F%zlweyY8n zkM8{>D6;!~pM&ISO}^)X4{eHjFq$e$!u9%IR!2mpmsHN~rHN#oolkYctl=(9k(Zzi z7Ks-Gs+qOh2l6?^AY%SxF;Q1FwCyn^Lsgd5D@hq;`c9_MjB`q49`q_RmhW}?FDjV( z+6)R;i+yhWGkOO9Pfj{z{}07m75={jeFpyPXd+(=|3`3jTKRxKu@7KKvU3;kJ5hFE zAV=YnBii;vc#xowUM{cd(nwPH%rOz2H#eRp;IV@yd{21&0`CP?QJD8i^G#{8QGN{e zfd>+D{n&|xVm^DMd_ca8@F+y~{n~hwruR1s;Ut5dD^gF%zt<7Ih$1FZbHEE!`e zt`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg*(=6b zg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=O!5LtA zodga^UmgyxHtI>V%j;o{(OmD2$!@0NE;R)TC1N-ZA1ZMmhvVGfUBBVZmceEoZVNw= z$5>c_b>2s-ex_L)GE4QLOfmF>lCb)XJ+HHV|F7>k$HxfaBnX{%fHVnAF8s9kjl(z> zzCU;7#|$KK+*nN;z4wt`U<#G;aKAhq#)7f1>H^9ccKY9E1ZL!+f!bM9e z&im9@4@8B}tODveYqyT^uag`kYA{KExhEIv2Uy1#%I&3&Psji5cK@_|{-@LHcB=UQ zC1~ey6MB+$e1DmS#=WPWESGFA;e9#`Wluz%7@q@w&M8wSubv2;*j`}YL2$o_d_eAn z>%n!5IrniKoHd&d4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5tDbe7b5{RM5 zIg#N?+JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx>gTE7e<}4x13? zHkVEmA<`sS?2y}_p2O$a-y;04vs|{+N@SS)NLA$Pf#TO{6J983iRf9Yr3ti=*!WobWU3FhQ&ZT0^mR)LNBmvSjgKL%Rx<_78p{00*piX2>NXVI^(Y>2Xe9y| zx(Rlo5(SJ$B|{FU0AebxpLwt!5x&KAS_n{9g)0g3cW+m)updezOXJP)pnmusZ$(M} zQ0Tw2<|+!|-VU8&>fw81%^3aK5XbqUvSWR%lGR73pgH;;cL&o&nxHeGRLA{PfwI5&+VZeuA z4pT4@c5WEH&K(DJJ7WT~v(F2@0w88cO<-%Ijc5KTheC zZZ_zNq~z(wm({T!@1nzCk72lV7;KFbV7Mo2=n*CMFz`A+q@Ygl4Whxf5v;Bc-(y@G zeSiyGbA0&c;rr+@ik;;LfPlG!XCYZ+{NdZ0Zj1}O(fu|Hq|E#!zJ>(F_tIabXo3N( zww^b8nJFrG4@ns%@#^~CVlX#I4q`)wIFS^|;Li=Jm~bg(5iY*ah1~|p>xA?TuXVzN zzo5*+p7VwzSc!);l9X&>4(j07kJ6yvDEDb#n!=cu6w45FNi$QSg3M2}iIIp9WXkIn zKpDGHCz?#nq&k=i;E7=}T7Z(OJjET)M1V-KkY$dkV)0_y7*SQw`STcih}Q}~0bSSn zu_E**4J^cB4<99JL7REbA$7BqIeNd#YS0 z>J{{XE+uXTnI&iu)MkQx;@C`+wn>UCDHLRx!Z<64&d7p_6d1u&5ecG(q;ec()vMJm zDAg?8v{FZQokUE$n7%q?SS%i5$yq?OX$*O)iE#$Zn2}63*FD%k3&t#OHjZEtVzExL zjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpYT4o;?4-v0sqDkWAn(Kq>y11cxU;*pE&?(R2P>k|pyRIt_py zmc=?Rg4A2*yVluRv)wxScMa;eowxAzJFf5sDt0o=&E)weKJNsx23ul%$R4=lk3gf^ z0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~CpwFHE@Ab;>e|0)1)$c#N2z~7Q zXRi5KoL5 z@`Db)k?;`S?|lBh-RqoepZ~A$|3&CC&j0_6CQ`lrRiXb!(Vv0H9$-KHZ65PlV_={D zYQ`2WOUhOfBXw$iHr9VkcJ@mh*;`@xVb<)REFLY+UoB%de?XM4sG^E0s;HuhDypcW uiYlt8qKYc2sG^E0s;HuhDypcWiYlt8qKYc2sG^GgjPySSZ@`TJcmM!h5`xnJ delta 3806 zcmV<44k7Wx9pN2+ABzY8x&6yt00Zq@dvl{k65oH(rqavu2z}HD{TI)G+Tbh=}Lk2GP<>4?{I`Dfp)Qkylk#6l^uT(qW1xwacj^j*iY6ud? ziIQn?oNj1;md1&?W>}m_Kc}W-aORb43FBJrop(zP`KhIiB}JDElYH|Hv2DS!E#4SO z7RzAU{DfCU-e#FhL?NYIEx6|D&XYgjJ#?$uOLi!KKZ@cY(P0sDpPFW<`5Vl!+(QLC|zu!MC z6;vhbT-HomHMh(AZgS%Val?;G5_Zd6bp5F=3Bz)qfaKj$QIl7t?V_>cyCvCs{eHQq z{6wX(7j8=1YxT>$WvY{>O8U!E(RRN)hSrl~pKJ_1mh8V>7i8bNng5=jxY4aMbK~9c zdy1Za#s6*(@xRjt*l+b(i2wa=h5s)?8~9J&yHSj&esbI*4PrXWaN!a;R}nG<|Ze2l!i`-Hp}-jEIqf1?BDo!mTveQ*mETCTICcEv)o zvG8spCwe4kK_b^Bad4YFIFb83c??!$28JYma_3$Qw&rG)xWr2c;A=C8p!_m`Iq`^5 zD}U}rv>Fg^8I$0a21e?XC~h1>+Q{|Y$XO75b+hnhP+0M1t{=O^iAjiY@x43GWF4X) zW-17nKVVOr`8{zxNXNRfUh5pUv)WRQM+ExnwUeOy5eY&p_y&Z2BntlNb^&PNd`HmxT8B?JB~`$lOgFZxKU*#!l($E&Ey>;`*+wdG054cFy_WCry$Kml@c$*~dHFmAVYG`@QwH`peBHn%iv5-5Xa-y z-JKgJkV5li#fa}Lq3n%&2f*?GKnhIBDg@sLU>=Zo;U)>i)+8W^_?~~a0$4_Wd|ZNU z2$lr_U_#9aMIRpoex&RuT)CTV3!~sJZ;JE_HEw4Z;Mn{gxXFDh4W-k6Kqt8$#LHE5 zyHSw5F89+K|G-Mkf@uDRF)ttpdUJ;b_NnD_p+LM^Bp^AM#2aP>V(1_=NFFmNj3v2u zz%aQk^jYLV5BYfwC_A#>5_rddcqyxbG8HAlwBi`5E=K{_y##Pov=ds75=jQ`7*+*5ZU)@ z^GzOKZgx>bq>-Ub_1ZgAV!g*J$~pi=`Ex}!$C9{?G$aLjq7Wf}tCzeY7b2#rW$?m9 zF^?);)$*o^f&XoSRx)@%H1gdURo~E?{k#g!FR&J^zmK zZl>%mbrmu(HXMh4he{mq;W#gR-*0%cWw@D!+rm$z(IPa%I_;xXKhvxYo~8Pbrx*oc ziCO)|nb&E*|2Od6<70$y5=QQOKpF;lOW`l{NakUbpv~d93E!JU-Dp(;R05xD&xUoer%|91A*0k1xquQ@7QptS?jt>4lo^ z6N;NAU=0Qs{Ro;uXD1yc%DauV^-tcueOs({w(wAsit|2I)&o)HGp&Gn&f2YG{Ohob zL=DR6FL!c(u|B{$Mptexb$r_YZ@2rW^#0GuX}8^n0Qmo%-buCp^CGl!zX>hL+P}X{ zUE|(UC(9+>V`ZOqL+OdAo8UR{=iD--{OXM1#PLJt4xIZ%8~}1JJRhDDOu0{z@T}Q< zcz8I@i{eRGbIFRtTOuCcC(Fg|cR4sNMOTwpgeL}nd`=1O9!LayC~{5|coKJBZw(wW z!0q=I86iGyo5uI;0Bta+Ev2m>0UK{I7&;`QzubSW9xW4Bct6n;#`462dq{s zThT^;Hr-T&_N1$mjW~Qh#}$eyrlGYOc4!3j1uR)u;!swkLG!&6HNnqqF5Ngrq+v<) zlG~u3!{^!GV*IbuRJzn+JS={ssmk?04QjOsFO;NY8-nS=YC}>(huSU4*vf2vEPgUI zhTE|zY(V_FC50>gp6?~c5Lc^Nf^H8Leq?Tc@yJ(o8v^cn6c0Gm5&;z50zJ`)3d*CA zA%{}{F%{R(Jm`-I-(or~1jwtwlZ@%R*DF}q59N`q^VWD!Kl~MgqHKI9^xs)?6-N+u zBDWZO_^UbQ4QVqosK!XrWF2A$g<`)X_MIDeVN;PnXZ1cVyd@L$SEnDQ#575`py~*J zTBM0n$boEXHFXH?IA+i#Lt$)hJii&b(E{NK1#iX>bJnCEwA%bBe^>-FXHgDfzB($W zX=#Q;E05ebf!2UpjWvcFwmFsnJ!qxzJtR!e&1(~-9n|ZnRQmxI5e9q+>M#Y>u&81P znc9G&G|7a<7-+wCuNG_pWQ)>}pDNaWz=ySQ0fMsVI$fU2!bFdc&ZEGY&zv}6n;A!w z)gti<;W@0m)gUn+{j)@#V=ODeB}4*f8drqX7Eo`_TZc3^Jk7DNG;tO5aZ4kYVNZ;^UM@;w&iCWlm z-joHKSxA$`WD|2x2fKchIt536xlIGr6vn))+NNO0x|K2&6n>&lOvXY`B;K$A%4k5F z=!#^q>R>8>C5Fjp14?Sj6n8us15v_Ewl$Vin-|l@h? zK|^eM*eFY89;q2tiu){T$b)64I79^jcjSsUM4O3<8`CUX)>B|eMk+vm_Ef!4wJYcY zLuO_M3(L?VsLcZX#Ic#Ow#lj@s}k_CgmIP;jgbu%sW5`6AToFjta2P>&9BuiBuTdo z%T5j1HS?HwF@1H)w5dNtqcewSQyKDD3;hh3F(XCVT=!rDZ5Xq>**JpC#iE^Lo73S? z{&Da##!M~gM;rI#wW&3K=(lP$ywN+6f0A(Fkv-c5RaL1=MzM~aETB6k{V)Yr+0NfR zNOMvDirPgdN^)aq8&H>oQl{-U`AaB^-N$;;67mLR!5^V-tSqD(GAOk^sCP)0{^55U z{yLj~Xkt;1p@4QNi<#21IAfZP@YKwq97cwTgmL=#8s-bH*r1Dlg{&}m>j>r`gCa<# z3Co?dL8t_pA_}|?>1M9>SDJCbL*rGE75+&wG@JDU4Qi^?!H+>>KM1E&yMF-~XQghU z2?&?1Vkyq;bNM04rjCmV><=`2>qSU0C7WhzO)sW0&08-DifQS6hI|dMU0=Rz*iK># zgzfmXmv=!EdL*|Q5 zc=IAlMP+8s04xW1DTE+w;ue|+%BESwkS5xtw2RH^7@Ub6u=ylCbN{2$YSI1Qe&_VG z-|2Sn{>Mr0wA%lD3EI5>k>B|+Ro-e&ocKR0H*)5#`<2&!Kl;_pk3aFv55$mq-jH-x z{plU`=4L6npH7>(gy^CWf24aPPyBiW_vHN#j{brKx?}=}4odOIBsjbQLVt7uvYzwj zvLaj8&}jhtuq-xs5xCyE-?h%pn(fxnziUv(?YxD-@3_JnsMyIcH`)0no_B&;gD%lN zqz5kf5olb0JHVW;8B+&Xwcl_Y@N03Umr?(6hn^MX6emF#y7RqW1AXrPf3Mds{r*Fz zb5i~O!;8?z?tk_QzCb}mzSs|FcPba)&+GyebYu^&0et0U%*}FNbt$rV88Qu{c&ezIF{@@P6m}|LtDqWb6Kah5s)`L!WW~|0h(D>h-S*{XdHS6h!s_ z`{{46#xJL diff --git a/shorewall4/policy b/shorewall4/policy index 59142ff..2e5fe13 100644 --- a/shorewall4/policy +++ b/shorewall4/policy @@ -17,8 +17,8 @@ vpn net ACCEPT vpn fw ACCEPT fw vpn ACCEPT fw net ACCEPT -net all DROP info +net all DROP vpn vpn DROP # THE FOLLOWING POLICY MUST BE LAST -all all REJECT info +all all REJECT diff --git a/shorewall6/policy b/shorewall6/policy index 9a01ad9..8b37313 100644 --- a/shorewall6/policy +++ b/shorewall6/policy @@ -15,7 +15,7 @@ vpn all ACCEPT fw all ACCEPT -net all DROP info +net all DROP # THE FOLLOWING POLICY MUST BE LAST -all all REJECT info +all all REJECT diff --git a/tun0.glorytun b/tun0.glorytun index abd7ab1..a7fd471 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -1,4 +1,5 @@ PORT=65001 +HOST=0.0.0.0 DEV=tun0 SERVER=true MPTCP=true diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp index a89e1a8..670bbac 100644 --- a/tun0.glorytun-udp +++ b/tun0.glorytun-udp @@ -1,4 +1,6 @@ BIND=0.0.0.0 BIND_PORT=65001 +HOST=0.0.0.0 +PORT=5000 DEV=tun0 OPTIONS="chacha persist" diff --git a/v2ray-server.json b/v2ray-server.json index 5d2b544..1fae64e 100644 --- a/v2ray-server.json +++ b/v2ray-server.json @@ -1,6 +1,6 @@ { "log": { - "loglevel": "debug", + "loglevel": "warning", "error": "/tmp/v2rayError.log" }, "transport": { From 379b30a65e4659978873293fa8becdee10733777 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 14:16:24 +0000 Subject: [PATCH 026/164] Add omr-admin-ipv6 --- omr-admin-ipv6.service.in | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 omr-admin-ipv6.service.in diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in new file mode 100644 index 0000000..9af8b55 --- /dev/null +++ b/omr-admin-ipv6.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=OMR-Admin IPv6 +After=network.target network-online.target + +[Service] +Type=simple +Restart=always +ExecStart=/usr/local/bin/omr-admin.py --host="::" +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP + +[Install] +WantedBy=multi-user.target From 637e2ee08ae9a1f8359bf037747480f823bb5122 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 14:18:14 +0000 Subject: [PATCH 027/164] Add symbolic link for ubuntu --- ubuntu19.04-x86_64.sh | 1 + ubuntu20.04-x86_64.sh | 1 + 2 files changed, 2 insertions(+) create mode 120000 ubuntu19.04-x86_64.sh create mode 120000 ubuntu20.04-x86_64.sh diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/ubuntu19.04-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/ubuntu20.04-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file From 91116306a13ef67223b5940b03ddae1e577eb5c6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 16:41:52 +0100 Subject: [PATCH 028/164] Add initial Debian packages files --- debian/changelog | 5 +++++ debian/compat | 1 + debian/control | 14 ++++++++++++++ debian/install | 3 +++ debian/postinst | 15 +++++++++++++++ debian/rules | 13 +++++++++++++ 6 files changed, 51 insertions(+) create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/install create mode 100644 debian/postinst create mode 100755 debian/rules diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..1e55a02 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +omr-server (0.1025) unstable; urgency=medium + + * Wireguard support and fixed + + -- OpenMPTCProuter Thu, 04 Mar 2021 14:36:12 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..9a03714 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 \ No newline at end of file diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..5f0b05c --- /dev/null +++ b/debian/control @@ -0,0 +1,14 @@ +Source: omr-server +Section: net +Priority: optional +Maintainer: OpenMPTCProuter +Build-Depends: debhelper (>= 10) +X-Python-Version: >= 3.2 +Standards-Version: 0.0.1 +Homepage: https://github.com/ysurac/openmptcprouter-vps + +Package: omr-server +Architecture: all +Multi-Arch: foreign +Depends: ${misc:Depends} +Description: OpenMPTCProuter Server script \ No newline at end of file diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..2595ec1 --- /dev/null +++ b/debian/install @@ -0,0 +1,3 @@ +* usr/share/omr-server +shorewall4/* usr/share/omr-server/shorewall4 +shorewall6/* usr/share/omr-server/shorewall6 diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..9631851 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,15 @@ +#!/bin/sh -e + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# use debconf +. /usr/share/debconf/confmodule + +cd /usr/share/omr-server +LOCALFILES=no SOURCES=no sh build.sh + +db_stop + +#DEBHELPER# +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: \ No newline at end of file diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..a45cfea --- /dev/null +++ b/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f +#export DH_VERBOSE = 1 + +# Security Hardening +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ + +override_dh_auto_install: + mkdir -p /usr/share/omr-server/shorewall4 + mkdir -p /usr/share/omr-server/shorewall6 + From 377ad59134538cd0d66afbbb624ae53bd5c95891 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Mar 2021 16:38:04 +0000 Subject: [PATCH 029/164] Fix debian package --- debian/install | 3 --- debian/rules | 7 +++++-- 2 files changed, 5 insertions(+), 5 deletions(-) delete mode 100644 debian/install diff --git a/debian/install b/debian/install deleted file mode 100644 index 2595ec1..0000000 --- a/debian/install +++ /dev/null @@ -1,3 +0,0 @@ -* usr/share/omr-server -shorewall4/* usr/share/omr-server/shorewall4 -shorewall6/* usr/share/omr-server/shorewall6 diff --git a/debian/rules b/debian/rules index a45cfea..10d24ab 100755 --- a/debian/rules +++ b/debian/rules @@ -8,6 +8,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all dh $@ override_dh_auto_install: - mkdir -p /usr/share/omr-server/shorewall4 - mkdir -p /usr/share/omr-server/shorewall6 + mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server + find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' + cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ From 795c693d13cfc996169fc89e9890857a3cf95838 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 5 Mar 2021 09:09:48 +0000 Subject: [PATCH 030/164] Add wireguard interface in firewall --- openmptcprouter-shorewall.tar.gz | Bin 4080 -> 4106 bytes shorewall4/interfaces | 1 + shorewall4/stoppedrules | 2 ++ 3 files changed, 3 insertions(+) diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index b7120120fce994d29ba0944d3beb4d99a80aeecf..f45840887cfcf10e3701975cb3de7fd86e8e40d0 100644 GIT binary patch literal 4106 zcmV+l5cTgLiwFQQl0RSo1MNIvbE8PE^A-P!u4LZrOuaa^iS2B1<+qOjwz*(n0VkWS zS49zIRIlGoHJ#Gk5z?W(=s+Qmb1nsi9#K20;?Jli%JQ4w?Yn zcAFjn%E#6@oVU)-TW!AG?4F&!YqnbLZucE&99aH&+cqS>UGlal1U@ZFpWuOA2p=xhY|6EhcKGEi5~{Uy$_cO@qohjVkjZWlOK}@ zf99Q#g(o6u*q5N_)Va8EQq$EYaGW}`q&g@j+11|<~YOD zZJm=0-GmE^9>$hza@MV4i^E#&C;x%G7sj?elvP7EE%KMY5XTX1#}>?iY%>DK5k`V0 z2@WHwiT34_H(Pkor3-y9buSH_t8@5oIbCqAX7k5p?I$mo`VU$CzHMw)en=Lpn#p9r z@vTy|;TeCnShS;y|}^e%5TG|L>mhmH&SWSoi;*yeLM$-ac)TI|<1?0RC|X1vdCGSnrZ@4}Nz2l>&|7!?(Zi&5(fYB- zoO~$t=|?8N5MelWLglm5EDW&}$%C5la+ZLSpwc}{7h>p3%v^kyc`)AO z$%PEY^PqbpA38J0MWLP?S5l69Rh>PDTSXJqu_O~_R;SRQG75sr_ns5~pI|i*hm*0x z|3d`mmhb;{I%k#te+$S{Tj~J6cWWwmYj_Ki++mz>Q%!f+U%}7EJ`` z|5i;OnHyNXhP2FAuoZ2yTIc=S!y=sdlb6HF*!ldg+obn@dH$U5c6prt&1Sor|8D_b zasSt#CQ{w|t?vE4dheHck^SHIJ!TJTNe1}5mK4CyRYkm8U90+lsPc`hX4lF{u`jR2 zre)Xgwq>y{fi=(CwIGVJVQ-KpekLR~JxKxKb5sC`&7(DXY*E1%#sA2&z&*j5XU7#OorB zCg0X_)ub@^A;E|lKBG4Zya_emg+KXixnNHVa8}{1=Hr?Yd~#?0^aDmv)M{7YO(qLE zHyH?%iML3Iq*(Dj!&^XMOp;f4e4!wJw)Kl`;I_k@9Y& z>~0JVh!9=mRn9zs^#)B@9MpMT+zwTC@y=9{qHs}SdUWqjk7%F&Ul@3&r|7=PBJw_g zmtih)7N+F)9<4bG!>Kntr4Et`&IWFC=(g#-jRqftqyt$n7bZ((OQ2Lfvls z2R{J-5f?{r!`=Kp-VQ$7EG6WDv+gi&Rc-`}LEac9fcf_2klHMb|B z^f9-W;68w_$V4f-BgSv!1`GEQGW%H^g43S)0h}k~DM=QWjmGoy^XaM@c!I{9(Z{96 zojxV=+5Ycta9rwBEn*XanD9F$23*Soawl>{R5+9NF1H4Wm}!p70bR(Nrx~156z19I00We@#2B^>ebufg1Z1xV={66%)32nax z9aN(3UxU74%D0g6A5sZea)2QX;7@@$GT6ToS1K$vV3lG!sy=Y&%|y^AU6rii@car_ zCYqF9!Q#zU1kLJcAw#U}lBWph99X+B>b|1Ny~ZauYCzK4n0s-Ij)xV|-LAc(+>c)V zM~wfDXsIm>bWOd>gwQ1zup9|usoCgAYqfNRwbpdg0O_`DZV+3q;YVY$zllx#2;f(m z6n6ys$tj>}HCr^CzA6l?4Ho(8ZmoU$9@S$GtwsdHx4~|7qJc5#q|f1$Kp%_iXaVd= zf}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|lhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bD zn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!FDT+aVEZL?8C|*+w1jEs#F;F0vT21Ri zW{w1`F^%}%4=x+@hf2uL@{?IOacAXAq=V)evZ?km^2Wl8W@wL=t(!6x9(i#B%77&e zb>=%9Ybb*Uq4e<+6pXK|I}2OeJ32x`I*fCXV37M@0%I@-n;L_dnF<(3gN!J~#29t} zQ=n@hN0R%(Shafrtc?q9C_^7zMWH*LxN*W3!6&2TEb$B1Q&@0oVPd_&S|*=N6r0}l zD57z7E@@WeEehD98glw-iAP{9Kab_Hyx#OJDE9Q>A7Ff#0Aj*e4q-G+7)yf_VKhf{ zWO3pjU|db`dZIqU*8+P##IS6B{|6?m@n<-}<;3Uze*Z`O5+~mLGfeQQhZ|jK+WYy3 znrRISb>pYaDu9`Ub9}cD$PdzArG$a{Ok*`I4l)sR2ndQcU@7V9+M!;o$9AYffh0MK z;Xp_hESZH{L|L$+FCj;YrdYz2C2KaEN?EdtZ*yYz0(yl=U+-KYM#8mB`CJK>B04NK zGS2z@>>WWwKS}e0lRTWE35!EP(Hu)O!3n2aMO7FXBa876Rar0{aA~Ya9~r7_Gl4Ku zAPU0-b--Qf>KJc(GBQaI;wwP$xz?L;7+nn3BWv!#mm_ zBI{fTK?4n({aCx!^jqjQQ(*xLYbwwMAj$^Q$6+6{&Nx;yRncVNWQ)U$662TyVl=Rh zv>9L#sc5tyJ*d^LW!Z2{+p$+7j#1_GT}#WMi4?7zrBCaImSb&|rdZkldUJi*G!meH zB=)#~i9n4V82P*(&<(?2EWbn-bzS@saYY+-t7Rox*I=XdXy?Fl#90fb!2{NZ6hH&8L)# zCUrD2yHS#d>&$mE;Y{_ch@wzwE5qAp_{E9Hn#?8;BeH}WXkwlOArVE=j(BoL|M1v?KYslWa|fK6P(i;@q-+{9oH@>#Ft!Ssrn3NX z#_$e2fS@`sPYR@9S}O!g_Q6bL%YwCB+8Jn~U>~AjK)IDq<6GUl7NA!&iBQo-v7(?{9q>C7`gHPF1^T|dfqo~|LImcfBwWff6#{<<%*=wR(3sCp|$996{_YO z(8WglEA1oN^5GzE>;4~(eme*=SdqhAuJ{=t4tD_2?+pRzm2jn~ihT#21~KyIv1|$w za82K~Xr4A3t?tSH)Id(FdjYuiI_@0ot;75k0}{f_+$Z&3QT79oE)EmOD8{_{Ybgo}kYJ?J*zUGe{nKWE?n zId8R^dB4 zuD-ST^jk)|>jK&4Yc3VM0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}nePF`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z z-+uiOv(l}t7GFV2j6B6<+41)M`bi2y`N8z|~Ow6Ys zbf2Bsj8vY4!;COwQz$>7Xe*%F48$`9THIpN2aHk1@yGEDNvKN8y(EZgFZfn+fP+vZ2SD)KfX zstDHQlRI0u;iUt8Fm*05I1@M8hd0>{JN$pEaejvW z|GaT_)@?VM=>NNCjned0&P;^#!Lt)^|0I46s+s8! zaO)4=<1(Z{p#~g^82)Oj(QK3Z7l;sUPN3yFa~fGJ3>-7>K6Jtt zf-xj?T@nQk@v{@UewjkY+rejqkRYTELCXjo%8X}nko@OWYv<4J}=-o zf~I4tU{)YlaVHSXY#9r=>CX;H6H z`MB`8$G93V{XcPBMw4<#i@~=ulI;}p8T`Il|8u;j(dTMDhHiBUGvYP5!91+q2M}lc z$1N1!+I5w%2Us|vGe2PLN7%LgYqi>i^a-n)+wR-Pe@0#mYFK+X$6 z9^&xKjbj>FVept~BK=A; zn@halm~-#B@lzwYx)ONP>NU?AwN?jWdIOK0q%4UGy>-_gK1`Yy&F}Nf$@@Z2uHqwP zF_R#ieqi!*5r$(YR6aXR!w^f6T&Ni>XE7)VD&4bmA%ecd%*A7w2jfki9LQi?7rHm} zpfmkU6za)w1?9L`)!B2nl~q9*ixOdGRf7ft!NwN67YW>7QxJ$yc|}>&gXyK#=B-4*MaA)ZnuT=ztL!y^Zza23-15w)I`dA zzvaE(SMU8YFS7spzQ^oAElB~N*ODCQnj#B#t7}CY5JkF?l=NC2$=2o7*f6aM-qFn0 zC9vjMyXFN!(ya}$hv#in1uQAndWGy2nME{Ck35KmrqesJ9Q~n}FmHwu>1&Fj-OB19 z?TgVEy68$G3J*F1AC99xhV(Z{fKDjR|8O}w!2cU) zB46wNPvPvmi~+yn7(hMA-b27Qf^@G?=79@=XfqPw9-)v3?0IyV{clZm^C ziKv=6NzqEigO|9qI7nqa2O(~qgDUS?tY>|B(!X7k!&;Zgp~~o<|44b)6LvSc3Pgy` z^D1T@zClQRvTqhRt& zMBDl}3&NLp>65@;>m^{yq^@;CQFPI==#dJmb~~N3&cDrLIo;&(8TCwam=5P&8s2KP zs5o&b=-6ElA*WwUm(o(LIC~(`iTtgR*EM({B6X;v&y| zGV{=E@)JC<&|^{MEsj3zLe`fj>Fq4GS+Gi3eTIte(Mzblb$)he$l`YmGr7aa_Ub+^G>JP!u-G0?v&5}-vsuaH(^v+<@Yy9YTVhfwP4-!Sk3K8D1FTB#<&mQ z3o=p4?uhXlIsU?Vgv@>x1>m%2o)70Sd5Yu3Wxf9V{9IdA15Z$&Gy15|xY|=ZpY8wd z2FE2n)g%_-i2=W3qQkXBAa^2HM1eDL?{X`Uh#A&cwvK1X(DAS$y4$sPl=;!iKScQNh?ZLX zKvR{wR0v&y0m~6D6q=2Wv{Fe{SZhr;bdYXI#s;zZ8h$i3`kUCqj{tt9Nq$GL7uNt) zsaS$;_Z5C%Zm`H!cWdq2_oyCoXf*;Dz6Exp5fzL{BYh611o~K9NAqA$A{@nJng~Fv z!I_NZ`?oXR&~Z5|nV>E#_WSa{)_H5#J39FdFGbn-wCc*sli$oCZ%FG{Fo%Jp$vR+r z^<@-7i4(f@Ut{~x4ZKBNk-%_QQe>U}n36>eP`IWR2!^AHW1v7Tm5SPj%p3_=W9rep z=U>+850#LeWhb*>;>?PdNC(Z+B}3_@9; zLg}L?C>URvcP6&BcXWh?bQtF%!XWp-1jb+v7BvPTH5D+9IvG)nfidg=ra;$1wkY-a zv10XnSR3cuP>Mdf3Ik_4aiW+lf=@@wS?uMmr?B8wgV=n5wM;gdC^ot4kw@d|TvW}_ zUF5Jw73B2A5|6-IejH0$l}C5z_=RV z^#pB%uLbtLi(uJ&@*5_t(I+^;<;17Ip8OWQM6o;n1QUGf;zn1R_I~=VVwl5R-RNnv z3ScI|9N#Sj@`LnOAz`3CQ(sMsgG>Ys0)ng#SW3FOwy78Eu^p;VAd0rE+Ypj@Q)1y3 zQ6{YD3&@eI$|iqhN~#5?Vw&vY+nm_FfLM!ef6N5<*QFlcG+)bAuz>z|h$xc;F7I;iv#5C?KQWmrq0DV92b-dtZcjdlJ2#tDng>!J%o>V0p!DMy5_UU#^C_XCNga*MP8et5 zI`!R5I8!|>q9|0_Oz{>PetsgdCbJ2|h)n(lnwTX)NJLR|VA-`LWL<4~_$ZR0eu9y+ zQUcwOVVdf_qZT=%e|T)dUu*pja|fK6P(izq#dI1ooH0(DFgA0VCbIx>`tS}s0I%3E zPjaMSS}O!g_Q6ag(}cBL(iv!?U>^dnL%Eqv<6F(R=AlS27lP7|7I@a|TU^P1q>(kc{%V&sow$>2rcn!Ih%s5R=% z?&;qvAg9^A09<<=cMkT}WvEtyxF~Mxa-;TUoTSR}8eVwL(^MpGf1RU)jfaDytO( z$H~bTdcL*3C9DH(#Q(%IuKybE^aE_^i`?0(Ea_`9-r{3BduN Date: Fri, 5 Mar 2021 09:10:30 +0000 Subject: [PATCH 031/164] Force use of version for binaries, enable wireguard by default --- debian9-x86_64.sh | 79 +++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 34 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 84ef712..231325a 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -27,6 +27,7 @@ UBOND=${UBOND:-no} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} +WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-yes} NOINTERNET=${NOINTERNET:-no} SPEEDTEST=${SPEEDTEST:-no} @@ -36,20 +37,28 @@ KERNEL_VERSION="5.4.100" KERNEL_PACKAGE_VERSION="1.18+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" +GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" +GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" +MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OMR_ADMIN_VERSION="376322a61dc53e671e7e3c7eaaf6645c0537a9d3" +OBFS_BINARY_VERSION="0.0.5-1" +OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099" +OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" +DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.34.0" V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" +SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" +SHADOWSOCKS_BINARY_VERSION="3.3.5-1" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" +REPO="repo.openmptcprouter.com" OMR_VERSION="0.1025-test" @@ -78,7 +87,7 @@ elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)" exit 1 fi @@ -158,17 +167,14 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list +echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list cat <> /etc/apt/sources.list.d/buster-backports.list +wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add - #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then @@ -176,6 +182,8 @@ if [ "$ID" = "debian" ]; then #echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi + # Add buster-backports repo + echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list @@ -302,7 +310,7 @@ if [ "$SOURCES" = "yes" ]; then #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -rf /tmp/shadowsocks-libev else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi # Load OLIA Congestion module at boot time @@ -421,27 +429,28 @@ if [ "$OMR_ADMIN" = "yes" ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin - sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json fi - openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" - sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - [ "$NOINTERNET" = "yes" ] && { - sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - chmod u+x /usr/local/bin/omr-admin.py - #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py - [ "$(ip -6 a)" != "" ] && { - systemctl enable omr-admin-ipv6.service - } - systemctl enable omr-admin.service rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} else - apt-get -y install omr-vps-admin - OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") + apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} + #OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") + #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi - + if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then + openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" + fi + sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + [ "$NOINTERNET" = "yes" ] && { + sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + } + chmod u+x /usr/local/bin/omr-admin.py + #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py + [ "$(ip -6 a)" != "" ] && { + systemctl enable omr-admin-ipv6.service + } + systemctl enable omr-admin.service fi # Get shadowsocks optimization @@ -531,7 +540,7 @@ if [ "$OBFS" = "yes" ]; then cd /tmp rm -rf /tmp/simple-obfs else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} fi #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json fi @@ -626,7 +635,7 @@ if [ "$MLVPN" = "yes" ]; then cd /tmp rm -rf /tmp/mlvpn else - apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn + apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network @@ -718,7 +727,7 @@ if [ "$WIREGUARD" = "yes" ]; then echo "Install WireGuard" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - apt-get --no-install-recommends -y wireguard-tools + apt-get -y install wireguard-tools --no-install-recommends if [ ! -f /etc/wireguard/wg0.conf ]; then cd /etc/wireguard umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key @@ -895,9 +904,11 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-udp else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi +[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 + # Add chrony for time sync apt-get install -y chrony @@ -939,7 +950,7 @@ if [ "$DSVPN" = "yes" ]; then cd /tmp rm -rf /tmp/dsvpn else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi fi @@ -987,9 +998,9 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-0.0.35 else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} fi - +[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 # Load tun module at boot time From 8319728f56c1e43856b811229d955d13ff0fddfa Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 08:12:51 +0000 Subject: [PATCH 032/164] Fix script --- debian9-x86_64.sh | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 231325a..b987c45 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -41,7 +41,7 @@ GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" -MLVPN_BINARY_VERSION="3.0.0+20180903.git.8f97209" +MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" @@ -167,7 +167,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo "deb [arch=amd64] https://${REPO} stretch main" > /etc/apt/sources.list.d/openmptcprouter.list +echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list cat < Date: Mon, 8 Mar 2021 14:02:06 +0000 Subject: [PATCH 033/164] Add version and depends in Debian package --- debian/control | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 5f0b05c..b95f591 100644 --- a/debian/control +++ b/debian/control @@ -10,5 +10,25 @@ Homepage: https://github.com/ysurac/openmptcprouter-vps Package: omr-server Architecture: all Multi-Arch: foreign -Depends: ${misc:Depends} +Depends: + curl, + rename, + libcurl4, + unzip, + tracebox, + omr-iperf3, + omr-shadowsocks-libev (= 3.3.5-1), + omr-vps-admin (= 0.3+20210304), + omr-simple-obfs, + mlvpn (= 3.0.0+20201216.git.2263bab), + omr-glorytun (= 0.3.4-4), + omr-glorytun-tcp (= 0.0.35-3), + omr-dsvpn (= 0.1.4-2), + shorewall, + shorewall6, + iptables, + ${misc:Depends} +Provides: omr-server +Conflicts: omr-server +Replaces: omr-server Description: OpenMPTCProuter Server script \ No newline at end of file From aacad49aa4c5619744add3b5b6777daba4fc5b9f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 14:53:06 +0000 Subject: [PATCH 034/164] Update API and fix debian mlvpn depend --- debian/control | 2 +- debian9-x86_64.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debian/control b/debian/control index b95f591..fccd12e 100644 --- a/debian/control +++ b/debian/control @@ -20,7 +20,7 @@ Depends: omr-shadowsocks-libev (= 3.3.5-1), omr-vps-admin (= 0.3+20210304), omr-simple-obfs, - mlvpn (= 3.0.0+20201216.git.2263bab), + omr-mlvpn (= 3.0.0+20201216.git.2263bab), omr-glorytun (= 0.3.4-4), omr-glorytun-tcp (= 0.0.35-3), omr-dsvpn (= 0.1.4-2), diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b987c45..c052fbf 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -45,7 +45,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="6404f52ef4e285ae5760c363bc9d6f682f6d9099" +OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -174,7 +174,7 @@ Package: * Pin: origin ${REPO} Pin-Priority: 1001 EOF -wget -O - http://${REPO}/openmptcprouter.gpg.key | apt-key add - +wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then From c64bed8db51e8a28009d6a3aec24d6f25b49b6f2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 8 Mar 2021 15:50:32 +0000 Subject: [PATCH 035/164] Fix script name --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 9631851..66b1e91 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule cd /usr/share/omr-server -LOCALFILES=no SOURCES=no sh build.sh +LOCALFILES=no SOURCES=no sh debian9-x86_64.sh db_stop From 3c6e85e07fb7d6f9019e2aea7e76cf25da392401 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:23:46 +0100 Subject: [PATCH 036/164] Add a service to do update after reboot --- debian/postinst | 6 ++++-- debian/rules | 3 ++- debian9-x86_64.sh | 7 +++++++ omr-update.service.in | 14 ++++++++++++++ 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 omr-update.service.in diff --git a/debian/postinst b/debian/postinst index 66b1e91..3f2400b 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,8 +5,10 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x # use debconf . /usr/share/debconf/confmodule -cd /usr/share/omr-server -LOCALFILES=no SOURCES=no sh debian9-x86_64.sh +sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh +echo 'To finish installation reboot' + +systemctl enable omr-update db_stop diff --git a/debian/rules b/debian/rules index 10d24ab..4db8990 100755 --- a/debian/rules +++ b/debian/rules @@ -9,8 +9,9 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all override_dh_auto_install: mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server - find . -type f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' + find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ + cp omr-update.service.in /lib/systemd/system/omr-update.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c052fbf..c805f90 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -30,6 +30,7 @@ DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-yes} NOINTERNET=${NOINTERNET:-no} +REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} @@ -133,6 +134,12 @@ if [ "$UPDATE" = "yes" ]; then echo "Update mode" fi +CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" +if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then + exit 1 +fi + + echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend diff --git a/omr-update.service.in b/omr-update.service.in new file mode 100644 index 0000000..c543d73 --- /dev/null +++ b/omr-update.service.in @@ -0,0 +1,14 @@ +[Unit] +Description=OMR Update +After=network.target network-online.target + +[Service] +Type=simple +Restart=no +Environment="SOURCES=no" +Environment="REINSTALL=no" +Environment="LOCALFILES=yes" +ExecStart=/usr/share/omr-server/debian9-x86_64.sh + +[Install] +WantedBy=multi-user.target From 0ddc538c87294424b9c2f5b06fac9469d273c08a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:29:59 +0000 Subject: [PATCH 037/164] Add dependencie in debian package --- debian/control | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/control b/debian/control index fccd12e..37756a6 100644 --- a/debian/control +++ b/debian/control @@ -27,6 +27,8 @@ Depends: shorewall, shorewall6, iptables, + v2ray-plugin, + linux-image (= 5.4.100-mptcp_1.18+9d3f35b), ${misc:Depends} Provides: omr-server Conflicts: omr-server From 96eb181b403ad71405bf3717eb476e6799bd0dbb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:30:19 +0000 Subject: [PATCH 038/164] Use Debian package for kernel --- debian9-x86_64.sh | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c052fbf..cdd7d57 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -194,22 +194,29 @@ apt-get update sleep 2 apt-get -y install dirmngr patch -wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb -wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb -# Rename bzImage to vmlinuz, needed when custom kernel was used -cd /boot -apt-get -y install rename curl libcurl4 unzip git -rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 -#apt-get -y install linux-mptcp -#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp -#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp -if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then +if [ "$SOURCES" = "yes" ]; then + wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb + # Rename bzImage to vmlinuz, needed when custom kernel was used + cd /boot + apt-get -y install rename curl libcurl4 unzip git + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 + #apt-get -y install linux-mptcp + #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp + #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb + fi +else + cd /boot + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb + apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE} fi - # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." if [ "$LOCALFILES" = "no" ]; then @@ -594,7 +601,11 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + if [ "$SOURCES" = "yes" ]; then + wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + else + apt-get -y install v2ray=${V2RAY_VERSION} + fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service fi From cf1eca052a1107562c6d0980857c65330864c442 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:33:15 +0000 Subject: [PATCH 039/164] Fix kernel package version --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 37756a6..17c4b9b 100644 --- a/debian/control +++ b/debian/control @@ -28,7 +28,7 @@ Depends: shorewall6, iptables, v2ray-plugin, - linux-image (= 5.4.100-mptcp_1.18+9d3f35b), + linux-image-5.4.100-mptcp (= 1.18+9d3f35b), ${misc:Depends} Provides: omr-server Conflicts: omr-server From 605acd1ffdda1154e0233b02dec267a3f450ae14 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:35:54 +0000 Subject: [PATCH 040/164] Fix kernel package version in install script --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 72760df..30cb01c 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -222,7 +222,7 @@ else rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image=${KERNEL_RELEASE} linux-headers=${KERNEL_RELEASE} + apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} fi # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." From 95453a801372c2db4b608fd84e6250ef2e694ee6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 09:51:50 +0000 Subject: [PATCH 041/164] Fix sed in debian package --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 3f2400b..03edb58 100644 --- a/debian/postinst +++ b/debian/postinst @@ -5,7 +5,7 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x # use debconf . /usr/share/debconf/confmodule -sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" debian9-x86_64.sh +sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh echo 'To finish installation reboot' systemctl enable omr-update From 382fc59a4f87cc6789a7dd18641a46fa733a1ad0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:30:05 +0000 Subject: [PATCH 042/164] Fix v2ray --- debian9-x86_64.sh | 4 ++-- old-v2ray.service | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) mode change 100644 => 100755 debian9-x86_64.sh create mode 100644 old-v2ray.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh old mode 100644 new mode 100755 index 30cb01c..bc28a86 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -610,14 +610,14 @@ if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray if [ "$SOURCES" = "yes" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb else apt-get -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service fi - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json diff --git a/old-v2ray.service b/old-v2ray.service new file mode 100644 index 0000000..9ed715a --- /dev/null +++ b/old-v2ray.service @@ -0,0 +1,25 @@ +[Unit] +Description=V2Ray - A unified platform for anti-censorship +Documentation=https://v2ray.com https://guide.v2fly.org +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple +#Type=exec +Type=simple +# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. +# This service runs as root. You may consider to run it as another user for security concerns. +# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. +# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 +User=root +#User=v2ray +CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=yes +ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json +Restart=on-failure +# Don't restart in the case of configuration error +RestartPreventExitStatus=23 + +[Install] +WantedBy=multi-user.target From f573c43ce0f1a587b9452aa10641d5dd4cb97342 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:30:32 +0000 Subject: [PATCH 043/164] Fix omr-update service script install --- debian/rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 4db8990..d411dc4 100755 --- a/debian/rules +++ b/debian/rules @@ -13,5 +13,6 @@ override_dh_auto_install: cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp omr-update.service.in /lib/systemd/system/omr-update.service + mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system + cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service From 2dbc4e4f0fab5a029a4693a0bab2740e34b3beb0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 10:31:20 +0000 Subject: [PATCH 044/164] Fix output of omr-update --- omr-update.service.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/omr-update.service.in b/omr-update.service.in index c543d73..1a21135 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -9,6 +9,8 @@ Environment="SOURCES=no" Environment="REINSTALL=no" Environment="LOCALFILES=yes" ExecStart=/usr/share/omr-server/debian9-x86_64.sh +StandardOutput=file:/var/log/omr-update.log +StandardError=file:/var/log/omr-update.log [Install] WantedBy=multi-user.target From 8e795b035b46cb5175131a7e2d047ab110c8d82e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:00:31 +0000 Subject: [PATCH 045/164] Reboot not needed after install --- debian/postinst | 2 -- 1 file changed, 2 deletions(-) diff --git a/debian/postinst b/debian/postinst index 03edb58..bd08d7f 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,8 +6,6 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -echo 'To finish installation reboot' - systemctl enable omr-update db_stop From 5bfd42770dfd6cb9d304ffccda4bdd2ebb52b197 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:00:54 +0000 Subject: [PATCH 046/164] Fix get previous pass for omr-admin --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bc28a86..837d4d6 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -450,9 +450,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 + [ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 + [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then From 269b986cbe12f4cb8166fe88ed0f9f29ca800da9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:04:17 +0000 Subject: [PATCH 047/164] Install omr-server debian package at end of install script --- debian9-x86_64.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 837d4d6..b7e98d2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1219,6 +1219,10 @@ else echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd fi +if [ "$SOURCES" != "yes" ]; then + apt-get -y install omr-server=${OMR_VERSION} +fi + if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' From 7ce28a948188cfc8b3a40b30fc68d7e0f714bf8f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:43:18 +0000 Subject: [PATCH 048/164] Fix script for kernel binary install --- debian9-x86_64.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b7e98d2..f8b3f97 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -199,14 +199,14 @@ fi echo "Install mptcp kernel and shadowsocks..." apt-get update sleep 2 -apt-get -y install dirmngr patch +apt-get -y install dirmngr patch rename curl libcurl4 unzip if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb # Rename bzImage to vmlinuz, needed when custom kernel was used cd /boot - apt-get -y install rename curl libcurl4 unzip git + apt-get -y install git rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 #apt-get -y install linux-mptcp #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp @@ -220,9 +220,11 @@ if [ "$SOURCES" = "yes" ]; then else cd /boot rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - echo "Install kernel linux-image-${KERNEL_RELEASE}" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + fi fi # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." From a713d44645de0311a8289bd0b9a8b77ef5c2163d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 13:46:55 +0000 Subject: [PATCH 049/164] No error if omr-server not installed --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index f8b3f97..8c2fb45 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1222,7 +1222,7 @@ else fi if [ "$SOURCES" != "yes" ]; then - apt-get -y install omr-server=${OMR_VERSION} + apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true fi if [ "$update" = "0" ]; then From e70303ba3f1be88a0259ee94e4d90037bcde0cec Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 14:11:54 +0000 Subject: [PATCH 050/164] Change version --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 1e55a02..33cf21b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -omr-server (0.1025) unstable; urgency=medium +omr-server (0.1025-test) unstable; urgency=medium * Wireguard support and fixed From 8856fece584efb8c4244899d43a24461e98ffefb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Mar 2021 14:38:35 +0000 Subject: [PATCH 051/164] Use v2ray_plugin debian package --- debian/control | 3 ++- debian9-x86_64.sh | 52 +++++++++++++++++++++++++---------------------- 2 files changed, 30 insertions(+), 25 deletions(-) diff --git a/debian/control b/debian/control index 17c4b9b..0da3629 100644 --- a/debian/control +++ b/debian/control @@ -27,7 +27,8 @@ Depends: shorewall, shorewall6, iptables, - v2ray-plugin, + v2ray-plugin (= 4.35.1), + v2ray (=4.35.1), linux-image-5.4.100-mptcp (= 1.18+9d3f35b), ${misc:Depends} Provides: omr-server diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8c2fb45..fd83af2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -50,8 +50,8 @@ OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" OMR_ADMIN_BINARY_VERSION="0.3+20210304" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="4.34.0" -V2RAY_PLUGIN_VERSION="v1.4.3" +V2RAY_VERSION="4.35.1" +V2RAY_PLUGIN_VERSION="4.35.1" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" SHADOWSOCKS_BINARY_VERSION="3.3.5-1" @@ -574,29 +574,33 @@ fi # Install v2ray-plugin if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - cd /tmp - tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin - cd /tmp - rm -rf /tmp/v2ray-plugin_linux_amd64 - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + if [ "$SOURCES" = "yes" ]; then + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + cd /tmp + tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin + cd /tmp + rm -rf /tmp/v2ray-plugin_linux_amd64 + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #rm -rf /tmp/v2ray-plugin - #cd /tmp - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin - #cd /tmp/v2ray-plugin - #git checkout ${V2RAY_PLUGIN_VERSION} - #git submodule update --init --recursive - #CGO_ENABLED=0 go build -o v2ray-plugin - #cp v2ray-plugin /usr/local/bin/v2ray-plugin - #cd /tmp - #rm -rf /tmp/simple-obfs + #rm -rf /tmp/v2ray-plugin + #cd /tmp + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends git ca-certificates golang-go + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #cd /tmp/v2ray-plugin + #git checkout ${V2RAY_PLUGIN_VERSION} + #git submodule update --init --recursive + #CGO_ENABLED=0 go build -o v2ray-plugin + #cp v2ray-plugin /usr/local/bin/v2ray-plugin + #cd /tmp + #rm -rf /tmp/simple-obfs + else + apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} + fi fi if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then From 47df28fdc67b2f5927da84924d18edd8c4ec1133 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Mar 2021 08:07:55 +0000 Subject: [PATCH 052/164] Fix symbolic link for v2ray config --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index fd83af2..3706227 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -630,6 +630,7 @@ if [ "$V2RAY" = "yes" ]; then rm /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + ln -sf /etc/v2ray/v2ray-server.json /etc/v2ray/config.json sed -i 's:debug:warning:' /etc/v2ray/v2ray-server.json rm -f /tmp/v2rayError.log if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then From 83e81cfd9ffb14d8495a8f210d3a9854e52d84bb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Mar 2021 14:48:12 +0000 Subject: [PATCH 053/164] Go to openmptcprouter-vps-admin dir before creating key --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3706227..4be25a4 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -464,6 +464,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then + cd /etc/openmptcprouter-vps-admin openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" fi sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json From 8e738a8f197f823f1ac6a0cee5e1b81f16fcf21f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 06:46:05 +0000 Subject: [PATCH 054/164] Fix https://github.com/Ysurac/openmptcprouter-vps/issues/46 --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 4be25a4..2d1af03 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -579,7 +579,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin From fd10d9ac2002dbf1eade75fd113b683893fc2201 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 13:21:25 +0000 Subject: [PATCH 055/164] Force update repo key --- debian9-x86_64.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2d1af03..60966c2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -139,6 +139,10 @@ if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then exit 1 fi +[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { + echo "Update ${REPO} key" + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - +} echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock From 5291876fe682ca6404944030cae2235c90016a26 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 16:57:04 +0000 Subject: [PATCH 056/164] Fix mlvpn source install and use binary by default --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 60966c2..0a3520b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -28,7 +28,7 @@ UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} -SOURCES=${SOURCES:-yes} +SOURCES=${SOURCES:-no} NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-no} @@ -657,6 +657,7 @@ if [ "$MLVPN" = "yes" ]; then if [ -f /etc/mlvpn/mlvpn0.conf ]; then mlvpnupdate="1" fi + mkdir -p /etc/mlvpn if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -691,7 +692,6 @@ if [ "$MLVPN" = "yes" ]; then else apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi - mkdir -p /etc/mlvpn if [ "$mlvpnupdate" = "0" ]; then sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf fi From 69df502cb9eff01699e1a037b568689da3613086 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Mar 2021 17:13:56 +0000 Subject: [PATCH 057/164] Keep old config --- debian9-x86_64.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 0a3520b..136053e 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -330,7 +330,7 @@ if [ "$SOURCES" = "yes" ]; then #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -rf /tmp/shadowsocks-libev else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi # Load OLIA Congestion module at boot time @@ -460,7 +460,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi - apt-get -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ fi @@ -624,7 +624,7 @@ if [ "$V2RAY" = "yes" ]; then dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb else - apt-get -y install v2ray=${V2RAY_VERSION} + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.conf ] && [ ! -f /etc/systemd/system/v2ray.service ]; then wget -O /etc/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/old-v2ray.service @@ -690,7 +690,7 @@ if [ "$MLVPN" = "yes" ]; then fi fi else - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-mlvpn=${MLVPN_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$mlvpnupdate" = "0" ]; then sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf From 507f49413cd3a7bdefe45a9d122e3b3f2d97d67a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Mar 2021 19:12:01 +0000 Subject: [PATCH 058/164] Update API --- debian9-x86_64.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 136053e..90a710b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) for OpenMPTCProuter +# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="2e752ad783ffb817f6d627a999d51ac6656411f9" -OMR_ADMIN_BINARY_VERSION="0.3+20210304" +OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7" +OMR_ADMIN_BINARY_VERSION="0.3+20210315" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" From 454046f830402050b6c7143eac494520ec4b46f1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Mar 2021 19:40:17 +0000 Subject: [PATCH 059/164] Update API --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 90a710b..540473f 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,7 +46,7 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="f408dfb7e73970d3ae10bb188174c070e5b18fe7" +OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7" OMR_ADMIN_BINARY_VERSION="0.3+20210315" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" From 9a764d0eaf95b27a750e6a910e6531e9345ad9a8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 12:36:53 +0000 Subject: [PATCH 060/164] Fix LAN default route, fix https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 4b8e54d..0711abc 100755 --- a/omr-service +++ b/omr-service @@ -52,7 +52,7 @@ _lan_route() { while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c '.lanips //empty' | + echo "$c" | jq -c '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null From 98ee07f6a6cd7e8bc7f4559788b018b9e641747a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:41:26 +0000 Subject: [PATCH 061/164] Add a test for a China compatible script --- debian9-x86_64.sh | 46 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 540473f..8cf27d3 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -60,6 +60,7 @@ VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" +CHINA=${CHINA:-no} OMR_VERSION="0.1025-test" @@ -176,16 +177,45 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi + # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list -cat < /etc/apt/sources.list.d/openmptcprouter.list + cat /var/lib/openmptcprouter-vps-debian | apt-key add - + if [ ! -d /usr/share/omr-server ]; then + git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server + fi + cd /usr/share/omr-server + git pull + if [ "$VPS_PATH" = "server-test" ]; then + git checkout develop + else + git checkout master + fi + DIR="/usr/share/omr-server" +else + echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones + Package: * + Pin: origin ${REPO} + Pin-Priority: 1001 + EOF + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - +fi #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then From dae3133a1d308601b718b59911e2c052f185cd7f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:44:43 +0000 Subject: [PATCH 062/164] Fix --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8cf27d3..c8722ba 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -194,7 +194,7 @@ if [ "$CHINA" = "yes" ]; then # git checkout main # fi echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list - cat /var/lib/openmptcprouter-vps-debian | apt-key add - + cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - if [ ! -d /usr/share/omr-server ]; then git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server fi From 31d4712c8314283508475a4f0fb0b4cb11145c9e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:49:12 +0000 Subject: [PATCH 063/164] Fix --- debian9-x86_64.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index c8722ba..bd715f1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -142,7 +142,11 @@ fi [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + if [ "$CHINA" = "yes" ]; then + wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + else + wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + fi } echo "Remove lock and update packages list..." @@ -195,17 +199,17 @@ if [ "$CHINA" = "yes" ]; then # fi echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - - if [ ! -d /usr/share/omr-server ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server + if [ ! -d /usr/share/omr-server-git ]; then + git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git fi - cd /usr/share/omr-server + cd /usr/share/omr-server-git git pull if [ "$VPS_PATH" = "server-test" ]; then git checkout develop else git checkout master fi - DIR="/usr/share/omr-server" + DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref From cedb65670e46ea680bddb3304e2f842569251be4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:53:25 +0000 Subject: [PATCH 064/164] Add missing files and use localfiles for china --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bd715f1..6045365 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -209,6 +209,7 @@ if [ "$CHINA" = "yes" ]; then else git checkout master fi + LOCALFILES="yes" DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list From 07e23b78512794d7902387fe92151e4ee0488cca Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:57:16 +0000 Subject: [PATCH 065/164] fix --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6045365..a9c2151 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -192,7 +192,7 @@ if [ "$CHINA" = "yes" ]; then fi cd /var/lib/openmptcprouter-vps-debian git pull -# if [ "$VPS_PATH" = "server-test" ]; then +# if [ "$VPSPATH" = "server-test" ]; then # git checkout develop # else # git checkout main @@ -204,7 +204,7 @@ if [ "$CHINA" = "yes" ]; then fi cd /usr/share/omr-server-git git pull - if [ "$VPS_PATH" = "server-test" ]; then + if [ "$VPSPATH" = "server-test" ]; then git checkout develop else git checkout master From 1d2887c747f7fc3d0c3aa8a2fd5cfa77c0d226dc Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 23 Mar 2021 19:58:37 +0000 Subject: [PATCH 066/164] Add omr-test-speed --- omr-test-speed | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100755 omr-test-speed diff --git a/omr-test-speed b/omr-test-speed new file mode 100755 index 0000000..fa95ff2 --- /dev/null +++ b/omr-test-speed @@ -0,0 +1,42 @@ +#!/bin/sh +# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : +INTERFACE="$1" + +echo "Select best test server..." +HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" +bestping="999" +for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi +done + +[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" + +echo "Best server is $HOST, running test:" +trap : HUP INT TERM +if [ -z "$INTERFACE" ]; then + curl -4 $HOST >/dev/null || echo +else + domain=$(echo $HOST | awk -F/ '{print $3}') + hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset add ss_rules_dst_bypass_all $ip + done + fi + curl -4 --interface $INTERFACE $HOST >/dev/null || echo + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset del ss_rules_dst_bypass_all $ip + done + fi +fi From 5023d5cf33a4381d85e0b2d804c552a1591f2834 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 24 Mar 2021 14:02:18 +0000 Subject: [PATCH 067/164] Fix --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 0711abc..6fe97bf 100755 --- a/omr-service +++ b/omr-service @@ -52,7 +52,7 @@ _lan_route() { while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c '.lanips[] //empty' | + echo "$c" | jq -c -r '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null From fd915dfbb974675fa7e7f38db7aa0ab08ea5abb2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 25 Mar 2021 09:19:08 +0000 Subject: [PATCH 068/164] Update API version --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a9c2151..6a3e7e2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="db77dc0508bf14089a185cbf3b2c1aee5333b2d7" -OMR_ADMIN_BINARY_VERSION="0.3+20210315" +OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5" +OMR_ADMIN_BINARY_VERSION="0.3+20210325" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" From db95630ef98657da896dcdeefa212224b2ef9357 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 29 Mar 2021 14:32:39 +0000 Subject: [PATCH 069/164] Disable TLS from let's encrypt in China --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6a3e7e2..a7f8d39 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -210,6 +210,7 @@ if [ "$CHINA" = "yes" ]; then git checkout master fi LOCALFILES="yes" + TLS="no" DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list From 950b704495a080ee65b4f39554aca34a97102916 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 14 Apr 2021 19:16:45 +0000 Subject: [PATCH 070/164] Update server API --- debian9-x86_64.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a7f8d39..34e2969 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="2694612565aba58cc0a9bd2ad5d550aa4ef7bcf5" -OMR_ADMIN_BINARY_VERSION="0.3+20210325" +OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5" +OMR_ADMIN_BINARY_VERSION="0.3+20210414" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" @@ -1295,7 +1295,7 @@ if [ "$update" = "0" ]; then echo 'Your glorytun key: ' echo $GLORYTUN_PASS if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN port: 65011' + echo 'A Dead Simple VPN port: 65401' echo 'A Dead Simple VPN key: ' echo $DSVPN_PASS fi @@ -1342,7 +1342,7 @@ if [ "$update" = "0" ]; then EOF if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - A Dead Simple VPN port: 65011 + A Dead Simple VPN port: 65401 A Dead Simple VPN key: ${DSVPN_PASS} EOF fi From 180a3fc0acc21e51b906ebde2f1dccf8139eb939 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 19 Apr 2021 19:15:43 +0000 Subject: [PATCH 071/164] Remove bad dsvpn ipv6 route --- omr-service | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/omr-service b/omr-service index 6fe97bf..ff51abe 100755 --- a/omr-service +++ b/omr-service @@ -40,6 +40,11 @@ _glorytun_tcp() { fi } +_dsvpn() { + [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null +} + + _omr_api() { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { logger -t "OMR-Service" "Restart OMR-Admin" @@ -109,6 +114,7 @@ ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp _glorytun_tcp + _dsvpn _multipath _omr_api _lan_route From c39b07eaa57fdd0c86652b80f3b42ddadf5388f5 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 27 Apr 2021 08:24:10 +0000 Subject: [PATCH 072/164] Doesn't download each firewall file for update --- debian9-x86_64.sh | 53 ++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 34e2969..2d6ddf7 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1157,38 +1157,29 @@ if [ "$update" = "0" ]; then else # Update only needed firewall files if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces - wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat - wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules - wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces - wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf - wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy - wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params - wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn - wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net - wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params - wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net - wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn - wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces - wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules - wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat - else - cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces - cp ${DIR}/shorewall4/snat /etc/shorewall/snat - cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules - cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces - cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf - cp ${DIR}/shorewall4/policy /etc/shorewall/policy - cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net - cp ${DIR}/shorewall6/params /etc/shorewall6/params - cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn - cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces - cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules - cp ${DIR}/shorewall6/snat /etc/shorewall6/snat + mkdir -p ${DIR} + wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz + wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz + mkdir -p ${DIR}/shorewall4 + tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4 + mkdir -p ${DIR}/shorewall6 + tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6 fi + cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces + cp ${DIR}/shorewall4/snat /etc/shorewall/snat + cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules + cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces + cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf + cp ${DIR}/shorewall4/policy /etc/shorewall/policy + cp ${DIR}/shorewall4/params /etc/shorewall/params + cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn + cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net + cp ${DIR}/shorewall6/params /etc/shorewall6/params + cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net + cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn + cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces + cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules + cp ${DIR}/shorewall6/snat /etc/shorewall6/snat sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules From df637bb0c455c4a3bf8360d6eca0407cd68cf4c9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 8 May 2021 06:46:40 +0000 Subject: [PATCH 073/164] Fix VPS update via web and update omr-test-speed --- debian/postinst | 3 ++- debian/rules | 4 ++-- debian9-x86_64.sh | 11 +++++++-- omr-test-speed | 51 ++++++++++++++++++++++++--------------- omr-test-speedv6 | 56 +++++++++++++++++++++++++++++++++++++++++++ omr-update | 11 +++++++++ omr-update.service.in | 9 ++++--- 7 files changed, 116 insertions(+), 29 deletions(-) mode change 100755 => 100644 omr-test-speed create mode 100644 omr-test-speedv6 create mode 100755 omr-update diff --git a/debian/postinst b/debian/postinst index bd08d7f..57ee50d 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,7 +6,8 @@ test $DEBIAN_SCRIPT_DEBUG && set -v -x . /usr/share/debconf/confmodule sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -systemctl enable omr-update +systemctl daemon-reload +systemctl restart omr-update db_stop diff --git a/debian/rules b/debian/rules index d411dc4..9a69cc6 100755 --- a/debian/rules +++ b/debian/rules @@ -13,6 +13,6 @@ override_dh_auto_install: cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - mkdir -p $(CURDIR)/debian/omr-server/lib/systemd/system - cp omr-update.service.in $(CURDIR)/debian/omr-server/lib/systemd/system/omr-update.service + mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin + touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2d6ddf7..a75b4a4 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -46,8 +46,8 @@ MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="b40c6b615eca1a7171d83e3a3f58c7d4d17e0fd5" -OMR_ADMIN_BINARY_VERSION="0.3+20210414" +OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" +OMR_ADMIN_BINARY_VERSION="0.3+20210508" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" @@ -582,6 +582,12 @@ if systemctl -q is-active shadowsocks-libev-manager@manager; then systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi +if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in +else + cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service +fi + # Install simple-obfs if [ "$OBFS" = "yes" ]; then echo "Install OBFS" @@ -1260,6 +1266,7 @@ fi if [ "$SOURCES" != "yes" ]; then apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true + rm -f /etc/openmtpcprouter-vps-admin/update-bin fi if [ "$update" = "0" ]; then diff --git a/omr-test-speed b/omr-test-speed old mode 100755 new mode 100644 index fa95ff2..863232f --- a/omr-test-speed +++ b/omr-test-speed @@ -1,30 +1,43 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -INTERFACE="$1" +OVH=false +if [ "$1" = "ovh" ]; then + OVH=true + INTERFACE="$2" +else + INTERFACE="$1" +fi -echo "Select best test server..." -HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" -bestping="999" -for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi -done +[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { + echo "You must use a real interface. You wan find them using 'ip a' for example" + exit 0 +} + +if [ "$OVH" = false ]; then + echo "Select best test server..." + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + bestping="9999" + for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi + done +fi [ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" echo "Best server is $HOST, running test:" trap : HUP INT TERM if [ -z "$INTERFACE" ]; then - curl -4 $HOST >/dev/null || echo + curl -4 -o /dev/null $HOST || echo else domain=$(echo $HOST | awk -F/ '{print $3}') hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') @@ -33,7 +46,7 @@ else ipset add ss_rules_dst_bypass_all $ip done fi - curl -4 --interface $INTERFACE $HOST >/dev/null || echo + curl -4 -o /dev/null --interface $INTERFACE $HOST || echo if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then for ip in $hostip; do ipset del ss_rules_dst_bypass_all $ip diff --git a/omr-test-speedv6 b/omr-test-speedv6 new file mode 100644 index 0000000..ca3d64d --- /dev/null +++ b/omr-test-speedv6 @@ -0,0 +1,56 @@ +#!/bin/sh +# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : +OVH=false +if [ "$1" = "ovh" ]; then + OVH=true + INTERFACE="$2" +else + INTERFACE="$1" +fi + +[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { + echo "You must use a real interface. You wan find them using 'ip a' for example" + exit 0 +} + + +if [ "$OVH" = false ]; then + echo "Select best test server..." + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + bestping="9999" + for pinghost in $HOSTLST; do + domain=$(echo $pinghost | awk -F/ '{print $3}') + if [ -z "$INTERFACE" ]; then + ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + else + ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + fi + echo "host: $domain - ping: $ping" + if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then + bestping=$ping + HOST=$pinghost + fi + done +fi + +[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" + +echo "Best server is $HOST, running test:" +trap : HUP INT TERM +if [ -z "$INTERFACE" ]; then + curl -6 $HOST >/dev/null || echo +else + domain=$(echo $HOST | awk -F/ '{print $3}') + hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset add ss_rules6_dst_bypass_all $ip + done + fi + curl -6 --interface $INTERFACE $HOST >/dev/null || echo + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset del ss_rules6_dst_bypass_all $ip + done + fi +fi diff --git a/omr-update b/omr-update new file mode 100755 index 0000000..33b3fa6 --- /dev/null +++ b/omr-update @@ -0,0 +1,11 @@ +#!/bin/sh +if [ -f /etc/openmptcprouter-vps-admin/update ]; then + wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh + rm -f /etc/openmptcprouter-vps-admin/update + reboot +fi +if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then + LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh + rm -f /etc/openmptcprouter-vps-admin/update-bin + #reboot +fi diff --git a/omr-update.service.in b/omr-update.service.in index 1a21135..231803a 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -4,11 +4,10 @@ After=network.target network-online.target [Service] Type=simple -Restart=no -Environment="SOURCES=no" -Environment="REINSTALL=no" -Environment="LOCALFILES=yes" -ExecStart=/usr/share/omr-server/debian9-x86_64.sh +Restart=never +ExecStart=/usr/bin/omr-update +#ExecStart=/usr/share/omr-server/debian9-x86_64.sh +AmbientCapabilities= StandardOutput=file:/var/log/omr-update.log StandardError=file:/var/log/omr-update.log From 4b8a9432cd91f68f38d26ad56e33b170715cc0b4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 9 May 2021 08:35:34 +0000 Subject: [PATCH 074/164] Replace gitee by gitlab --- debian9-x86_64.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a75b4a4..9e9b397 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -143,7 +143,8 @@ fi [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" if [ "$CHINA" = "yes" ]; then - wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - else wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - fi @@ -188,7 +189,8 @@ if [ "$CHINA" = "yes" ]; then echo "Install git..." apt-get -y install git if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian + #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian + git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian fi cd /var/lib/openmptcprouter-vps-debian git pull @@ -200,7 +202,8 @@ if [ "$CHINA" = "yes" ]; then echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - if [ ! -d /usr/share/omr-server-git ]; then - git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git + #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git + git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git fi cd /usr/share/omr-server-git git pull From a02b30624347dfc4d056c180c2f0300cff61a615 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 9 May 2021 08:35:55 +0000 Subject: [PATCH 075/164] Check wireguard ip --- omr-service | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/omr-service b/omr-service index ff51abe..d6d751d 100755 --- a/omr-service +++ b/omr-service @@ -44,6 +44,10 @@ _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null } +_wireguard() { + [ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null +} + _omr_api() { [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { @@ -115,6 +119,7 @@ while true; do _glorytun_udp _glorytun_tcp _dsvpn + _wireguard _multipath _omr_api _lan_route From c19bade451c2e9380edaf539f38208af962370b4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 8 Jun 2021 17:42:39 +0000 Subject: [PATCH 076/164] Add latest omr vps script changes --- debian/control | 4 ++-- debian9-x86_64.sh | 20 ++++++++++++++------ omr-service | 11 ++++++++++- openmptcprouter-shorewall.tar.gz | Bin 4106 -> 4136 bytes shadowsocks.conf | 3 +++ shorewall4/snat | 9 ++++++++- 6 files changed, 37 insertions(+), 10 deletions(-) diff --git a/debian/control b/debian/control index 0da3629..72af96a 100644 --- a/debian/control +++ b/debian/control @@ -17,8 +17,8 @@ Depends: unzip, tracebox, omr-iperf3, - omr-shadowsocks-libev (= 3.3.5-1), - omr-vps-admin (= 0.3+20210304), + omr-shadowsocks-libev (= 3.3.5-2), + omr-vps-admin (= 0.3+20210508), omr-simple-obfs, omr-mlvpn (= 3.0.0+20201216.git.2263bab), omr-glorytun (= 0.3.4-4), diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 9e9b397..99f120a 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -31,7 +31,7 @@ WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} -SPEEDTEST=${SPEEDTEST:-no} +SPEEDTEST=${SPEEDTEST:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} KERNEL_VERSION="5.4.100" @@ -53,8 +53,8 @@ DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.35.1" V2RAY_PLUGIN_VERSION="4.35.1" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="cadf278d476d0e5679c3e67390b271276a8dc54a" -SHADOWSOCKS_BINARY_VERSION="3.3.5-1" +SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead" +SHADOWSOCKS_BINARY_VERSION="3.3.5-2" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" @@ -100,6 +100,13 @@ if [ "$ARCH" != "amd64" ]; then exit 1 fi +echo "Check virtualized environment" +VIRT="$(systemd-detect-virt 2>/dev/null || true)" +if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then + echo "Container are not supported: kernel can't be modified." + exit 1 +fi + # Check if DPKG is locked and for broken packages #dpkg -i /dev/zero 2>/dev/null #if [ "$?" -eq 2 ]; then @@ -269,6 +276,7 @@ else apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} fi fi + # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." if [ "$LOCALFILES" = "no" ]; then @@ -280,7 +288,7 @@ fi rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} -sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null +[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox @@ -1240,9 +1248,9 @@ if [ "$TLS" = "yes" ]; then fi if [ "$SPEEDTEST" = "yes" ]; then - if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then + mkdir -p /usr/share/omr-server/speedtest + if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then echo "Generate speedtest image..." - mkdir -p /usr/share/omr-server/speedtest dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 echo "Done" fi diff --git a/omr-service b/omr-service index d6d751d..e1eaa5e 100755 --- a/omr-service +++ b/omr-service @@ -44,8 +44,15 @@ _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null } +_shadowsocks() { + [ -z "$(pgrep ss-server)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks" + systemctl restart shadowsocks-libev-manager@manager + } +} + _wireguard() { - [ -n "$(ip a show dev wg0)" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null + [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null } @@ -113,11 +120,13 @@ _openvpn_bonding() { fi } +sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null while true; do _glorytun_udp _glorytun_tcp + _shadowsocks _dsvpn _wireguard _multipath diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index f45840887cfcf10e3701975cb3de7fd86e8e40d0..356841434047882f570e6ccb2c8c8c84ccfd1e9a 100644 GIT binary patch delta 4121 zcmV+!5a#cSAgCaJABzY8l5?7100Zqje{-YAj`J`66kW;O+nKr~HpD+RdF9(9fNd@q zSis3<>#8VXlZ0B^_yA8fw>97Wq;9|%JL7pfcILf3lo?7k+fWXuv8n&z3oAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^x zb&JqASgg0U)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=! z$#&R(;r|6*Xuso|5C__=&UvGW{=a=LRQ~@hVBPK|M-1di-VFdMO zA=5A>q1kBH{SF_iWFxgU8`VlMBe!5AuQ!PuY2KJj9*KwSLf zPqMc5upxHZ5D0+4o~rqG;s;QUva?dwLSba$Ctfg(p~C52VGpr=akCYx{cbW#hiOgPLt(-{NFh)r^z^E#o*f+$##m_6nELue}u5|3}F8yZ-25%wO<77MYU|rJh`W#Yf0u#$h!1$mACy498BWe0G|JA(kTfP%~am6HpRV zx@YM^41I~2OTaP@#+y8OkiqyqbZ-7JUnhM?;-oopD?wtRf&H3M{ z?*G3D+?cj2%CgnvX(B-X^EG2=ZD55O(lTGcRRt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&fO?XDy@!DB1leAp+yj>a z(PkvVJwye3nclF}zN(8^U?P_2D8>4?;iwMBp=e#>wPffzjb3TFqYl^T2Vft#6)A5Y z-K$hAr<+NR$)5w<1eF~>*dKFzS?yvI5&D)fGHXBC3hO;l(^eNyRlL$vd!WcGq@`%k z69t5---w!8K#X*M#}cLMB8{%x)^gS4aQ;Jr5i@*7Z#4JE)O;7g__yVPJuSdlg}0iI zYwG-yHw`8qFoL31y8>@AUeLM8Kpc<#MM7lVE=Y=3G9H4|ttDY5^Er%g>l{@1z+ye? z%lEz8H94$xxg4sD8O$Fk?|RDa#?*lb(M4Y6%mY|&(3Hi0L7msd?NDVG?@Sdr3Ku1& zNB7?3i1zvahI9Yy4BaRhvVO3+SbQu7`-IRISJ=$y#!2|)U|FXi!NIh zJyKz(?N;l5y!8+BSWY&1d_g_i9%RG0mxc?1K*h-e$;9r02st4uTirA!oCrYs@I1)| zi39F5sill8i0%=zm`+1F7?cH%Oxw+ii;E)n@iaiQDNgXzLXTx#bU6C73t3;j&u(Y2 z&4Q(@R{8x+ni{vZY%N$fJyvsj5=tL)`w8v?_=-%FvO8k@hTeSPJwj$bjYDwS(_jwg z33*DA#bv$z{QP{jss^5*K4bK8sc~md$!xm+yBi#r`c#`ZL?jmcj))1@3W3~-ToDb< ztIl1QKcFH2 zCJaj-_1V7;rr1}k?g5+MgWk8G?YE$VMzsBF&{Hkt7E=C0DgjFlFr+^GsW3PU}k~JKjU*XC`m(weMSiCu^sM}pVWQdhr3KRjI18WyX-BUHC zTmR%mbx3;aGe3^e@vtJg+qHX?`_apPi}BwPEp^1cp=)=U5V`~dmP1i0H5(mit(LB^ z)|zgaAl*@{4PyH>{BUITHnFK60sKmn;*Q`TIRjL!=18X7)5N~L!6IMXt+j98qk7DL zq18xW_zu{OL3A)CgY-C@66j-b9W8=A$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)* z*A$&W_vrl}cqyya=T%o;zW>7>h?cUB1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJ zB}FyqkF7Y=0HtecfnYd>JOT>jQmg5IJ;=Mb$r$2mf!!ZsST?`^1C!SH zGo0XZ;`4vL|08~h6Myy@CiujE$BnKu?fv{i&9VoDy7ALy6~K(c8NOQxhzU0lh+`uXnBxL-AUne6B=Wm0T7Z8RvX{c8?&UpQQQ0NgmFB(1fLdsOqjQ zS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1uDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtY zWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t;m@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&N zik%}3%SnRJ#>xPzN9gU_~dLMdoec3b=p?_rdxPXa3ja?Xj`Me*{4p<3T{QKj3@Df!4zesS^EzcF&U?FNMB5rjw!t`yhmNw`Uy65=-T zq57-RZLH4S!feuM9!PyKYbfS`%FiQ6*xmfir<95&bu==2QId!2%y%>4O!cgYqEKl& z!#imB#fiw8%q9?jBeKOCXkwlOArVE>C|4wXwzBKF3av$-t57v(fG#%Tf1ha|(UuPf zaa;HQaP-?jn88XM=5oc)2ywUrh<}!gkgdixB)<(QY(t)JLpHY|TSa91f{_7^Z>P8pOoBE;2`TCVQ9q_+T;V$k zXe!`g*u#5#m=BW^W(2hafBM)kf4(2rj*;@i`|L%Pj~v%Hqkr`Vu*}~{sgjC61#uEC z7XIX*+kkh*f1$&^|I^|5hS0+2|3dZspSOY6_W!mDxj?~0{&XI|3snm6S55&6HgbU1 zK)!J^?s~m%+7w&d44YnW?4V1(_mf|rZcv<-IHxtXamqdo^!1#we;OOK*=K}yb77Pl zWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH|cfJ43x6AMU2z;wm#s9Z} zj03&OXLdTP5clr>0-%`QG|gunxEp z|2x0`$G0}W|J80*Z{L4-6Znev|9(Xisb2rCvj11Jf9gaIkoKqF=FEao`Y|+8236lc zWg+UTbN$zNXCGk8UgXYSWyxNX2^OE4`8(tEqDnq1sGx!hDyX1>3M#0ef(k0Apn?i2 XsGx!hDyX1>?+X71gZNS90C)fZ9&A2V delta 4091 zcmVpjn!AY~2E@G&mkIHJ!uMh* zA<2^;lLvq1osi^Z;gO@c8<3n^J?C}=?0)L&=18!~S?%~upmr>XwxVks$65N=6lIQ+ zWXt9_!_;kmos$gRgbRxv#+Gby)~#ZT!&>bp|AD+0#3wbAHxrqyO)o@s6`C{e~B{vb$ z2hUEx{gdQ5tmmdfz^y;{kIRS#g;U@thKrZTe|$>F2k|4}VfgEOv(+Z|FAyQTfQ#RLDVvsdJz=^&6~$0e4rNtZA?@zj-hPe1zzONh_Sq%`4gzD`V%jRJ>te>fw=g| zn`Uk8V?(U8ArJt8Jyr9s#PgvXWoNy{pSCh-DaR86ef7aju>BDU7g+HlH2Q_iTxeZ? zR`Zm0fdzuFE{0EH%7QeKPm|vh+TRb$2!)ZUm$?2ch6?q)!X9G#%99-JJD}&O0>5|8 z$G_^DObAglTQ>WGi025pfvJL3gJ8wIhiK*~SjbJECW{k@8xJ%0F+Pc)hdk&JQ2Zna zWN2-dd=FWMZi5K^<)`;{3pldG#Q7i7<@Y;*-kN^!SAc}zr_3b@ztVf z{3WK3kyl^BWO=Pg;XJC}hY*5-$1N1!+pAUZwXkp_cYeUwkFaa~$Mfyd`mcF@-mK#P zTfnaMAF~e{pM*H}9|Ib_KDm+a-p?Q|Bu^~5k-&qP2_ed3!AwaoipR^xM=wr)poG$8 z)kxsZq3*r+2w~+J!YD8$%LU}T5ab~a&%7j|ku?bk#(QuwO9;vs9p{i4g!4iJz)4LB zjXeRh_l2^f!OC0HY!QWzxhC@OG_$$H3ywMWo|il|)2k~{ubN-)i&j0i3 z{{Nf6jbS;0B$>SyO$6xwR!tw78(6-Ew9Hqq6>YOx=l$EmBAoe?m&3}~`TVcjr1yV$ z{+#c2d7S^vX1kjIZvkI%|JR@y{fi=(CwIGVJVQ-K|L$D9rij=pH z?o}$5)6FEuSRZqIS?yvI5eB9{HfldvGV47-RaX~KRk%_WYbZ-Aq$#V= z69t5#-3Y2uK#Vni+Z4p>B8?{B)^gRPF!&+Ch#5YkHwwH7HQ$9l`E9viPYZBX;jQN5 zni70+Xa4j9Mo`phSKv)13pzI$2$PAoNQk6a1xfKr#)F@_wIs}BK8F!*or5YLSgdD# z`M!UnOrsVe?tvL(BsW&~P4w4Ga25xicw&}f%1|Ni^ z16eQ^Ds&M>3HdM5?LbyS-EREkPQ&LooctEkwm#0n=p|VOBn;Mi379geYu!*5UA8QG zq{8amPUozD^AGb_PB(dcK|RYFX2ZFchVwj6#Ysca!0v(wIVCGw-83eg2tfPrJk17) z1MW1brHo97?h&+@PD45vltl}fcH0*h7e(%qnU7{uoZzX29!r{FbM$E!vc7zu-Ogg0 z1?!a67pUkSy_D*E=Vyn8Jbs^ICU+PaU(Wwqe5>1k!Ti77Iq!5@Jm&v=yHh>?e-qey z-h@$QmEYf_sc~n^)`E4@V>P!Yq4Y7gm*75tugF9xyCcSLuH`2n0K zftc_+CI(!~1ac>GMN~MG z_Aa-728ozyj}1rGAR&{b-klfM4xt@W?*^1GK^Yy?R6xbM{VQ}Mn^(G}*mu3w0Tlr- zU|0sI&;E5Vgn?}K4%qxY^u7sgzXcssqV8XVzGBL^kn$f=30QJ~Ar0V9fjKhRzY}hB&FX0(L#*tQrwHgASi3OlzM{&# z#wRywK+@ZodvT18hZWJ?uDzq&k6!*qjQ@^ksVxk2O})#6&?OkK90_8n+2}}XwRDBG z)^yVV>9%Zc5L>U|M`N?UiB0_o;8&UycLe*%DWGaKTQr=$Dh#X*7WwLKt$q6*)ng8S ztwsdHx4~|7qJc5#q|f1$Kp%_iXaVd=f}@m96A@^2I8(5E|8^#r1}=wX3)F?heqR|l zhF}kSNALf@OGz<5ue$Q`{U6p)Fy(bDn8QHU6$7xn#xjne#Erbh?}_v1h5n+U%3!!F zDT+aVEZL?8C|*+w1jEs#F;F0vT21SJLuQTytTB!F-VZJt^oL5w&+?O5IB{p?OQeJ5 z8M3MNGV;d4i)Lt#maUsI6&`tU0?L3T4Rz)_9BU|p2ch)w6BLZEtUC)^+dDc!LpqFe zkzkPfU;<+>2b&s$n3)O~M}v$g#>5zQ08^lAAxDz?!dSI?0j!M+ZYV<^T}7dPJDs?3 z!WO|Nqvb5|3)fRvaBE>=y}()~pG*{+-t{P=adj?fR^%-T*rOV9`f7K-fG7)qL2#PjfDe3CkpKJc(GBQaI;wwP$x!zIYat#E0~hQ^us&aAR_Br2tfl4oc&n4*7RHGHdA2%3TrCR z1t7`>)5l>Sv(7kHG*!`L;AD%#j1uFR17b9=j~RNPRGCDCU6j&tpi~o&3$Gl!_*GG%~wUl85WecQfHk^{j}ZP-!c} z+i3X3iO8DFCJ-ZkvVi@D^smtbmig-+Rs8;c^FW-0i-k8m=r-V8@&AlJXW#!hZ?&3y2cQ4*)%Sni2436$ z+bQG%1rzzF^MDp#r2v2C6rf-u2Y3zS8#m*w*ZZbTvBk}>>Gj4Ay7YTL`E`ARqF&;h z*4V}=`!vwkbINLL&}N?z+RcSgZjfc44BE|rQErg2PZjO1zP0&(^jk)|>jK&4Yc3VM z0?Fj?UjW?o{&%Zee*cGWbvjl2e+xJ+fB1}nePF`n9L#lUe&`h}kFt#1YEfE)3@^ZS3T&gS>Oy6x)z-xLz6;x0`1r=0KK?N05P(cM1R8T<$6;x0`1r>Z(_&YCMBK81y001LV57qzx diff --git a/shadowsocks.conf b/shadowsocks.conf index 302bbe0..5fb5da0 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -23,6 +23,8 @@ net.ipv4.tcp_tw_reuse = 1 #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout net.ipv4.tcp_fin_timeout = 80 +# Increase max orphans +net.ipv4.tcp_max_orphans = 16384 # short keepalive time net.ipv4.tcp_keepalive_time = 7200 # outbound port range @@ -49,6 +51,7 @@ net.ipv4.tcp_congestion_control = cubic net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 131072 +net.netfilter.nf_conntrack_tcp_timeout_established = 86400 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 diff --git a/shorewall4/snat b/shorewall4/snat index a240a09..8435e40 100644 --- a/shorewall4/snat +++ b/shorewall4/snat @@ -15,7 +15,14 @@ ########################################################################################################################################### #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # -MASQUERADE 10.255.0.0/16,\ +MASQUERADE 10.255.247.0/24,\ + 10.255.248.0/24,\ + 10.255.250.0/24,\ + 10.255.251.0/24,\ + 10.255.252.0/24,\ + 10.255.253.0/24,\ + 10.255.254.0/24,\ + 10.255.255.0/24,\ 169.254.0.0/16,\ 172.16.0.0/12,\ 192.168.0.0/16 $NET_IFACE From 33cf1b4718ad8ff70e1b0f6a451a4906808e0fe9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 14 Jun 2021 05:46:38 +0000 Subject: [PATCH 077/164] Update to 0.1026 --- debian/changelog | 6 ++++++ debian9-x86_64.sh | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 33cf21b..12a86ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1026) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Mon, 14 Jun 2021 07:43:42 +0200 + omr-server (0.1025-test) unstable; urgency=medium * Wireguard support and fixed diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 99f120a..098148c 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1025-test" +OMR_VERSION="0.1026" DIR=$( pwd ) #" From a5cf11a449aaec4090e691486b5201f4ddc5c27d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 14 Jun 2021 05:47:42 +0000 Subject: [PATCH 078/164] Update server script --- debian9-x86_64.sh | 12 +++++++++--- omr-service | 26 ++++++++++++++------------ 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e3c515e..02baec9 100644 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -123,6 +123,11 @@ if [ "$UPDATE" = "yes" ]; then fi echo "Update mode" fi +# Force update key +[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { + echo "Update OpenMPTCProuter repo key" + wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - +} echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock @@ -211,7 +216,7 @@ fi rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} -sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null +[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox @@ -1157,7 +1162,7 @@ if [ "$update" = "0" ]; then echo 'Your glorytun key: ' echo $GLORYTUN_PASS if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN port: 65011' + echo 'A Dead Simple VPN port: 65401' echo 'A Dead Simple VPN key: ' echo $DSVPN_PASS fi @@ -1204,7 +1209,7 @@ if [ "$update" = "0" ]; then EOF if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - A Dead Simple VPN port: 65011 + A Dead Simple VPN port: 65401 A Dead Simple VPN key: ${DSVPN_PASS} EOF fi @@ -1227,6 +1232,7 @@ if [ "$update" = "0" ]; then Your OpenMPTCProuter Server username: openmptcprouter EOF fi + systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" diff --git a/omr-service b/omr-service index 1aa788f..6074fb6 100755 --- a/omr-service +++ b/omr-service @@ -60,19 +60,21 @@ _lan_route() { _gre_tunnels() { . "$(readlink -f "/etc/shorewall/params.vpn")" - for intf in /etc/openmptcprouter-vps-admin/intf/*; do - if [ -f "$intf" ]; then - . "$(readlink -f "$intf")" - iface="$(basename $intf)" - if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then - ip tunnel del $iface 2>&1 >/dev/null - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR - ip link set $iface up - ip addr add $LOCALIP dev $iface - ip route add $NETWORK dev $iface 2>&1 >/dev/null + if [ -n "$OMR_ADDR" ]; then + for intf in /etc/openmptcprouter-vps-admin/intf/*; do + if [ -f "$intf" ]; then + . "$(readlink -f "$intf")" + iface="$(basename $intf)" + if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then + ip tunnel del $iface 2>&1 >/dev/null + ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null + ip link set $iface up 2>&1 >/dev/null + ip addr add $LOCALIP dev $iface 2>&1 >/dev/null + ip route add $NETWORK dev $iface 2>&1 >/dev/null + fi fi - fi - done + done + fi } _openvpn_bonding() { From e063e29ff98e1b494de23d1691d033add6a64266 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 15 Jun 2021 05:04:25 +0000 Subject: [PATCH 079/164] Fix vpspath for release --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bdbff00..cbb7d33 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -57,7 +57,7 @@ SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead" SHADOWSOCKS_BINARY_VERSION="3.3.5-2" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server-test" +VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} From ce4516fac273a6de7384c11fa045e6601741eed7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 23 Aug 2021 13:50:00 +0000 Subject: [PATCH 080/164] Commit latest small changes in script --- debian9-x86_64.sh | 12 ++++++++---- omr-pihole.sh | 5 +++++ omr-service | 25 ++++++++++++++++++------- omr-test-speed | 12 ++++++------ omr-test-speedv6 | 12 ++++++------ openmptcprouter-shorewall6.tar.gz | Bin 3780 -> 3803 bytes shorewall6/params.vpn | 1 + 7 files changed, 44 insertions(+), 23 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index cbb7d33..444a169 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -629,6 +629,8 @@ if [ "$OBFS" = "yes" ]; then cd /tmp rm -rf /tmp/simple-obfs else + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} fi #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json @@ -662,6 +664,8 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then #cd /tmp #rm -rf /tmp/simple-obfs else + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} fi fi @@ -1188,11 +1192,11 @@ else cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf cp ${DIR}/shorewall4/policy /etc/shorewall/policy cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net + #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn + #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net cp ${DIR}/shorewall6/params /etc/shorewall6/params - cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn + #cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net + #cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules cp ${DIR}/shorewall6/snat /etc/shorewall6/snat diff --git a/omr-pihole.sh b/omr-pihole.sh index 20a023f..0981789 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then echo "This script doesn't work with Debian Stretch (9.x)" exit 1 fi +if [ "$(id -u)" -ne 0 ]; then + echo "You must run the script as root" + exit 1 +fi + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "Don't apply Pi-hole firewall rules." diff --git a/omr-service b/omr-service index f388c5d..c94e748 100755 --- a/omr-service +++ b/omr-service @@ -42,6 +42,15 @@ _glorytun_tcp() { _dsvpn() { [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then + localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.251.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" + systemctl restart dsvpn@dsvpn0 + fi + fi } _shadowsocks() { @@ -66,13 +75,15 @@ _omr_api() { _lan_route() { cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | while IFS=$"\n" read -r c; do - vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c -r '.lanips[] //empty' | - while IFS=$"\n" read -r d; do - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null - done + if [ -n "$c" ]; then + vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') + if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then + echo "$c" | jq -c -r '.lanips[] //empty' | + while IFS=$"\n" read -r d; do + network=$(ipcalc -n $d | grep Network | awk '{print $2}') + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + done + fi fi done } diff --git a/omr-test-speed b/omr-test-speed index 863232f..15666e1 100644 --- a/omr-test-speed +++ b/omr-test-speed @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -13,9 +13,9 @@ fi exit 0 } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/omr-test-speedv6 b/omr-test-speedv6 index ca3d64d..3db10fe 100644 --- a/omr-test-speedv6 +++ b/omr-test-speedv6 @@ -1,8 +1,8 @@ #!/bin/sh # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -OVH=false -if [ "$1" = "ovh" ]; then - OVH=true +HETZNER=false +if [ "$1" = "hetzner" ]; then + HETZNER=true INTERFACE="$2" else INTERFACE="$1" @@ -14,9 +14,9 @@ fi } -if [ "$OVH" = false ]; then +if [ "$HETZNER" = false ]; then echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" + HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="9999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') @@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then done fi -[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat" +[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" echo "Best server is $HOST, running test:" trap : HUP INT TERM diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz index d5769fae4f168217f983a780a6bdd3be7bb4e23a..eeb36f255423786ff3502b03dab8b9a259e435a2 100644 GIT binary patch delta 3749 zcmV;W4qEZV9oroTABzY8C#?OE2Sk4}Ju^K|_Y93@zURfEJ^SU={-_1iKRIFFK;`dt z|FrX}-90^Rb-SmnUi($6-99<(y&|nW%9PV8itUh)SE296pDOoU{{JZ*)DDPo?}yHV zy;$@~qd}TZJZnaIQgfDRNDa#l{gAlctsgG!*!4YP-}tMTI8efMBFG`}y&Hd#TX*3c zk@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmtl;cEdm>j3+s;P3K zrs^hVu+OPMbD%dcB}PWtM-HA&E4CKe`spk%(ro{=8R_n*J+p7 z#@$YLn@{JBQj4eUw}t#4kKcCNn>DvjJ7tk1UD&SL4QHE-{eJ(n#Hdj7Tv827F}C?V zC%$q0sNqE=3A^Q5H0`M&34-#NfaKj0tHCRDn>DgMrzCr?-!HRDPc(lTxxuEiy;i?G zT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x?JY&6Tla1iGLvu&H41+4 z7`k`&F?lV#Asv|hMyG$(J|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7T9D9jNaWwf4|eE$ zPagdhnSmh*ow*xBM-7MT0Fw5@D@gj%V5eYCYx_9Q8tV0yUNCg4&2i1SGZhlW37xJ;~Y}7i( z?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5TOLXYELV>aHms}LI_ zb0@alMFb3uozmA^_O&`h^<7)@+)wE2yyke+hct|4%f8Arv1)?w!Z*>zy6C z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-ZH=Zo;lwe+*4QVA_^x-i0$4_TT!L-zmjwY}LCpz69}fh6WYsaaayI)Gg#KOL75XbP zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f zFhr|G43d9?NxVs{Km-GX2FXnfN>U}cx4|$u4vbmo!U%bJ3n)8Qza{XF@lsL*c`8zp zXvHx!T}}e9dkNsGXeYFu$NjbO4F2N|pzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^ z{|@Z`Pr&EvcKR(W2kXD`|6YdFiEi}VzXU~gf9`jXJgv*m-0-1Y z@eEE=Wl6YR-^=QV$n=uR*}XK8%(L^UZkRPZg)8zB)WIV0f?d!7D^3g*5J1H;u~pO1bRJ%j%zC!JRL z{IB1w@c%{VGw@$W75Q5DKZ2{%$_D(2Z2&`(otuE)iL!u^9ED4UXxkEDAW0#;Twc|s zk)-gMVIn$jZahuGu#+ZyPk8+T?*&y+nDu{3^G#{8QGN{ifdMJGd@N$6n9o8A4#<}g zhQeguuZ=f(db!(05s^l^I@M}F7&I9@UY6H4z{;P?k};;@I#H)Gj6@+pQZ9K}DkMx5 zQ|EA)$*>1zV~g6R?~k#H1eDoQ{TXy{jv&@X9c*b@TB^nCVB7dg*$(Z)){|$ z^_&%tX8~KA3GuU;6U0PRj6zG%x{X^mg|*nv+I;Xs44eX%*NNkhjOF3*YNMS*y1X6M z8O`_em!#8JP!`r);D<5!2kG~~Ct;u)-P?2jA@XOxL`=%Ng&#h~E06fz#<=7I zu`!=z3CnuLzFA|9ey`W<{pLDW^X)o5(LKW$XA`&+!8@G}Yfc;s8c82tleK@QZmUmO zUziTEfU52jikoI&3pyD65W2!vCz~Z!cN<&lpS*qhw%F`!;i4uL*L|w22cp7fS^@2x zwOhyd*GU4&8my+j+|k$i0p>Bfa(ijx)BbkC%(xpK@?qimnDR2~TwRoDvQ0DFGjfoD&(Y#GSWW1BXmE zrY}9 zK4|=i>VrLsKZMcOLG~-?gG}Vz_h2aL^a@=6eRcx29-v4g_>*9bjCS9Na~U=ruv;-L zSshvIP!al*?oKw+@cJBgD2kZgt<|u@5@0M~%aUXcC7BMI@9eM%er|K=L=hrQlEs1? z2lX62&;AzSf1TyBtyX_hhslprMZO*=eyuj)g_4wrp0!%KvD%PS*PwNi>RW}4kEKth z`fxing$+nw_oVQOhwHiVF{IUMrl46vnI9Qjb>zFc4FPvOiw7KPi2#ajf}W^E0p(H2 zki#W_n2P&n9`r|qZ!ujK0+dzZO2Yiz>lJM5htkN>cym0cAHILbTT#+K6vpqYxr#!# zw?n6xdidTL^E%xu45~4rs-!{cpuqNPY~4A&8#HAKI;-_@<4q0JUyXejG|?pCf~g~D zkt$B11Xfe4DMN6_v4BQ(IjQ!>^_qbbE)bqj@MZ)lXHE9On$55Bi-kY47v)@z9B4=na3U)mTk%!!pJc(1SG^-9yIo+_*MS+CjaJO0^$g5n;lIpbk?|4U;K` zkf{wQN|Q`jijMYc_iB-BfGm*?`KfFUJlGo-ASg?&v+cPgOtk3eJoN4P%#PyZFym;l zTEuSQehzzY#gC0g@9Z#NV=Og21SuxtMqN~l&dr+nR2S3%t?&HVdT8{3X7I2F3R>UL|jW0j#!OH+xwr zDp(Im86|)I>iXVdFgHj7@gYN;NQz|e=LS_wxD+!F7hmYZVT0s#Li&c^I$^?JP-bDz zc|#Jc#6lWLO13Zub+GG4sZ(&2+cZ#3Va!X4WeB>YnQ5hh%ulq5kyIhbl-DhQGIpa* zG?|)7bFdV^62oG&03}sFepGV(AyjJ)L$hww~6`?Z*)*NMl(i|MO#hQ<6LmYg|6o63-TIxqI)9!OmX9pU0VfJRhUc0ur7JBfbJOmaSE=omA`wE zmSX-Dvx{~Z=f={~p)HD1ru{egOW?)fOGbav6!H#bw?DzynAx4COQ6)+pxz-}_J`kX z`0H%`p@~I31_t#~5;LVw()4LI!&4)Na+sM!BuvxB*RWoA*#ccG6otuKCnOFsC;~MM z*zTkqLM2dTQQ$SmH*&SVQuPZSIK{$=s{R_Z2Gj)Fx z4M4bT7t3&NpW6>nGBn&w;CQg0f_xKF%*mG7TGNZUSqwq8DJbTp@eKJMV7tA1+pwLL zY!J57*N*>o-rDtlx&u2N%O@sr!VXz3a1Y6oYnZ?(F?ZiAuDNr`M4-%8($>8?945Z_ zgf}j-TvX=d8i3^hgG30zCLW=QplpAtNpw06!SCPODWu|81R| zRPi4#LYwg)dCZ5Q@Md#jNB>zlp*?q;uMGd_SCJoo;>Zugkb2&c^i=)n6ZPgM7dua9 z-CRO)QHVcM9LW>E9>P5t|G}|e5J8tr;Lt%S{+I}d5g_bGN1*6Ae=fO8pSAPGm(>bYr|KmmIWAUH8f-g`| zkuUZG+MUV;_%piz1s&PLYXE;=8H~Bf_fq(dmol@;HP&g3b@Ge+pvP|{ z48r@Je&dFB%e}(@qL!S}<|1+vc_4-$Z{vSnu1|oZa{q(n)%xjH-efp~@TevJK zTS<)6srlJh|FOEWUuwzT3d@68vp`u4EzVypV>f?5l&`3wiYlt8qKcEL4iA%`4iOFL P&r1ITPlA_20C)fZM6_PA delta 3704 zcmV-;4u|pE9mE|6ABzY8V0I~y2Sk58Ju^K|_Y8w(zURfEJ^SU={-_1iKRIFFK;`dt z|FrX}-92rebWU3R?&+&myM1!ne??k*)G4P`6x$&ouR`CCKUMCz{Qpxrs2vdF-VdDz zd$H(~MuRk+c-D;aq~TR&XdvFm%pzVTNvaiE0jM36(`dpCa~x9-9@ zBJpG3kowa0$XZ+@7gq;)KMYlU!keU9JJ>7L4tT+oRE6U>L!IgZ~m^RoinZ^QyAB3Ke)H#ke{0Bn93T}4f4%5#Igj_GI@PO&7^>3@e^JVc`GSY z6U?)FXAwBznGJ29+h>}}H8_9#U(Exq-D-W;s{P=2bN4pmADY@W^KBfgIpbNtb=oDi zaktam=F@qjRO4y;Z6W{1v5s3)`aIaJI?V@Apqjj0!c+CDpJLW1HV| z;v3hG8eUY=uv?a*X-{=Y5S04_H1C#J4PK$!tdZ?GCEa`dewkHzqSAlJ4K}sywfg1W zGL*?voZhm;+U}Rf(0p?2b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0-|trV z|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>FQSgJu z(7n5l$!p;a>A>(eI<0^93AuR$|KJoVG#z`%{ECTgW8vO}cKArpgM^MlBL6miutVp2 z^60O~3>-=5%-sll&CM!yh#M2Y*QOr=|I&v!@rX$)Z|;Pw8c=T;5&xFmjFc&nohX95 zk>fd`y&&4^X5r3&S$1cR7dga^NPub4y)(~r9ik#estCA05YK;_`8{!5$j7>~Uh5pU zv)WRLM+ExnwH>4WA@Kubd;>~9l7$W0Wt_*X3k;|TdC_?io$}&@9>>4NtiNwpAy!7_ zPHel22pAeWrLXtwYjcR|yY}XJoY2|17w{TM)i7Q#YT&ZCL-1*q zRLEpBzn=w1;7EUN7xrCr6b8^U&;du#fnX`~LHj6#{&Q|HaC#SboWBekeb+l_tiS~S zo(akMpJLk)#D9_kJG7U3#D1jb@W0*Zm+-%JdfKk=|0U@8_&>1_hERMIxpyAJuXlFn z+BXY8hWI|gH{v;fngCKx0%uZ;I3BI;?wlxw99Ax4Bc6Y~1l}9x4uItWfE0w1RRFOM zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3 zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl z4AE*4gXVwW5^oYO5J3l_Lvj;`l87YtHaI57fj$de=piq!0d+_5TMF+OFC|5gry?bZ zRUAXruR1s;Ut5dD^gF%zt<7Ih$1FZbH zEE!`et`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg z*(=6bg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=&GO;x07>3MFDV4j(FUAcy1J;9bAr&X&Pu z9&QUik;hnAfpy+TtA3_g8!}7vp-eIKgOafNjXkfke*drUImgEc;Uoy1cYrhrOfLMi z_>IFj7rsAt=En>qaoku<8@>0DUSNL;mGW@EJRQb@v9Rg_Ka9ygNWTX$2?O2e-k$pp zkw5z-Vp`rU{O~bedBpcN`X%p(jqxmNShg$n%_?j3d%bS&H_KSfw`F{yd4@6025={e zcRC$boj4XWl0Lp9YfIfWpR&C$8)OG+x=$Exnt?Uw;PgXi3Y(p5l$h)`*4BSNdHeQl zvD(?fMN2Bq`_xzuM1{|+0_r(yw~q0zlN=;!FiC&8Cl~7nSjQO3?WK-S$N%ki|FnGm zr_<|ps`&pUXy5Hy{DcmmuxTLeL4(fPeh#!F7x|_i-GYHJg7A4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5t zDbe7b5{RM5Ig#N?+JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx z>gTESQAgug`IXqKN6;+6+4^0r~=#EJ@~2 zlIfuN&JLRp=Qfv46d}?iS?rM8pq|6$+211kud`gX)JkNS{76;g>w)6eY7<^4X^H4r ztECI84NY|oYB#CARoH*{So&nD54TfO*nsqPOA1H)UC)h=A+1(31B85S~!+W&|l` zP4>a6&9Cx{g+H?wb1Ri~`-(1~Jb4VcwfO>o09#uU(lRT|wx#`N5{Hc;C^ zy^cn;A7Bw-z=wZe4pT4@c5WEH&K(DJJ7WT~v(F2@0w8 z8cO<-%Ijc5KTheCZZ_zNq~z(wm({T!@1nzCk72lV7;Jxy6JWR}Z0Hds_Au}|K%}5f z@C~BDw-Kza58q>48-0KaTyuQ*=i&S4F^Zk#2Y`UNgJ&UGWc=aVnr@5>ywUwO3#82a zCBB9P#rM)*rD%cythSyvdzmRJcn?V#CGqO|-eNE}NDg8{hB%QF$>7fos+e#oW)UvF z(1qOw$?JcF^bN0d!i2w|%)_4Zh9p>thcuFuY+?@T;Mb4Rpx`L?X<(Ydn3ojG5Ohg1 zQ=x*)Pqc}Vh!AAT>lQ#6yHO{aOwFV^mnU&~BLyIPs$3}Q74(5FC2j_pC1?@UW`cd<*i4hQNs25f6l9sgI4g+G$byO# z7{OE#38IFiavWvVtJN+j)hyk#Qb%^3L`=MxzB*-CEFNOXSwOUD40)=FaR$tokxVz& zJ=lLh3&t#OHjZEtVzExLjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpYe*qY0reUH12$!v58P4r<`5{V%hKmX84|b>^UxXBMvT3%q^kRQ* zc7`BZ6cqE)^9=bKV7tD2*|43JED*NS*Ma|b-a7Pux&b@x%O?hL!Zukha1F_mYZ$;O zF?U}r&bf2RM4-%O($>8?944{&gf}j-Tr}q78i3^h4~YZATvXzZbdKbSUytCPJpaM5Uy#6%OyDp;DgKxQ zhbKVTk4`|*bN*bCCG#3O4S*k(#X2v7)LZAf*4bIJ-8%Yr4eGd^xA68muJC^bDt0o= z&E)weKJNsx23ul%$R4=lk3gf^0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~C zpwFHE@Ab;>e|0)1)$c#N2z~7QXRi5KoLN70{w$R1!n{cRreT4P|J{%Xb+E=$T*5+ikLem2&BOm_B59obu9`C-=Vpe!Df WoDMP%sG^GgjPySSZ@`TJcmM!)=v)v0 diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn index e69de29..a7a7058 100644 --- a/shorewall6/params.vpn +++ b/shorewall6/params.vpn @@ -0,0 +1 @@ +OMR_ADDR=fe80::a00:2 From d7dacc3e728fa9747bbf629d5ef51052d017ec85 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 23 Aug 2021 13:51:22 +0000 Subject: [PATCH 081/164] Update ubond --- debian9-x86_64.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 098148c..f970370 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -43,7 +43,7 @@ GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" -UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" +UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" @@ -62,7 +62,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1026" +OMR_VERSION="0.1026-test" DIR=$( pwd ) #" @@ -1189,11 +1189,11 @@ else cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf cp ${DIR}/shorewall4/policy /etc/shorewall/policy cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net + #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn + #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net cp ${DIR}/shorewall6/params /etc/shorewall6/params - cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn + #cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net + #cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules cp ${DIR}/shorewall6/snat /etc/shorewall6/snat From 16e01d1120f6f9baf13ab5e80b601fec12e6e739 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 19 Nov 2021 21:03:15 +0000 Subject: [PATCH 082/164] Various fixes --- debian9-x86_64.sh | 8 ++++---- omr-service | 10 ++++++---- shadowsocks.conf | 2 +- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 444a169..d71a6e9 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -166,7 +166,7 @@ echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock -apt-get update +apt-get update --allow-releaseinfo-change rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock @@ -179,7 +179,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list - apt-get update + apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" @@ -189,7 +189,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:bionic:focal:g' /etc/apt/sources.list - apt-get update + apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" @@ -252,7 +252,7 @@ elif [ "$ID" = "ubuntu" ]; then fi # Install mptcp kernel and shadowsocks echo "Install mptcp kernel and shadowsocks..." -apt-get update +apt-get update --allow-releaseinfo-change sleep 2 apt-get -y install dirmngr patch rename curl libcurl4 unzip diff --git a/omr-service b/omr-service index c94e748..a51b564 100755 --- a/omr-service +++ b/omr-service @@ -73,15 +73,17 @@ _omr_api() { } _lan_route() { - cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | + cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' | while IFS=$"\n" read -r c; do if [ -n "$c" ]; then vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c -r '.lanips[] //empty' | + echo "$c" | jq -c -r '.lanips[]? //empty' | while IFS=$"\n" read -r d; do - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + if [ "$d" != "" ]; then + network=$(ipcalc -n $d | grep Network | awk '{print $2}') + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + fi done fi fi diff --git a/shadowsocks.conf b/shadowsocks.conf index 5fb5da0..d6d760a 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -60,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0 net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_syn_retries = 2 net.mptcp.mptcp_scheduler = blest -net.ipv4.tcp_ecn=1 +net.ipv4.tcp_ecn = 2 From 2b5afea3a1a3fd2b1eeb7d7c9f7aaf4c42ac3e92 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 11 Feb 2022 15:54:58 +0000 Subject: [PATCH 083/164] Fix --- debian9-x86_64.sh | 128 +++++++++++++++++++++++++++++++++++++--------- multipath | 123 +++++++++++++++++++++++++++++++------------- omr-pihole.sh | 1 + omr-service | 6 ++- shadowsocks.conf | 2 +- ubond.network | 17 ++++++ ubond0.conf | 42 +++++++++++++++ ubond@.service.in | 16 ++++++ 8 files changed, 273 insertions(+), 62 deletions(-) mode change 100644 => 100755 multipath create mode 100644 ubond.network create mode 100644 ubond0.conf create mode 100644 ubond@.service.in diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 27938fc..3fcf1bc 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -6,6 +6,7 @@ # See /LICENSE for more information. # +UPSTREAM=${UPSTREAM:-no} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} @@ -29,32 +30,47 @@ OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} +if [ "$UPSTREAM" = "yes" ]; then + SOURCES="yes" +fi NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.100" -KERNEL_PACKAGE_VERSION="1.18+9d3f35b" +KERNEL_VERSION="5.4.132" +KERNEL_PACKAGE_VERSION="1.19+4f508aa" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" +if [ "$UPSTREAM" = "yes" ]; then + KERNEL_VERSION="5.15.13" + KERNEL_PACKAGE_VERSION="1.5" + KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" +fi GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" -GLORYTUN_UDP_BINARY_VERSION="0.3.4-4" +GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" -MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" -MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab" +MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" +MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" +if [ "$UPSTREAM" = "yes" ]; then + OMR_ADMIN_VERSION="2a8f642f89a982d2c26c3e176f6c4c1e3e91ffcb" +fi OMR_ADMIN_BINARY_VERSION="0.3+20210508" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="4.35.1" +V2RAY_VERSION="4.43.0" V2RAY_PLUGIN_VERSION="4.35.1" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead" -SHADOWSOCKS_BINARY_VERSION="3.3.5-2" +SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" +if [ "$UPSTREAM" = "yes" ]; then + SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543" +fi +IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" +SHADOWSOCKS_BINARY_VERSION="3.3.5-3" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" @@ -62,7 +78,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1026-test" +OMR_VERSION="0.1027-test" DIR=$( pwd ) #" @@ -82,14 +98,14 @@ if test -f /etc/os-release ; then else . /usr/lib/os-release fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then - echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" +if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then + echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" exit 1 elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x) or Debian Buster (10.x)" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" exit 1 fi @@ -166,7 +182,7 @@ echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock -apt-get update +apt-get update --allow-releaseinfo-change rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock @@ -179,7 +195,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list - apt-get update + apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" @@ -189,7 +205,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:bionic:focal:g' /etc/apt/sources.list - apt-get update + apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" @@ -235,6 +251,17 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF + if [ -n "$(echo $OMR_VERSION | grep test)" ]; then + echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones + Package: * + Pin: origin ${REPO} + Pin-Priority: 1002 + EOF + else + rm -f /etc/apt/sources.list.d/openmptcprouter-test.list + fi wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - fi @@ -252,9 +279,9 @@ elif [ "$ID" = "ubuntu" ]; then fi # Install mptcp kernel and shadowsocks echo "Install mptcp kernel and shadowsocks..." -apt-get update +apt-get update --allow-releaseinfo-change sleep 2 -apt-get -y install dirmngr patch rename curl libcurl4 unzip +apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb @@ -267,7 +294,7 @@ if [ "$SOURCES" = "yes" ]; then #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "Install kernel linux-image-${KERNEL_RELEASE} source release" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb @@ -300,6 +327,32 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox echo "Install iperf3 OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 +if [ "$UPSTREAM" = "yes" ]; then + echo "Compile and install mptcpize..." + apt-get -y install --no-install-recommends build-essential + cd /tmp + git clone https://github.com/Ysurac/mptcpize.git + cd mptcpize + make + make install + cd /tmp + rm -rf /tmp/mptcpize + echo "Compile and install iproute2..." + apt-get -y install --no-install-recommends bison libbison-dev flex + #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz + #tar xzf iproute2-5.16.0.tar.gz + #cd iproute2-5.16.0 + git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git + cd iproute2 + git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 + make + make install + cd /tmp + rm -rf iproute2 + echo "MPTCPize iperf3..." + mptcpize enable iperf3 +fi + apt-get -y remove shadowsocks-libev if [ "$SOURCES" = "yes" ]; then @@ -347,6 +400,7 @@ if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev + apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc sleep 1 rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -469,9 +523,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then apt-get -y remove python3-jwt pip3 -q install pyjwt else - apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop + if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then + apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 + pip3 -q install uvloop + else + apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop + fi fi - apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil + apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests echo '-- pip3 install needed python modules' #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U @@ -534,6 +593,10 @@ if [ "$OMR_ADMIN" = "yes" ]; then systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service + if [ "$UPSTREAM" = "yes" ]; then + mptcpize enable omr-admin.service + [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service + fi fi # Get shadowsocks optimization @@ -687,14 +750,17 @@ if [ "$V2RAY" = "yes" ]; then if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json - rm /etc/v2ray/config.json - ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi + rm -f /etc/v2ray/config.json + ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service fi systemctl daemon-reload systemctl enable v2ray.service + if [ "$UPSTREAM" = "yes" ]; then + mptcpize enable v2ray + fi fi if systemctl -q is-active mlvpn@mlvpn0.service; then @@ -717,7 +783,8 @@ if [ "$MLVPN" = "yes" ]; then rm -rf /tmp/mlvpn cd /tmp #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn - git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn + #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn + git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn cd /tmp/mlvpn git checkout ${MLVPN_VERSION} @@ -936,6 +1003,9 @@ if [ "$OPENVPN" = "yes" ]; then mkdir -p /etc/openvpn/ccd systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service + if [ "$UPSTREAM" = "yes" ]; then + mptcpize enable openvpn@tun0 + fi systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding2.service systemctl enable openvpn@bonding3.service @@ -1047,6 +1117,9 @@ if [ "$DSVPN" = "yes" ]; then apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi + if [ "$UPSTREAM" = "yes" ]; then + mptcpize enable dsvpn-server@dsvpn0 + fi fi # Install Glorytun TCP @@ -1068,8 +1141,15 @@ if [ "$SOURCES" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp - wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + if [ "$UPSTREAM" = "yes" ]; then + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz + else + wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + fi tar xzf glorytun-0.0.35.tar.gz + if [ "$UPSTREAM" = "yes" ]; then + mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 + fi cd glorytun-0.0.35 ./autogen.sh ./configure diff --git a/multipath b/multipath old mode 100644 new mode 100755 index cee0743..e92d0c6 --- a/multipath +++ b/multipath @@ -6,9 +6,8 @@ # Released under GPL 3 or later if [ -d "/proc/sys/net/mptcp" ]; then - if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then + if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then echo "MPTCP is disabled!" - echo "Please set net.mptcp.mptcp_enabled = 1" exit 1 fi else @@ -26,7 +25,7 @@ case $1 in echo " multipath device {on | off | backup | handover}" echo echo "show established conections: -c" - echo "show mullmesh info: -f" + echo "show fullmesh info: -f" echo "show kernel config: -k" echo echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" @@ -43,12 +42,28 @@ case $1 in cat /proc/net/mptcp_fullmesh exit 0;; "-k") - echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` - echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` - echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` - echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` - echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` - echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` + if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then + echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` + elif [ -f /proc/sys/net/mptcp/enabled ]; then + echo Enabled: `cat /proc/sys/net/mptcp/enabled` + fi + if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then + echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` + fi + if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then + echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` + else + echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled` + fi + if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then + echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` + fi + if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then + echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` + fi + if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then + echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` + fi echo echo See http://multipath-tcp.org/ for details exit 0 ;; @@ -65,38 +80,74 @@ TYPE="$2" #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` [ -d "/sys/class/net/$DEVICE/" ] || { - echo "Device '$DEVICE' can't found!" - echo "Use the hardware name like in ifconfig" + #echo "Device '$DEVICE' can't found!" + #echo "Use the hardware name like in ifconfig" exit 1 } -FLAG_PATH="/sys/class/net/$DEVICE/flags" -IFF=`cat $FLAG_PATH` +if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then + FLAG_PATH="/sys/class/net/$DEVICE/flags" + IFF=`cat $FLAG_PATH` -IFF_OFF="0x80000" -IFF_ON="0x00" -IFF_BACKUP="0x100000" -IFF_HANDOVER="0x200000" -IFF_MASK="0x380000" + IFF_OFF="0x80000" + IFF_ON="0x00" + IFF_BACKUP="0x100000" + IFF_HANDOVER="0x200000" + IFF_MASK="0x380000" -case $TYPE in - "off") FLAG=$IFF_OFF;; - "on") FLAG=$IFF_ON;; - "backup") FLAG=$IFF_BACKUP;; - "handover") FLAG=$IFF_HANDOVER;; - "") - IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` - case "$IFF" in - $IFF_OFF) echo $DEVICE is deactivated;; - $IFF_ON) echo $DEVICE is in default mode;; - $IFF_BACKUP) echo $DEVICE is in backup mode;; - $IFF_HANDOVER) echo $DEVICE is in handover mode;; - *) echo "Unkown state!" && exit 1;; - esac - exit 0;; - *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; -esac + case $TYPE in + "off") FLAG=$IFF_OFF;; + "on") FLAG=$IFF_ON;; + "backup") FLAG=$IFF_BACKUP;; + "handover") FLAG=$IFF_HANDOVER;; + "") + IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` + case "$IFF" in + $IFF_OFF) echo $DEVICE is deactivated;; + $IFF_ON) echo $DEVICE is in default mode;; + $IFF_BACKUP) echo $DEVICE is in backup mode;; + $IFF_HANDOVER) echo $DEVICE is in handover mode;; + *) echo "Unkown state!" && exit 1;; + esac + exit 0;; + *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; + esac -printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH + printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH +else + ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}') + IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}') + IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') + RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') + [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null + case $TYPE in + "off") + [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + exit 0;; + "on") + [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh + exit 0;; + "signal") + [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + ip mptcp endpoint add $IP dev $DEVICE signal fullmesh + exit 0;; + "backup") + [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + ip mptcp endpoint add $IP dev $DEVICE backup fullmesh + exit 0;; + "") + case "$IFF" in + "") echo $DEVICE is deactivated;; + "subflow") echo $DEVICE is in default mode;; + "backup") echo $DEVICE is in backup mode;; + "signal") echo $DEVICE is in signal mode;; + "fullmesh") echo $DEVICE is in fullmesh mode;; + *) echo "$DEVICE Unkown state!" && exit 1;; + esac + exit 0;; + *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; + esac +fi diff --git a/omr-pihole.sh b/omr-pihole.sh index 20a023f..8310b72 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -33,6 +33,7 @@ cat >> /etc/pihole/setupVars.conf <<-EOF PIHOLE_INTERFACE=gt-tun0 IPV4_ADDRESS=10.255.0.0/16 IPV6_ADDRESS=fe80::aff:ff01/64 +RATE_LIMIT=0/0 EOF grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf diff --git a/omr-service b/omr-service index f388c5d..b55a9c4 100755 --- a/omr-service +++ b/omr-service @@ -7,7 +7,11 @@ _multipath() { for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then if [ "$intf" = "$NET_IFACE" ]; then - [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on + [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on + [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { + multipath $intf signal + ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null + } else [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off fi diff --git a/shadowsocks.conf b/shadowsocks.conf index 5fb5da0..d6d760a 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -60,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0 net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_syn_retries = 2 net.mptcp.mptcp_scheduler = blest -net.ipv4.tcp_ecn=1 +net.ipv4.tcp_ecn = 2 diff --git a/ubond.network b/ubond.network new file mode 100644 index 0000000..814ae03 --- /dev/null +++ b/ubond.network @@ -0,0 +1,17 @@ +[Match] +Name=ubond* + +[Network] +Description=UBOND tunnel +Address=10.255.248.1/24 +DHCPServer=yes +IPMasquerade=yes + +[DHCPServer] +PoolOffset=2 +PoolSize=50 +EmitDNS=no +EmitNTP=no +DNS=9.9.9.9 +DefaultLeaseTimeSec=12h +MaxLeaseTimeSec=24h \ No newline at end of file diff --git a/ubond0.conf b/ubond0.conf new file mode 100644 index 0000000..b6063fd --- /dev/null +++ b/ubond0.conf @@ -0,0 +1,42 @@ +[general] +tuntap = "tun" +mode = "server" +interface_name = "ubond0" +timeout = 30 +password = "UBOND_PASS" +reorder_buffer = yes +reorder_buffer_size = 64 +loss_tolerence = 50 + +[wan1] +bindport = 65251 +bindhost = "0.0.0.0" + +[wan2] +bindport = 65252 +bindhost = "0.0.0.0" + +[wan3] +bindport = 65253 +bindhost = "0.0.0.0" + +[wan4] +bindport = 65254 +bindhost = "0.0.0.0" + +[wan5] +bindport = 65255 +bindhost = "0.0.0.0" + +[wan6] +bindport = 65256 +bindhost = "0.0.0.0" + +[wan7] +bindport = 65257 +bindhost = "0.0.0.0" + +[wan8] +bindport = 65258 +bindhost = "0.0.0.0" + diff --git a/ubond@.service.in b/ubond@.service.in new file mode 100644 index 0000000..18f8be6 --- /dev/null +++ b/ubond@.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=UBOND connection to %i +PartOf=ubond.service +ReloadPropagatedFrom=ubond.service +After=network.target network-online.target + +[Service] +Type=notify +NotifyAccess=main +ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet +ExecReload=/bin/kill -HUP $MAINPID +WorkingDirectory=/etc/ubond +Restart=always + +[Install] +WantedBy=multi-user.target From a8553ba64f47afe4b544b093952b6b8c55919aae Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 11 Feb 2022 15:56:10 +0000 Subject: [PATCH 084/164] Add missing package --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index d71a6e9..e846ce2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -471,7 +471,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then else apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi - apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil + apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests echo '-- pip3 install needed python modules' #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U From 4fbb8d08f3a3e39cea587602954e4ff9f02743a4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Aug 2022 18:36:09 +0000 Subject: [PATCH 085/164] Push latest scripts changes --- debian9-x86_64.sh | 81 +++++++++++++++++++++++++------ multipath | 2 +- omr-service | 51 +++++++++++-------- openmptcprouter-shorewall.tar.gz | Bin 4136 -> 4192 bytes shorewall4/interfaces | 1 + shorewall4/policy | 2 + shorewall4/shorewall.conf | 10 ++-- shorewall4/stoppedrules | 2 + shorewall4/tcinterfaces | 2 +- shorewall4/zones | 1 + 10 files changed, 108 insertions(+), 44 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3fcf1bc..232e25d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -38,12 +38,12 @@ REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -KERNEL_VERSION="5.4.132" -KERNEL_PACKAGE_VERSION="1.19+4f508aa" +KERNEL_VERSION="5.4.207" +KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" if [ "$UPSTREAM" = "yes" ]; then - KERNEL_VERSION="5.15.13" - KERNEL_PACKAGE_VERSION="1.5" + KERNEL_VERSION="5.15.57" + KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" @@ -55,15 +55,12 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c" -if [ "$UPSTREAM" = "yes" ]; then - OMR_ADMIN_VERSION="2a8f642f89a982d2c26c3e176f6c4c1e3e91ffcb" -fi -OMR_ADMIN_BINARY_VERSION="0.3+20210508" +OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024" +OMR_ADMIN_BINARY_VERSION="0.3+20220715" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.43.0" -V2RAY_PLUGIN_VERSION="4.35.1" +V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" if [ "$UPSTREAM" = "yes" ]; then @@ -73,6 +70,7 @@ IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} +VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} VPSPATH="server-test" VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" @@ -182,7 +180,11 @@ echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock -apt-get update --allow-releaseinfo-change +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then + apt-get update +else + apt-get update --allow-releaseinfo-change +fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock @@ -283,6 +285,18 @@ apt-get update --allow-releaseinfo-change sleep 2 apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config +if [ -z "$(dpkg-query -l | grep grub)" ]; then + if [ -d /boot/grub2 ]; then + apt-get -y install grub2 + elif [ -d /boot/grub ]; then + apt-get -y install grub-legacy + fi + [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { + echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub + } +fi + + if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb @@ -317,6 +331,7 @@ if [ "$LOCALFILES" = "no" ]; then else cd ${DIR} fi +[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} @@ -430,7 +445,7 @@ if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock-frontend cd /tmp #dpkg -i shadowsocks-libev_*.deb - dpkg -i omr-shadowsocks-libev_*.deb + dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null #mkdir -p /usr/lib/shadowsocks-libev #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} @@ -530,8 +545,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi fi - apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests + apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' + echo "If you see any error here, I really don't care: it's about a not used module for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U @@ -901,6 +917,34 @@ if [ "$WIREGUARD" = "yes" ]; then EOF fi systemctl enable wg-quick@wg0 + if [ ! -f /etc/wireguard/client-wg0.conf ]; then + cd /etc/wireguard + umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key + cat > /etc/wireguard/client-wg0.conf <<-EOF + [Interface] + PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") + ListenPort = 65311 + Address = 10.255.246.1/24 + SaveConfig = true + + [Peer] + PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n") + AllowedIPs = 10.255.246.2/32 + EOF + fi + if [ ! -f /root/wireguard-client.conf ]; then + cat > /root/wireguard-client.conf <<-EOF + [Interface] + Address = 10.255.246.2/24 + PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n") + + [Peer] + PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n") + Endpoint = ${VPS_PUBLIC_IP}:65312 + AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24 + EOF + fi + systemctl enable wg-quick@client-wg0 echo "Install wireguard done" fi @@ -964,7 +1008,7 @@ if [ "$OPENVPN" = "yes" ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca - ./easyrsa init-pki + ./easyrsa init-pki 2>&1 >/dev/null ./easyrsa --batch build-ca nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass @@ -1024,6 +1068,7 @@ fi if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend + rm -f /usr/bin/glorytun apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config rm -rf /tmp/glorytun-udp cd /tmp @@ -1068,7 +1113,8 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-udp else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} + rm -f /usr/local/bin/glorytun + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 @@ -1138,6 +1184,7 @@ if [ "$SOURCES" = "yes" ]; then fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend + rm -f /usr/bin/glorytun-tcp apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp @@ -1172,7 +1219,8 @@ if [ "$SOURCES" = "yes" ]; then cd /tmp rm -rf /tmp/glorytun-0.0.35 else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} + rm -f /usr/local/bin/glorytun-tcp + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} fi [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 @@ -1281,6 +1329,7 @@ else sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* fi +[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then apt-get -y install iptables update-alternatives --set iptables /usr/sbin/iptables-legacy diff --git a/multipath b/multipath index e92d0c6..41c3880 100755 --- a/multipath +++ b/multipath @@ -117,7 +117,7 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then else ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}') IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}') - IP=$(ifconfig $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') + IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null case $TYPE in diff --git a/omr-service b/omr-service index b55a9c4..9f8bb57 100755 --- a/omr-service +++ b/omr-service @@ -20,26 +20,32 @@ _multipath() { } _glorytun_udp() { - [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { - logger -t "OMR-Service" "Restart Glorytun-UDP" - systemctl -q restart 'glorytun-udp@*' - } - for intf in /etc/glorytun-udp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} - done + if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then + [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { + logger -t "OMR-Service" "Restart Glorytun-UDP" + systemctl -q restart 'glorytun-udp@*' + sleep 10 + } + for intf in /etc/glorytun-udp/tun*; do + [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} + done + fi } _glorytun_tcp() { - for intf in /etc/glorytun-tcp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} - done - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.255.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then - logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" - systemctl restart glorytun-tcp@tun0 + if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then + for intf in /etc/glorytun-tcp/tun*; do + [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} + done + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then + localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.255.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then + logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" + systemctl restart glorytun-tcp@tun0 + sleep 10 + fi fi fi } @@ -49,19 +55,22 @@ _dsvpn() { } _shadowsocks() { - [ -z "$(pgrep ss-server)" ] && { + [ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && { logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks" systemctl restart shadowsocks-libev-manager@manager } } _wireguard() { - [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null + if [ -n "$(systemctl -a | grep 'wg')" ]; then + [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null + [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null + fi } _omr_api() { - [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { + [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { logger -t "OMR-Service" "Restart OMR-Admin" systemctl -q restart omr-admin } @@ -71,7 +80,7 @@ _lan_route() { cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | while IFS=$"\n" read -r c; do vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then + if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ] && [ -n "$(grep lanips /etc/openmptcprouter-vps-admin/omr-admin-config.json)" ]; then echo "$c" | jq -c -r '.lanips[] //empty' | while IFS=$"\n" read -r d; do network=$(ipcalc -n $d | grep Network | awk '{print $2}') diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 356841434047882f570e6ccb2c8c8c84ccfd1e9a..67d46c4e05633e7be5618a85267cacb4c9a732fd 100644 GIT binary patch literal 4192 zcmV-m5TEZKiwFPD=uCfpcRXkSbXqNP z1t?zGF5I&%uG4I`n%yqy*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BPZ+lBAr<+@}%T{0Y7C^l+x z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD zL^VGu)Ua9PqU*c5WVtN%3DmqsUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS zIE8cIC82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw zvFx)`8vI zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$ z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{} z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^ z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p zTb#s6)B(nmd}1)eD+JN$l;&+p3oPyCMaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN? zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x zktD8>hNM7G+`?0Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1= z_c3~mg!)K< zJMrLhD-eho){j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH- zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$ZxPiBj|B&LJv z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~ zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C< zlS&a3eyop8%0o~j-mt-vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?JWN&a}71-p?^gB?tqHGEw(`qvVOo? zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9 z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjNdbhJ# zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQc zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m> zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?# zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M* zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX| zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ! z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLj@UKTz%nt5}Qb34ts9Ra(adWJO=9dcefeiNu2i;|-nI>&LgF|s6u<7CBlIL@>T z$KYhsu;9X`hmoyVoPDc0(x6uRDR?07#gStS6wOpDoBZu>#C0XdbwsPLIE=t`#i6Ln zqRWVCl5_dwPZxf4=|LY%yi3#IPC5LyoGduL(fF}Z`^leAf`_br&oMVEKO~D)&1Agb z1in;la4wv0*0V&rB(cL^6v}@-yEy09IrAN%+$7bKHdzPJc)en~-R_hs>WXuv8n&z3 zoAu{@avy~8={zpA@Vv~$G`DrhVo~lBX!&`msx9iuX4Tl6`=z$G+U;^xb&JqASgg0U z)o7P{%hre6YR+e+s(iaVhR)WpPu2z>Yql>|71{Ay=YKFy{OG|O`|&=!$#&S`{{>!X zzvG(_2imR9d83K`zkM!L{{Jmt-T!~`qZs{q^Q=KmiS5l6Q=h20iI5(6b^`97B+ub# zZaM_q`a|%zjA&3e1CCO-c!`3?r-XcvJ`w?j|5Rx3O>+MN5yCGBbbN0{Ba4H9V;bB? zUi3mRhD5$k;_xAP_9Fl9PoBL(rlOQ4BS?gg0^=Bc>h8ILF=Mz7o zVxW1mn1m1XqOXsL=EpIV_5HaYc~fF8@29~SDr>>mpT|D&VzNM7{Nzuvw)U_gcG?gK zfWV%r`FG+6P>!;*UK7svOj^qEgg{??@Dgl)M8XAD{0NPHAyW@pm(@I@U0{PCtc&53 zSc)hQm9ymcg!cEtGD2Zw;wN4(jiJKnUSSWhedS4x_8rjkR6*D~=i^@uT_J?1x}#V< zQNnWs!^Bj;w4E-0-Z&Fl5YroYY^7ysT&cp=|T*BiJ42lG7rX^ zJb948_&#)R6hLRrb5W=#$CZ@hUR7t$;a1fpZ6qs%nbjFIsEmT(^1bK8|0h@t#NlM@ z@c$42+U5Iyt=4(v|K9@g)RsEH@7+YQYoz3~*sqX*33EY^rE6TFf z;{LBmO{BW_TiyG8_1-V@BKyDZd(0lxk__;9Eh&I$XsUF#y4H+7(UcoS%dXX->Reup zEZeE!ZOdX^0&AYNYf+LE)7c<Rt*ZC4z8H?6i>?%+iJ&v^;W+wZDgUKN&fO?X>hk)+{*~>@DQ_R$t5htfn@Ntzp99pfA^Ru@oJywX&ApvWtvrD)I-1%#^Kh?-hJjC98mrRyS% zuH4pg)#PygLxK@Ad`53H_s7(H7s2?q<$^sez*&X2nvZMh{F65gCLb_@qE@>CZ!%uc zxye8rkNrhLWZf=EidQlog4C@gVJ7oAjBx85RQbSSJ?qQ&z1uZ8taZ5@s*D-TA1Uv8 z%I?P0fe6t>UggXKSZ~mj#X+6d#qCgK7w=3JISLmgrbqYQYrOH`Tb3r8n?D=Em$`_R&#q2 zN*{Ck3GM^oY%&(ebb%y4$sTl>5=k ze~a#Fk+tb9py}=@1-L186-=liWq18xW_zu{OL3A)CgY-C@66j-b9W8=A z$#9g@X(9ow0cR?f@88Zu%f#idVuQM{*zc)**A$&W_vrl}cqyya=T%o;zW>7>h?cUB z1#{>thH3(~TVKWzlz5R}|2=UZ{V-V6H3bZJB}FyqkF7Y=0HtecfnYd>JOT>jQmg4b z$jp&|HKrcl2lLB1{h<=_v;1Tlj=gF566v6MrebN`jJ&?^qbb^>?HHCqg-3pzfHGi7 z1B3Yv*B&U~K`4Fv1O=lj`_9JJc8`wGkPhQqWEkWgn7|0k!J)<=Wu^kgQ71!+u`q@m zz!d0O$d#3zIMST%9M;AKHj^Bl^)RttU@enRCW=k( zdKA&PI+t}j@)rf{Q4KkLwZtQ^mY+w;NLg?C78HB>@DDIPOaQT9EC(=}7L29INidp2 zILpuTsK5eWtmZ76+LK1_T6E@3WM2b?s6w)@3_Xp+J^h z)pQ{wi?+hTEuw5#(U*`zRab5C%2sp-PUS4w#kV=JdjY*dq_20b5JT}=p?t1HTa{cE z8yV+(es+%_qMxMs!ATy@(1fLdsOqjQS>S|Iu97AW&7sYBNSY#AF1R#SWDHGBahO1u zDG-HWg1X=?4Q+(CJsFv-Ad%|~6dmtYWJrh3FVtT(@g@e7AfxV@0=SztLx3ZNER&t; zm@J5xyvTRDI0Ow>T2Z#jFDBTZOP?&Nik%}3%SnR&7i~o29Y^0ubeZ>Ep1ESZ5rox~A$1aB`$UMu~CE1u;5U zN7@Xqh*UIMkTI{-t`)^}Eys0MB92kz^j%BarHK@+oTX3ehL&R;jiy+7A9{0r*)$ZP ze`NN!fQdkjT^RYiAJ7h130ULE)J>T+g>|B9k9s}zm+o&!0Pazx+s`Ta$WeZA@z%dF za=PsXgy#{2NDHnM*Xl{QNt+VlHu0hQtI}<(&fUUn(rF$@eK2b%=77r2BS_fY{LQD7 ziY9e5GJ8>yhwIFDGvQ42tcapeX*xj+A$` z9pIx#hWZ6Y&dCT&OND7_c8>&dPXF-8!=JGJhq(jJOsHVosB$)q8O|DIO&Hk)P19L` zICF3Z9zfJwm?s5NFs&7WCHr8eifzMMF6|67QLqn5G@;zir}3>}U5n5wy38v7s#u20 z`jB24x+36D_w+En-J}W4HF$R?&3SF`?b#BYdiX=Gt-vvvxG=*0pt~9J6;`n%^8%}R zSS-!9G-L~$Vp+PcVztoO6v&n|Tkx;eSgm3<%U0`{?F#IZo9$+Y zZ?gSA%~rMl^G%@i{$IA|2Q%sV(2M_P=||qg_rG!bPrKUr^B3OvgFfUaS0sJ5vg^4D ztwo=!P&H?OE;izyX&=#+4+n8u_y2J8+d-JYN*v~L#m@+FxC4lOZwN@Q#4A-(ojd3> zh><^!6ibwWYxcH9vvby{3(b@Nu5ktAk6Vzf#x^9s4Jm9xo^L}ow;@|aWcz}V0gi8{ zxDHH$HbV(1>H<+eres{GKLv3TE*Adepxc0V#($y1zW>wV`G(NK=l??W{hzmi*Y^Lm3b{bR zME-OhzzbCh@K;U&3N~_p*Fe5;Gwyo5Z`u@F+zgvuZ|tB;zxR`0pKef`mN=(1wsFcn z4fOS#vKkw-*=K}yb77PlWZ5T!b~9j<8)WQLMZ2qSZ9e^$(eAoHw)vV%1+PFdKKvH| zcfJ43x6AMU2z;wm#s9Z}j03&OXLd zTP5clr>0-%`QG|gunxEp|2x0`$G0}W|J80*-+y=$_=@-cenk_hUjMGL|5vkr>O>BZ z_NU+G%z{z+F*H&JRo_5mA?mAh{nvPBA7IN~3M#0ef(k0Apn?i2sGx%H3jYU#_)+BmcmM$Jc}Y+J diff --git a/shorewall4/interfaces b/shorewall4/interfaces index fa28d7d..bb8b644 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -20,6 +20,7 @@ vpn gt-udp-tun+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags vpn wg+ nosmurfs,tcpflags +vpncl client-wg+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags vpn omr-bonding nosmurfs,tcpflags diff --git a/shorewall4/policy b/shorewall4/policy index 2e5fe13..910acb0 100644 --- a/shorewall4/policy +++ b/shorewall4/policy @@ -19,6 +19,8 @@ fw vpn ACCEPT fw net ACCEPT net all DROP vpn vpn DROP +vpncl vpn ACCEPT +vpn vpncl ACCEPT # THE FOLLOWING POLICY MUST BE LAST all all REJECT diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index 11bd54a..be836d4 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -137,7 +137,7 @@ ADMINISABSENTMINDED=Yes AUTOCOMMENT=Yes -AUTOHELPERS=Yes +AUTOHELPERS=No AUTOMAKE=No @@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED" CLAMPMSS=No -CLEAR_TC=Yes +CLEAR_TC=No COMPLETE=No DEFER_DNS_RESOLUTION=Yes -DELETE_THEN_ADD=Yes +DELETE_THEN_ADD=No DETECT_DNAT_IPADDRS=No @@ -163,7 +163,7 @@ DISABLE_IPV6=No DOCKER=No -DONT_LOAD= +DONT_LOAD=nf_conntrack_sip DYNAMIC_BLACKLIST=Yes @@ -233,7 +233,7 @@ SAVE_ARPTABLES=No SAVE_IPSETS=No -TC_ENABLED=Simple +TC_ENABLED=No TC_EXPERT=No diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules index 203a000..30eeac9 100644 --- a/shorewall4/stoppedrules +++ b/shorewall4/stoppedrules @@ -25,4 +25,6 @@ ACCEPT tun+ - ACCEPT - tun+ ACCEPT wg+ - ACCEPT - wg+ +ACCEPT client-wg+ - +ACCEPT - client-wg+ diff --git a/shorewall4/tcinterfaces b/shorewall4/tcinterfaces index 106fbc6..376cc36 100644 --- a/shorewall4/tcinterfaces +++ b/shorewall4/tcinterfaces @@ -1,3 +1,3 @@ #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH $NET_IFACE External -$VPS_IFACE Internal \ No newline at end of file +#$VPS_IFACE Internal \ No newline at end of file diff --git a/shorewall4/zones b/shorewall4/zones index 62fff26..095a8e6 100644 --- a/shorewall4/zones +++ b/shorewall4/zones @@ -16,4 +16,5 @@ fw firewall net ipv4 vpn ipv4 +vpncl ipv4 From ade517b142296b99e5ee6de93c23346ba21f922b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Aug 2022 05:56:12 +0000 Subject: [PATCH 086/164] Fix shorewall configuration on update --- debian9-x86_64.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 232e25d..edec086 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1316,6 +1316,7 @@ else cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf cp ${DIR}/shorewall4/policy /etc/shorewall/policy cp ${DIR}/shorewall4/params /etc/shorewall/params + cp ${DIR}/shorewall4/zones /etc/shorewall/zones #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net cp ${DIR}/shorewall6/params /etc/shorewall6/params @@ -1328,6 +1329,12 @@ else sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + if [ "$LOCALFILES" = "no" ]; then + rm -rf ${DIR}/shorewall4 + rm -rf ${DIR}/shorewall6 + rm -f ${DIR}/openmptcprouter-shorewall.tar.gz + rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz + fi fi [ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then From c232d34169194820a1d65237dc5a2ccd2f428484 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 14 Aug 2022 04:45:44 +0000 Subject: [PATCH 087/164] Fix WG client port --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index edec086..1b2badf 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -923,7 +923,7 @@ if [ "$WIREGUARD" = "yes" ]; then cat > /etc/wireguard/client-wg0.conf <<-EOF [Interface] PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") - ListenPort = 65311 + ListenPort = 65312 Address = 10.255.246.1/24 SaveConfig = true From 657c2b386c436d78de152b85683c492c402a0fc1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 16 Aug 2022 19:47:12 +0000 Subject: [PATCH 088/164] Add Ubuntu 22.04 support --- debian9-x86_64.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1b2badf..879f751 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -99,11 +99,13 @@ fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" exit 1 -elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then - echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" +elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then + echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04" + echo "Use debian when possible" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" + echo "Use Debian when possible" exit 1 fi @@ -278,6 +280,10 @@ if [ "$ID" = "debian" ]; then elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list + [ "$VERSION_ID" = "22.04" ] && { + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 + echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list + } fi # Install mptcp kernel and shadowsocks echo "Install mptcp kernel and shadowsocks..." From 3dc18b63b83a68c31475a465043ebb757d9b8aa6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 16 Aug 2022 19:48:58 +0000 Subject: [PATCH 089/164] Add Debian 11 symbolic link --- debian11-x86_64.sh | 1 + 1 file changed, 1 insertion(+) create mode 120000 debian11-x86_64.sh diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/debian11-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file From b3ef329cd0e415d56907baad464d2a438307d459 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 21 Aug 2022 18:25:29 +0000 Subject: [PATCH 090/164] Littles fixes on VPS script --- debian9-x86_64.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e846ce2..f792944 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -256,6 +256,16 @@ apt-get update --allow-releaseinfo-change sleep 2 apt-get -y install dirmngr patch rename curl libcurl4 unzip +if [ -z "$(dpkg-query -l | grep grub)" ]; then + if [ -d /boot/grub2 ]; then + apt-get -y install grub2 + elif [ -d /boot/grub ]; then + apt-get -y install grub-legacy + fi + [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { + echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub + } +fi if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb @@ -290,6 +300,7 @@ if [ "$LOCALFILES" = "no" ]; then else cd ${DIR} fi +[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} @@ -471,7 +482,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then else apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi - apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests + apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U @@ -901,7 +912,7 @@ if [ "$OPENVPN" = "yes" ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca - ./easyrsa init-pki + ./easyrsa init-pki 2>&1 >/dev/null ./easyrsa --batch build-ca nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass From 7a7a4a277828d8ea059fdb72c9a4fdc7d35f9b65 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 14 Oct 2022 07:01:41 +0000 Subject: [PATCH 091/164] Add current 0.1028 release --- debian9-x86_64.sh | 25 +++++++++++++++++-------- multipath | 12 +++++++++--- omr-service | 2 +- omr-update | 2 +- omr-update.service.in | 2 +- openmptcprouter-shorewall.tar.gz | Bin 4192 -> 4154 bytes shorewall4/shorewall.conf | 4 ++-- 7 files changed, 31 insertions(+), 16 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index aa273c8..e65d32b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -55,8 +55,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="20314b11f21eb5878ba62c85d874528e0e394024" -OMR_ADMIN_BINARY_VERSION="0.3+20220715" +OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b" +OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.43.0" @@ -76,7 +76,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1027" +OMR_VERSION="0.1028" DIR=$( pwd ) #" @@ -563,10 +563,15 @@ if [ "$OMR_ADMIN" = "yes" ]; then fi apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' - echo "If you see any error here, I really don't care: it's about a not used module for home users" + echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - pip3 -q install fastapi jsonschema netjsonconfig python-multipart jinja2 -U + pip3 -q install netjsonconfig + pip3 -q install fastapi -U + pip3 -q install jsonschema -U + pip3 -q install python-multipart jinja2 -U + pip3 -q install starlette + pip3 -q install starlette mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn @@ -578,7 +583,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then cd /tmp unzip -q -o openmptcprouter-vps-admin.zip cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - if [ -f /usr/local/bin/omr-admin.py ]; then + if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 @@ -695,8 +700,12 @@ fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in + wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update + chmod 755 /usr/bin/omr-update else cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service + cp ${DIR}/omr-update /usr/bin/omr-update + chmod 755 /usr/bin/omr-update fi # Install simple-obfs @@ -1375,8 +1384,8 @@ fi if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install dnsutils socat - if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + apt-get -y install socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e diff --git a/multipath b/multipath index 41c3880..608f08a 100755 --- a/multipath +++ b/multipath @@ -126,15 +126,21 @@ else exit 0;; "on") [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE subflow fullmesh + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE subflow fullmesh + done exit 0;; "signal") [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE signal fullmesh + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE signal fullmesh + done exit 0;; "backup") [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null - ip mptcp endpoint add $IP dev $DEVICE backup fullmesh + for i in $IP; do + ip mptcp endpoint add $i dev $DEVICE backup fullmesh + done exit 0;; "") case "$IFF" in diff --git a/omr-service b/omr-service index e8de038..3898c5d 100755 --- a/omr-service +++ b/omr-service @@ -6,7 +6,7 @@ _multipath() { source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then - if [ "$intf" = "$NET_IFACE" ]; then + if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { multipath $intf signal diff --git a/omr-update b/omr-update index 33b3fa6..ff2e201 100755 --- a/omr-update +++ b/omr-update @@ -1,6 +1,6 @@ #!/bin/sh if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server-test/debian10-x86_64.sh | sh + wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh rm -f /etc/openmptcprouter-vps-admin/update reboot fi diff --git a/omr-update.service.in b/omr-update.service.in index 231803a..99120f8 100644 --- a/omr-update.service.in +++ b/omr-update.service.in @@ -4,7 +4,7 @@ After=network.target network-online.target [Service] Type=simple -Restart=never +Restart=no ExecStart=/usr/bin/omr-update #ExecStart=/usr/share/omr-server/debian9-x86_64.sh AmbientCapabilities= diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 67d46c4e05633e7be5618a85267cacb4c9a732fd..92957efcab04f4eca8eb09a1b98a997dd26d155f 100644 GIT binary patch literal 4154 zcmV-A5XJ8wiwFRpt_foR1MNKhbE8JG`z!h@rewd%Zk_c3`igy}%OOA#&j<)0J5F5{ zg(YlLkw6d7I)17B->+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE) zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_ zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ubp4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8 z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av` zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_ zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t)g*tE)g4IjtJwC5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp zx+n@B;%6sx|At1eUcCgiwANz-)NIsI@`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S z&pgJpcpgQ~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3 zOZNLbbM(H@lNqQKWgeKk7a3O-e#F2|f zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$ zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_ z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSsp*ygES-sdLoCA z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFngC8 zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n- zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gwRZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2V^)|Ey>s+ zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g z%A}zogQo`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+ z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0 z7%-M&7)=AlQfCAh%?TMI3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%? zkaUx_i52V99mOjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$ zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*` z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe* z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$ zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2 zRx_@7=n++m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^ z8N>;Bc65!G#yq-%0h}W1_+s^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|GxyY5$R|LK-H zfBwWff3OXyW(`T+tsHuoz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go| zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9 zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh; zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QIHpoiu6M2mEEBzQ#VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@ z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF E0Q3D=uCfpcRXkSbXqNP z1t?zGF5I&%uG4I`n%yqy*JNik%RlcVQ63pQGEC|33;Rl@nw>2BG`p z%;%_9Lv=Tv)}s_tpQidz!IXm_M4o>igbOG30v|bd!74^BPZ+lBAr<+@}%T{0Y7C^l+x z&FyjqZx$qW*^6BM59b$6c9S#P<%(634Pl$L7fv?|b~>GIp`a>ReOWVY)!Z)cyYZbD zL^VGu)Ua9PqU*c5WVtN%3DmqsUammibx*)xN?fm!r*bVQUsT&=_n(T%>_MZdQ#P+}2?6z2z zW3m13aP89mzXojD|Br4MVY}WsZ=f17oyBtQA~{nLGyuzv!2F~5DX3+tgTSocdk?FS zIE8cIC82o2P-rMR}#82F9L6Kw~Afl#Rx2GJqV%vB7oWOj8Q9p=7vNJRBsWX;GQIg z>I5ln6hYq5_1(~!BYkx@_oh%-@usdHxyXso662yrcb3+5fGc7q6#)kb>`62KhFlNw zvFx)`8vI zT#Hx!Ul}H&Njaq1VB0ClZi>YmeqSvAIo?kXFJ(>V%yjO-@YXQR?$Wd9b8;U-x3+@$ z^it_y5!UVk@KXN64vM!nd?gTAI-#>TqVLDBZ~ez{t#=UoK?u-lbedi8|BY_9QTqSa zfPL#fsvpEZ@loVG_{4jCbVAR$n}c77AE|dkz6(ART$D?lnH*y;9<3f8+$e?|LYEdp zzO#U`ckTnYl_zkcz!a^P5c7hQ2R}S_Mqk!{8xniS!GJY%Xzvp~k)E#*d98)fafv>aoqnIoAfC-oV#(l9%{} z-lpjf@2Bhq`(2(ndSB?twSR;tW*UUE4^)26!!Y!Q$fvid8=@hS3nin~JcdR>lkRA^ z5J6w!$i<_P2jz_(9f)9D7rHm}pfmkU6mBQO6dK38*qj5qTUiy9i6|keR_9QmA__dm zThEFACs+@}@nr0=|KI^S1^dso+s)GczXoKXEir&^U7HeK8(zce?w$YL?fDO=a{j*p zTb#s6)B(nmd}1)eD+JN$l;&+p3oPyCMaTdh{3`24riD);}q3Veb8H?WF)t@}TNyKWf+{E1@#Vo44j0=yBV zd&M#jTnI$ABN4oZEQc@BYlb|ORXz<&kilD0zC7M=R)_1DH?DA6&{UN~FG;>7k2mN? zpdWZET2?=@S1q4UHWQto-v@XTTzY+Pe#r2}X6LJjVQ6R*z4E;&(ca?~Wu1Vcd|#2x zktD8>hNM7G+`?0Sj@E3y12N=bEmskHYRwYp(mosTMT*IiCJHs zrjIk}X3-j9^%*L%M>C;%>-g;0kooU(9LXI=#^>XImSel*`Cq5OwKxvbv0STJ#{aJZ z2alVuS6RpR*GXvH-m$f0Q}t-c-9aeX=HSM7AIKL(qJ&+Q@*6w;(s_W$ejWv2wCA1= z_c3~mg!)K< zJMrLhD-eho){j*djJx!jC7$U>lp*5x}oolHU>T#pi&kR4hTa2MRwlw^(GWyN&uCdQ?vs ztTh5Cz6E-tAr+KKLjwj+32bBWI+_Q465%Q)(?kGT4en%|e|SCP4IM9sB@>zpi~WH- zv~}JZ^{S`8;-n}WpVnP@dHSn4;tgpN3+gbGG+761ufB>x$ZxPiBj|B&LJv z>5`%JQu6xJ4d+-NO-nN*B0O}X7#ahbG}5T;u+5PK7KG48kB~9xo3|#eZLeCzigX;~ zBEldKKm{hC4i-@cAypMnjyf6>jDdaF5mbS!g=|q8@Ds)A`LH(5nV}S2?T3Lgn>tZU z7r|%a)jalc=@~4z)gU&XVJ(wQCW1|#dgRe~buOxA=q_{EY6WxpVu@AImLDe4MB1$S z4itT_^cxr-$AK6ymLnKV1IAKk1Q^XR8Cg8>k1(zVSUo`-<71({ZzEVXpZ(L#`kRgh;tlQv{c~he97Nbm9(HD?oS(Qz`Z%V2Kw_+OX z;?umidjY*hB*%McNl1_RD~TlfyeSJdb&WJTo1VQYIP|k5JUGj|8P;H7#LKE}3I^C< zlS&a3eyop8%0o~j-mt-vhUsa8vDB0ae&|UVh!Q5Ut&ybSXB7#x zMJ5++ysYCV7?i(=8?H!zyY5f~SWyTu>8*+*1zzm=_jYzF+m5^?JWN&a}71-p?^gB?tqHGEw(`qvVOo? zL32PgC%UTBQ9PlYXq%J4K>o4!GbR9ADU-7ZgnVL2Kic>`fHtvuod)>o3HVC`Qj%>9 z1iWLP5aKffWBDhk*I3`%xv8a+ppY13T2UMjNdbhJ# zKd7i=ny{!#Is&UF=!U@SkZ)!)`bIOZc<2#Tq=kQy49%wfN0OQc zX5LDIUlWXcx>hHq{+Np_Fj6{RA>sZY+gh@vRz4@S0P8uJ&rNr&q${0#Ua}2lz2eyx zNY^$y@Gq8FFK4#%)(e{54LERL?ij=|d6aa8SIRuPg#nx(>+oXnoa@ULw&Cea+DdDK z0bOm3dGjjG#mY?Y%l*S|4-rJ1$Cj~g|8JA!-m$Glhi!KN8hHOttKBM}|Gx$l&VQzR zesCmRA3M>%S8nLcT=y%t|8&ZoKY!w#KiGy;vxX$^R`$JDA*INB71GQFp!1dZBkd#F z@!=?D=l&mtd^-vUtpbBXxcq0N7`y|Bd~XU!`+Q$kWa}0>4P4_76UpF3;F_McX?4#V zb*^>xuL_exezybJZtOy`yO7*2WOEm?wF}wKBRdzA3~+2G!F6F0bSR2TP!|~WT|&m> zzN3Lv1uP7Gd5>S_!{me+K{SE9Hq74dN0k#y`TjILsPuth8t3G%-T;=_nWQq7_+1di z!E))&j=BwapZ{+)yX*5m?GAqb4?0}>|JQ(*_W!nXu|Q5mes>(ea%BkcXAS{!I&y?# zKwr5TceC7AZHmorhE392JLr<{J!R?I7DcVVIVrJ=Q~GJBFXxn&*rH88BekCkrQ9M* zzX!FS0j1m`qo1nUUwmiv$+xWbmj$vdn%tMJ_A^)${~sKLil@i_0_48)|7?eR|FPX| zG#gE>jr~8{F2DcuDsWQ#@Erx~R?i`1wbtiV@kSP{?1+IjvDU~+?h|>8^b7qMQ{`kG zoimJ_e4^>C8(hK$;EniieEyGZx7Oc(<+?0A|5twh<5l1b&j0;{Rir%rUq=5gM*qZ! z93kvazRj9CqvT_Fs0gyUg-Tu27svW9@lHR$mmcKLj Date: Fri, 14 Oct 2022 07:02:36 +0000 Subject: [PATCH 092/164] Update changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 12a86ee..ef7d9d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1028) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Fri, 14 Oct 2022 09:02:22 +0200 + omr-server (0.1026) unstable; urgency=medium * Many changes From 4e09734f4163e6c77c91eb848d9593058d588c72 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 19 Feb 2023 17:52:12 +0000 Subject: [PATCH 093/164] Set syn retries to 4 --- shadowsocks.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shadowsocks.conf b/shadowsocks.conf index d6d760a..0b813e7 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -58,6 +58,6 @@ net.ipv4.conf.default.log_martians = 0 # MPTCP settings net.mptcp.mptcp_checksum = 0 -net.mptcp.mptcp_syn_retries = 2 +net.mptcp.mptcp_syn_retries = 4 net.mptcp.mptcp_scheduler = blest net.ipv4.tcp_ecn = 2 From 838d1b69e5028fa82b04f59ed614015c9de021f9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 19 Feb 2023 17:52:37 +0000 Subject: [PATCH 094/164] Fix multipath --- multipath | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/multipath b/multipath index 608f08a..23d87e1 100755 --- a/multipath +++ b/multipath @@ -115,29 +115,45 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH else - ID=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $3}') - IFF=$(ip mptcp endpoint show | grep "dev $DEVICE" | awk '{print $4}') + ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') + IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null case $TYPE in "off") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } exit 0;; "on") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } for i in $IP; do ip mptcp endpoint add $i dev $DEVICE subflow fullmesh done exit 0;; "signal") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE signal fullmesh + ip mptcp endpoint add $i dev $DEVICE signal done exit 0;; "backup") - [ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null + [ -n "$ID" ] && { + for i in $ID; do + ip mptcp endpoint delete id $i 2>&1 >/dev/null + done + } for i in $IP; do ip mptcp endpoint add $i dev $DEVICE backup fullmesh done From 9c3f955a6131346aee2f40a83eb22d994fa8b501 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 19 Feb 2023 17:53:04 +0000 Subject: [PATCH 095/164] Add 6.1.0 support --- debian9-x86_64.sh | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e65d32b..3aa4beb 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -7,6 +7,7 @@ # UPSTREAM=${UPSTREAM:-no} +UPSTREAM6=${UPSTREAM6:-no} SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} @@ -30,7 +31,7 @@ OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} @@ -46,6 +47,11 @@ if [ "$UPSTREAM" = "yes" ]; then KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi +if [ "$UPSTREAM6" = "yes" ]; then + KERNEL_VERSION="6.1.0" + KERNEL_PACKAGE_VERSION="1.30" + KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" +fi GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" @@ -63,7 +69,7 @@ V2RAY_VERSION="4.43.0" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543" fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" @@ -255,6 +261,14 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then + cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + Explanation: Prefer libuv1 Debian native package + Package: libuv1 + Pin: version * + Pin-Priority: 1003 + EOF + fi if [ -n "$(echo $OMR_VERSION | grep test)" ]; then echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref @@ -358,7 +372,7 @@ apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox echo "Install iperf3 OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 -if [ "$UPSTREAM" = "yes" ]; then +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp @@ -630,7 +644,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable omr-admin.service [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service fi @@ -803,7 +817,7 @@ if [ "$V2RAY" = "yes" ]; then fi systemctl daemon-reload systemctl enable v2ray.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable v2ray fi fi @@ -1076,7 +1090,7 @@ if [ "$OPENVPN" = "yes" ]; then mkdir -p /etc/openvpn/ccd systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable openvpn@tun0 fi systemctl enable openvpn@bonding1.service @@ -1192,7 +1206,7 @@ if [ "$DSVPN" = "yes" ]; then apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mptcpize enable dsvpn-server@dsvpn0 fi fi @@ -1217,13 +1231,13 @@ if [ "$SOURCES" = "yes" ]; then apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz else wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz fi tar xzf glorytun-0.0.35.tar.gz - if [ "$UPSTREAM" = "yes" ]; then + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 fi cd glorytun-0.0.35 From cc756de52dd3e4495b94cdc01afc7170d4b8b874 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 1 Mar 2023 19:26:13 +0000 Subject: [PATCH 096/164] Prepare for 0.1029 test --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3aa4beb..9b19d00 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -82,7 +82,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1028" +OMR_VERSION="0.1029-test" DIR=$( pwd ) #" From dfdfaa248790773346abe9a1f81a9721f8b872c4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 10 Mar 2023 18:59:45 +0000 Subject: [PATCH 097/164] Optimize glorytun TCP --- tun0.glorytun | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tun0.glorytun b/tun0.glorytun index a7fd471..2a6c695 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -4,4 +4,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue" \ No newline at end of file From 8d1055668fe1bf4ae4bc340381474ef68c734fad Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 23 Apr 2023 05:37:23 +0000 Subject: [PATCH 098/164] Fix missing patch, update v2ray and update glorytun config --- debian9-x86_64.sh | 6 ++---- tun0.glorytun | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 9b19d00..2a515ce 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -65,7 +65,7 @@ OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b" OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="4.43.0" +V2RAY_VERSION="5.4.1" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" @@ -1180,11 +1180,9 @@ if [ "$DSVPN" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates rm -rf /tmp/dsvpn cd /tmp - git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn + git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} - wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch - patch -p1 < nofirewall.patch make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install rm -f /lib/systemd/system/dsvpn/* diff --git a/tun0.glorytun b/tun0.glorytun index 2a6c695..9d9af5e 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -4,4 +4,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 1024 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file From 56d3c8ae0826a562ac00f83bb6e66a3a0a3323fa Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 23 Apr 2023 05:40:20 +0000 Subject: [PATCH 099/164] Fix fw patch --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 3aa4beb..0e20175 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1183,7 +1183,7 @@ if [ "$DSVPN" = "yes" ]; then git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} - wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch + wget https://github.com/Ysurac/openmptcprouter-feeds/raw/956d791ea49d63e3e5b18cac510b53987c3f1a36/dsvpn/patches/nofirewall.patch patch -p1 < nofirewall.patch make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install From fdcd1c59f9151156c5c99daa44f651ebd5a5d3cb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 13 Jun 2023 11:24:22 +0000 Subject: [PATCH 100/164] Use systemtap to force MPTCP on all applications --- omr-service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/omr-service b/omr-service index 3898c5d..dee99cf 100755 --- a/omr-service +++ b/omr-service @@ -151,6 +151,9 @@ _openvpn_bonding() { sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null +[ -n "$(uname -r | grep '6.1')" ] && { + stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & +} while true; do _glorytun_udp _glorytun_tcp From 3de88a211f58538e0ad148d7ce9b9aaa8b21f5e7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 13 Jun 2023 11:26:17 +0000 Subject: [PATCH 101/164] Add Debian 12 support --- debian-x86_64.sh | 1 + debian.sh | 1 + debian12-x86_64.sh | 1 + debian9-x86_64.sh | 237 ++++++++++++++++++++++++++++++--------------- 4 files changed, 160 insertions(+), 80 deletions(-) create mode 120000 debian-x86_64.sh create mode 120000 debian.sh create mode 120000 debian12-x86_64.sh diff --git a/debian-x86_64.sh b/debian-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/debian-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file diff --git a/debian.sh b/debian.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/debian.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file diff --git a/debian12-x86_64.sh b/debian12-x86_64.sh new file mode 120000 index 0000000..814a06c --- /dev/null +++ b/debian12-x86_64.sh @@ -0,0 +1 @@ +debian9-x86_64.sh \ No newline at end of file diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2a515ce..84b82bc 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -70,13 +70,13 @@ V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - SHADOWSOCKS_VERSION="410950d87d8cdf8502d8f59a79dc0ff4c7677543" + SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b" fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server" +VPSPATH="server-test" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" @@ -102,31 +102,33 @@ if test -f /etc/os-release ; then else . /usr/lib/os-release fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ]; then - echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" +if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then + echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" exit 1 elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04" echo "Use debian when possible" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x) or Debian Bullseye (11.x)" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" echo "Use Debian when possible" exit 1 fi echo "Check architecture..." ARCH=$(dpkg --print-architecture | tr -d "\n") -if [ "$ARCH" != "amd64" ]; then +if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ]; then echo "Only x86_64 (amd64) is supported" exit 1 fi -echo "Check virtualized environment" -VIRT="$(systemd-detect-virt 2>/dev/null || true)" -if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then - echo "Container are not supported: kernel can't be modified." - exit 1 +if [ "$UPSTREAM6" != "yes" ]; then + echo "Check virtualized environment" + VIRT="$(systemd-detect-virt 2>/dev/null || true)" + if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then + echo "Container are not supported: kernel can't be modified." + exit 1 + fi fi # Check if DPKG is locked and for broken packages @@ -210,6 +212,26 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" fi +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then + echo "Update Debian 10 Stretch to Debian 11 Buster" + apt-get -y -f --force-yes upgrade + apt-get -y -f --force-yes dist-upgrade + sed -i 's:buster:bullseye:g' /etc/apt/sources.list + apt-get update --allow-releaseinfo-change + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + VERSION_ID="11" +fi +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then + echo "Update Debian 10 Stretch to Debian 11 Buster" + apt-get -y -f --force-yes upgrade + apt-get -y -f --force-yes dist-upgrade + sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list + apt-get update --allow-releaseinfo-change + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + VERSION_ID="12" +fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Ubuntu 18.04 to Ubuntu 20.04" apt-get -y -f --force-yes upgrade @@ -261,7 +283,7 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ]; then + if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref Explanation: Prefer libuv1 Debian native package Package: libuv1 @@ -291,6 +313,9 @@ if [ "$ID" = "debian" ]; then fi # Add buster-backports repo echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list + if [ "$VERSION_ID" = "12" ]; then + echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list + fi elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list @@ -327,75 +352,93 @@ if [ -z "$(dpkg-query -l | grep grub)" ]; then echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub } fi -if [ "$SOURCES" = "yes" ]; then - wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb - # Rename bzImage to vmlinuz, needed when custom kernel was used - cd /boot - apt-get -y install git - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - #apt-get -y install linux-mptcp - #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp - #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE} source release" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb +if [ "$UPSTREAM6" != "yes" ]; then + if [ "$SOURCES" = "yes" ]; then + wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb + # Rename bzImage to vmlinuz, needed when custom kernel was used + cd /boot + apt-get -y install git + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 + #apt-get -y install linux-mptcp + #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp + #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE} source release" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb + fi + else + cd /boot + rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 + if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + fi fi -else - cd /boot - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE}" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} + + + # Check if mptcp kernel is grub default kernel + echo "Set MPTCP kernel as grub default..." + if [ "$LOCALFILES" = "no" ]; then + wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh + cd /tmp + else + cd ${DIR} fi + [ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg + rm -f /etc/grub.d/30_os-prober + bash update-grub.sh ${KERNEL_VERSION}-mptcp + bash update-grub.sh ${KERNEL_RELEASE} + [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null fi -# Check if mptcp kernel is grub default kernel -echo "Set MPTCP kernel as grub default..." -if [ "$LOCALFILES" = "no" ]; then - wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh - cd /tmp -else - cd ${DIR} +if [ "$ARCH" = "amd64" ]; then + echo "Install tracebox OpenMPTCProuter edition" + apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox + echo "Install iperf3 OpenMPTCProuter edition" + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 fi -[ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg -rm -f /etc/grub.d/30_os-prober -bash update-grub.sh ${KERNEL_VERSION}-mptcp -bash update-grub.sh ${KERNEL_RELEASE} -[ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null - -echo "Install tracebox OpenMPTCProuter edition" -apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox -echo "Install iperf3 OpenMPTCProuter edition" -apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp + apt-get -y install git git clone https://github.com/Ysurac/mptcpize.git cd mptcpize make make install cd /tmp rm -rf /tmp/mptcpize - echo "Compile and install iproute2..." - apt-get -y install --no-install-recommends bison libbison-dev flex - #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz - #tar xzf iproute2-5.16.0.tar.gz - #cd iproute2-5.16.0 - git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git - cd iproute2 - git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 - make - make install - cd /tmp + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then + apt-get -y install iproute2 + else + echo "Compile and install iproute2..." + apt-get -y install --no-install-recommends bison libbison-dev flex + #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz + #tar xzf iproute2-5.16.0.tar.gz + #cd iproute2-5.16.0 + git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git + cd iproute2 + git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 + make + make install + cd /tmp + fi rm -rf iproute2 - echo "MPTCPize iperf3..." - mptcpize enable iperf3 + if [ "$ARCH" = "amd64" ]; then + echo "MPTCPize iperf3..." + mptcpize enable iperf3 + fi + if [ "$UPSTREAM6" = "yes" ]; then + apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg + apt-get -y install systemtap + mkdir -p /usr/share/systemtap-mptcp + wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap + fi fi apt-get -y remove shadowsocks-libev @@ -568,9 +611,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then apt-get -y remove python3-jwt pip3 -q install pyjwt else - if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ]); then - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 - pip3 -q install uvloop + if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then + if [ "$VERSION_ID" = "12" ]; then + apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 + pip3 -q install uvloop --break-system-packages + else + apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 + pip3 -q install uvloop + fi else apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi @@ -580,12 +628,21 @@ if [ "$OMR_ADMIN" = "yes" ]; then echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - pip3 -q install netjsonconfig - pip3 -q install fastapi -U - pip3 -q install jsonschema -U - pip3 -q install python-multipart jinja2 -U - pip3 -q install starlette - pip3 -q install starlette + if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then + pip3 -q install netjsonconfig --break-system-packages + pip3 -q install fastapi -U --break-system-packages + pip3 -q install jsonschema -U --break-system-packages + pip3 -q install python-multipart jinja2 -U --break-system-packages + pip3 -q install starlette --break-system-packages + pip3 -q install starlette --break-system-packages + else + pip3 -q install netjsonconfig + pip3 -q install fastapi -U + pip3 -q install jsonschema -U + pip3 -q install python-multipart jinja2 -U + pip3 -q install starlette + pip3 -q install starlette + fi mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn @@ -800,9 +857,29 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray if [ "$SOURCES" = "yes" ]; then - wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + if [ "$ARCH" = "amd64" ]; then + wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb + else + [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" + [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" + [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" + [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" + [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" + [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" + [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" + [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" + wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} + cd /tmp + mkdir v2ray + cd v2ray + unzip /tmp/v2ray-${V2RAY_VERSION}.zip + cp v2ray /usr/bin/ + cp geoip.dat /usr/bin/ + cp geosite.dat /usr/bin/ + wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service + fi else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi @@ -1051,11 +1128,11 @@ if [ "$OPENVPN" = "yes" ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca - ./easyrsa init-pki 2>&1 >/dev/null + ./easyrsa --batch init-pki 2>&1 >/dev/null ./easyrsa --batch build-ca nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass - EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl + EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass + EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass + EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl fi if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt From 8af0bed8c3b35d92b4b0351ae0426ddbb82187e8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 11 Jul 2023 17:05:46 +0000 Subject: [PATCH 102/164] Update omr_admin --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 0e20175..1a59a1d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b" -OMR_ADMIN_BINARY_VERSION="0.3+20220827" +OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4" +OMR_ADMIN_BINARY_VERSION="0.3+20230709" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.43.0" From 2806a8078acf9f4b82e9f61c3d9f35b3fb8aef60 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 11 Jul 2023 17:07:18 +0000 Subject: [PATCH 103/164] Update omr-admin and use latest shadowsocks changes in fork --- debian9-x86_64.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 84b82bc..10077a8 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,17 +61,18 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="4f8dc4f997c6c95971beea9d52512ed91c77479b" -OMR_ADMIN_BINARY_VERSION="0.3+20220827" +OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4" +OMR_ADMIN_BINARY_VERSION="0.3+20230709" +#OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.4.1" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" -SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then +#SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" +#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b" -fi +#fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" DEFAULT_USER="openmptcprouter" @@ -872,7 +873,8 @@ if [ "$V2RAY" = "yes" ]; then [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} cd /tmp - mkdir v2ray + rm -rf v2ray + mkdir -p v2ray cd v2ray unzip /tmp/v2ray-${V2RAY_VERSION}.zip cp v2ray /usr/bin/ From 039218a0159427ad575dcd3e0378a47fb00bb0c4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 11 Jul 2023 17:07:47 +0000 Subject: [PATCH 104/164] Set a better log message on omr-service --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index dee99cf..d5b8b5b 100755 --- a/omr-service +++ b/omr-service @@ -80,7 +80,7 @@ _wireguard() { _omr_api() { [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { - logger -t "OMR-Service" "Restart OMR-Admin" + logger -t "OMR-Service" "Can't contact API, restart OMR-Admin" systemctl -q restart omr-admin } } From c91411a6214362261bd9c36c2c7de41894395c99 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 11 Jul 2023 19:10:46 +0000 Subject: [PATCH 105/164] Fix fastapi install on Debian 10 --- debian9-x86_64.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 1a59a1d..23d2f9e 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -581,7 +581,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U pip3 -q install netjsonconfig - pip3 -q install fastapi -U + if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then + pip3 -q install fastapi==0.99.1 -U + else + pip3 -q install fastapi -U + fi pip3 -q install jsonschema -U pip3 -q install python-multipart jinja2 -U pip3 -q install starlette From cb5f138c4e6854aba5d7986a8923dc10d0ca22cb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 11 Jul 2023 19:11:16 +0000 Subject: [PATCH 106/164] Fix fastapi install on Debian 10 --- debian9-x86_64.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 10077a8..6b9e728 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -638,6 +638,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then pip3 -q install starlette --break-system-packages else pip3 -q install netjsonconfig + if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then + pip3 -q install fastapi==0.99.1 -U + else + pip3 -q install fastapi -U + fi pip3 -q install fastapi -U pip3 -q install jsonschema -U pip3 -q install python-multipart jinja2 -U From 178186002c13147cbb244720a8287da75edba550 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 22 Aug 2023 12:56:05 +0000 Subject: [PATCH 107/164] Fixes on ARM64 support and some VPN changes --- debian9-x86_64.sh | 105 +++++++++++++++++++++++++++++----------------- omr-service | 15 ++++--- tun0.glorytun | 2 +- 3 files changed, 77 insertions(+), 45 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6b9e728..e4900b3 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -14,7 +14,7 @@ DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[ #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")} NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-yes} -V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} +V2RAY_PLUGIN=${V2RAY_PLUGIN:-no} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} UPDATE_OS=${UPDATE_OS:-yes} @@ -52,21 +52,21 @@ if [ "$UPSTREAM6" = "yes" ]; then KERNEL_PACKAGE_VERSION="1.30" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" fi -GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb" +GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" -GLORYTUN_TCP_BINARY_VERSION="0.0.35-3" +GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" -UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" +UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4" -OMR_ADMIN_BINARY_VERSION="0.3+20230709" +OMR_ADMIN_VERSION="18f16e21facff80fe91c62ba7b3ea5cfe587fcc3" +OMR_ADMIN_BINARY_VERSION="0.3+20230807" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="5.4.1" +V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" @@ -118,8 +118,8 @@ fi echo "Check architecture..." ARCH=$(dpkg --print-architecture | tr -d "\n") -if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ]; then - echo "Only x86_64 (amd64) is supported" +if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then + echo "Only x86_64 (amd64) is supported on this OS" exit 1 fi @@ -218,6 +218,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:buster:bullseye:g' /etc/apt/sources.list + sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade @@ -243,6 +244,16 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi +if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then + echo "Update Ubuntu 20.04 to Ubuntu 22.04" + apt-get -y -f --force-yes upgrade + apt-get -y -f --force-yes dist-upgrade + sed -i 's:focal:jammy:g' /etc/apt/sources.list + apt-get update --allow-releaseinfo-change + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + VERSION_ID="22.04" +fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." @@ -394,6 +405,14 @@ if [ "$UPSTREAM6" != "yes" ]; then bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null +elif [ "$update" != "0" ]; then + if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then + apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f) + fi + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } fi if [ "$ARCH" = "amd64" ]; then @@ -434,12 +453,12 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then echo "MPTCPize iperf3..." mptcpize enable iperf3 fi - if [ "$UPSTREAM6" = "yes" ]; then - apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg - apt-get -y install systemtap - mkdir -p /usr/share/systemtap-mptcp - wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap - fi + #if [ "$UPSTREAM6" = "yes" ]; then + # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg + # apt-get -y install systemtap + # mkdir -p /usr/share/systemtap-mptcp + # wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap + #fi fi apt-get -y remove shadowsocks-libev @@ -862,31 +881,36 @@ fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - if [ "$SOURCES" = "yes" ]; then + if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then if [ "$ARCH" = "amd64" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - else - [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" - [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" - [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" - [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" - [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" - [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" - [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" - [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" - wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} - cd /tmp - rm -rf v2ray - mkdir -p v2ray - cd v2ray - unzip /tmp/v2ray-${V2RAY_VERSION}.zip - cp v2ray /usr/bin/ - cp geoip.dat /usr/bin/ - cp geosite.dat /usr/bin/ - wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service + elif [ "$ARCH" = "arm64" ]; then + wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb + dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb + rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb fi +# else +# [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" +# [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" +# [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" +# [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" +# [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" +# [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" +# [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" +# [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" +# wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} +# cd /tmp +# rm -rf v2ray +# mkdir -p v2ray +# cd v2ray +# unzip /tmp/v2ray-${V2RAY_VERSION}.zip +# cp v2ray /usr/bin/ +# cp geoip.dat /usr/bin/ +# cp geosite.dat /usr/bin/ +# wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service +# fi else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi @@ -894,6 +918,9 @@ if [ "$V2RAY" = "yes" ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json fi + if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then + sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json + fi rm -f /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then @@ -901,9 +928,9 @@ if [ "$V2RAY" = "yes" ]; then fi systemctl daemon-reload systemctl enable v2ray.service - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - mptcpize enable v2ray - fi + #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + # mptcpize enable v2ray + #fi fi if systemctl -q is-active mlvpn@mlvpn0.service; then @@ -1477,6 +1504,8 @@ if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/ sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat fi +# Limit /var/log/journal size +sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf if [ "$TLS" = "yes" ]; then VPS_CERT=0 diff --git a/omr-service b/omr-service index d5b8b5b..afd1b9e 100755 --- a/omr-service +++ b/omr-service @@ -29,6 +29,7 @@ _glorytun_udp() { for intf in /etc/glorytun-udp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} done + ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null fi } @@ -47,6 +48,7 @@ _glorytun_tcp() { sleep 10 fi fi + ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null fi } @@ -60,6 +62,7 @@ _dsvpn() { logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" systemctl restart dsvpn@dsvpn0 fi + ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null fi } @@ -95,7 +98,7 @@ _lan_route() { while IFS=$"\n" read -r d; do if [ "$d" != "" ]; then network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip onlink 2>&1 >/dev/null fi done fi @@ -115,7 +118,7 @@ _gre_tunnels() { ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null ip link set $iface up 2>&1 >/dev/null ip addr add $LOCALIP dev $iface 2>&1 >/dev/null - ip route add $NETWORK dev $iface 2>&1 >/dev/null + ip route add $NETWORK dev $iface onlink 2>&1 >/dev/null fi fi done @@ -143,7 +146,7 @@ _openvpn_bonding() { ip link set ovpnbonding8 up 2>&1 >/dev/null ip link set omr-bonding up mtu 1440 2>&1 >/dev/null ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null - ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null + ip r add 10.255.248.0/24 dev omr-bonding onlink 2>&1 >/dev/null ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null fi } @@ -151,9 +154,9 @@ _openvpn_bonding() { sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null modprobe bonding 2>&1 >/dev/null ip link add omr-bonding type bond 2>&1 >/dev/null -[ -n "$(uname -r | grep '6.1')" ] && { - stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & -} +#[ -n "$(uname -r | grep '6.1')" ] && { +# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & +#} while true; do _glorytun_udp _glorytun_tcp diff --git a/tun0.glorytun b/tun0.glorytun index 9d9af5e..92b9816 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -4,4 +4,4 @@ DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue" \ No newline at end of file From 19bc566da673f8d9106971265a8f6edde569f6d9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 23 Aug 2023 14:54:48 +0000 Subject: [PATCH 108/164] Fix glorytun-udp repo to use fork --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e4900b3..dbe78d9 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1226,7 +1226,7 @@ if [ "$SOURCES" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config rm -rf /tmp/glorytun-udp cd /tmp - git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp + git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp cd /tmp/glorytun-udp git checkout ${GLORYTUN_UDP_VERSION} git submodule update --init --recursive From 4b349539f78ed9c34e15cc12f9e14765e98f4b7b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 23 Aug 2023 14:55:07 +0000 Subject: [PATCH 109/164] Set v2ray loglevel to error --- v2ray-server.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2ray-server.json b/v2ray-server.json index 1fae64e..716b7f7 100644 --- a/v2ray-server.json +++ b/v2ray-server.json @@ -1,6 +1,6 @@ { "log": { - "loglevel": "warning", + "loglevel": "error", "error": "/tmp/v2rayError.log" }, "transport": { From 2204e080d3fc2f5f3053104e8c85d632fda05e8e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 23 Aug 2023 18:01:37 +0000 Subject: [PATCH 110/164] Update omr admin --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index dbe78d9..6836e2e 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="18f16e21facff80fe91c62ba7b3ea5cfe587fcc3" -OMR_ADMIN_BINARY_VERSION="0.3+20230807" +OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2" +OMR_ADMIN_BINARY_VERSION="0.3+20230823" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" From 450da26917688788a3e402b724e7c3814902bfe3 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 28 Aug 2023 19:16:45 +0000 Subject: [PATCH 111/164] Fixes and add trojan, socks and vmess protocol support for V2Ray --- debian9-x86_64.sh | 19 ++++-- omr-service | 2 +- openmptcprouter-shorewall6.tar.gz | Bin 3803 -> 3814 bytes shorewall6/shorewall6.conf | 6 +- v2ray-server.json | 99 +++++++++++++++++++++++++++++- 5 files changed, 117 insertions(+), 9 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6836e2e..8e155d1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2" -OMR_ADMIN_BINARY_VERSION="0.3+20230823" +OMR_ADMIN_VERSION="d77ffb62084271a388a09d1b0d17e42aae0514ab" +OMR_ADMIN_BINARY_VERSION="0.3+20230828" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -914,10 +914,13 @@ if [ "$V2RAY" = "yes" ]; then else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi - if [ ! -f /etc/v2ray/v2ray-server.json ]; then + if [ -f /etc/v2ray/v2ray-server.json ]; then + V2RAY_UUID=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' v2ray-server.json | head -n 1 | tr -d "\n") + fi + #if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json - fi + #fi if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json fi @@ -1199,6 +1202,7 @@ if [ "$OPENVPN" = "yes" ]; then cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi mkdir -p /etc/openvpn/ccd + systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -1246,6 +1250,7 @@ if [ "$SOURCES" = "yes" ]; then else cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service fi + chmod 644 /lib/systemd/system/glorytun-udp@.service #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network rm -f /lib/systemd/network/glorytun-udp.network mkdir -p /etc/glorytun-udp @@ -1269,6 +1274,7 @@ if [ "$SOURCES" = "yes" ]; then else rm -f /usr/local/bin/glorytun apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} + chmod 644 /lib/systemd/system/glorytun-udp@.service GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 @@ -1300,6 +1306,7 @@ if [ "$DSVPN" = "yes" ]; then wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run chmod 755 /usr/local/bin/dsvpn-run wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in + chmod 644 /lib/systemd/system/dsvpn-server@.service mkdir -p /etc/dsvpn wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config if [ -f /etc/dsvpn/dsvpn.key ]; then @@ -1313,6 +1320,7 @@ if [ "$DSVPN" = "yes" ]; then rm -rf /tmp/dsvpn else apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} + chmod 644 /lib/systemd/system/dsvpn-server@.service DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -1358,6 +1366,7 @@ if [ "$SOURCES" = "yes" ]; then chmod 755 /usr/local/bin/glorytun-tcp-run wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network + chmod 644 /lib/systemd/system/glorytun-tcp@.service rm -f /lib/systemd/network/glorytun-tcp.network mkdir -p /etc/glorytun-tcp wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh @@ -1410,6 +1419,8 @@ else cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service fi +chmod 644 /lib/systemd/system/omr.service +chmod 644 /lib/systemd/system/omr6in4@.service chmod 755 /usr/local/bin/omr-service chmod 755 /usr/local/bin/omr-6in4-run if systemctl -q is-active omr-6in4.service; then diff --git a/omr-service b/omr-service index afd1b9e..9c99994 100755 --- a/omr-service +++ b/omr-service @@ -42,7 +42,7 @@ _glorytun_tcp() { localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" [ -z "$localip" ] && localip="10.255.255.1" remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then + if [ "$(ping -c 5 -w 15 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 sleep 10 diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz index eeb36f255423786ff3502b03dab8b9a259e435a2..e1869464c37b2ac1ee943b37e5d5e1bc361db667 100644 GIT binary patch delta 3773 zcmV;u4npzU9p)W>ABzY80SM=000Zq@ZF8eW65g-qS4_#iWVg<;UM$I3r*t_CBZ)Ht z0?3Y2S4Ck7+f*dr0IlQO+W&st!;28|t~a}qlS^p3B$%0=>6z(yx@TxK^F1#P?b$D{ z_D3zCez(iMfy&?Q{%Pk``{cCU?Q~oHlhaqNcDsApe??k#=T z>qL-4;(IqDx9-9@BJpG3kowa0$hx{lUR@pP`(dc+6W$~zwS&DvI+VRD>*rmLpPiJGdLoWVY)2Gu#^N-~9Ut@eX^OAh&|sg9|vQQaWld_yctFfEhU zN7PITSQbCw6_K}+LN&oWyLT3W6Q0@7_qlzhsa%7@|J6L;+O5`it=bQcH+OF{{-LRD zGvCI+nlqjST&G=P8=rJew)u44D7ARnep|@@@%Zh3Nqe*A_GzaqlB5gURlDJAld<3L zpOzREYMx7~VJXHozvsj^t{*kLs3hS@xfV@(YDj{hJSHIdNr~0q6}rtD*`8C9z1Q!T zS*0f$joe^U+Fq+)9xX$eJjLlPORVjFc@E7d=RV$;eB|uET{9-%yIKFP7dzptJ#(Vn z)b|vBJ&XS*y)ypyPb&O>5!%3i^3Dk(MD^}*i!_K~FN1|cq+CVF5OAFU_>=g-Z{(^& z0Ml>XyH&_c!ZFk+_`zf7-rdLKweW^?VEP-KR=Z1X9>G31g$7N>UNXC4qS;uuH=!Lq z60{(p4H^5;}7?0$X!`vx*(!#su)S>4(6-^kGdrV$#Z+J0WWZ z#9KzhzhyTgWlCfxiXd;~cur_9h_<>}xHDju-I?P>4zVK=U|MwV%rjYsD2R~?0_G2@ zXWjgsI4Q917v&yLO+s)4bo+t$7~1;Xb5@HcoLm| z^5TRZ$G^sGyl+<_Hb&-7Y`cpH7#cgJuea=Lb%^S_w&uB?(Ajy-2S2L{C4@+dN%bKw z;5Cw}p}%0%z+`cUVACwAkjZF%KMRh)klZfpyXYtkU}Rtbj$i;mQ|5#AQ3&Jb+@Rz1 zF7P;i88-T^*KMpo1^=E^lJh^swj+p>cmooD>-4l;;r~m}^ZtLLAq=7TD01&ShF|aO z(6w(CfDG|{f^Wog05t)moCMCK7;!vW-Q77+3^}Y^#zs7Q3A{JX9RSM%04Y>TRsr}v z0P}#v3nz{lw#Gg|#CN^B6~Hp$;}UFxzbps<3u;an`gkDlBddg-TR_>d`YnNXjF*xk$WxJ$ zL@SP=>2eZ)-Ae#hMLVJOJnpZJXYd~~cK~Jozt=md@c$(!cWoH@{oc}4^wP8j?ftd! z?E3G({=a*2dV1P9X`d$h|5mmBUxbsl1R;OD4y^xHzuoHtwQ&8n+TCjXzXW~8`JcvA zq&oYn&i+1n_Lrc@?$7-WlBad~nHxT|E1tn=sw@fD>w8%p5t&|6IlGr8l6iJM)eWf{eZMx|FQLg{b0~!^mtib z-vBFrE=$Ikit9w3$}kdz1WCE%WvP%bRZN{1E{bIodR5E2Ci>pDFMvls6CHCkuv)pJ%no&{`eCdAKXP7o7OF$yh3>o$LG-4xbh zKWp>B4>52GSY9WNLo$|!!>f&U66x}GSZ6fXyJK}X)9NlY1qvnAa2!5VulWr>wC`eF+w;ALgyVI zO#+h(KP`UaFwTYV&z<=(14)0JH`da|=zU}qm_VgGd|r}HV?kM1bAcbmQ+qcDLXA2iKskrV_WjzoTKGOrRZu9lkh}`&neO1o)Yk($T^YWO5Az7HE_subE;WX0mqDrgKH)m(glIrKGA(_{M_8vO|q`|a|us^%+gT{}jKG=Vw_(K?d9b~_PKFCDg zeGi6`POrfA-)ARa>j8>1fF#7B4X@8}hoXq- z-C7MhECI#>wk%2JP?G7O`OXfT;O91%P81>1Bv~xTaZu0U^XzXC{?}P9+iE3snEXgp znQQ`ms?bx#Vfc(|S$A46KL zW(t}$l=+ddRY$(7+YoTqvv|OvmI$EeCg_Pu6i^s!AH9 z4hn3)#@3zVyFpW?ptD*ZH{R4h{nglqK@&|9E|@xk7OCPCN?F5 zT(228;R4|a1#d=>a@J%Ytl9i3zgYM)dr`i{a&=Tr!&G(38V{W)hTec$jnxDt3~VM7qQo91UI&O2)Cs;pHuyGz-Sy#n^lPIJaDjV{5C1%TA3a8~v-|)MFn2H(mU+e> zzOCuTxWF6TZ?izk%wOVbXi$7F<5lt|7{F@lb+eb1qJs61lu_cZuJ0`dbAu!hA2P&= zq)2}Te{N94giA5=aPfsc95zT^C!}xqtrI5v1!WfYoHr!FN-U(2q+|(1 zFsOSX{Y-K1kzHE_ZB>|8#^5e_xPTrR{c#H3vX#Gnl9pmF7Bh`@80YrV(xEMiQlZhwNYF|#{Omq357wL!f@PS_uQx8bj|`G-~(RT&u6OG(W1K1tK3 z*&I)e9L-^B5|J=X8(+hc;bjZ7u}~CdZ=I0%$e;<-Fkr`%b_lgVl|_NqAm7Lp|4P*_ zc<8($Cd@xmUA2;NV7ID5JNPkZ><8pDX8JDx=FHSnGyvqXjVyz@eeOU+$}CTS;5@>TsC2;}hPv$Z}Dclj|139N;oR+{9Bf z5tL0eiB2c#CH?C2>Ij^PU7UX-eu|!n|LC+@<@bME-Ch;{@glSt|B=Uh7z%GTCwBCo zl@r=?$N9?ekA4;T@h6V_Kn$tp9Z65spFUA?&lj4twa2Nr?eslzip7ZCDESc9ZXn^{#E!KGvYE5GBo9%zr(Z6fZ#_ha? zx8HGvH;{3VVQnVQH}QEVs5R&k8$vdp%`whoIeJ!r^GV)*Up=U)o zMX?_Q&U~+7pwGqs_j={`|2my+_4^+$LLZC&>=k^0f{J{xAJFbpF2JAJ1t{pq9$o|Z z%3#b*zOM?3ECxfS_b6yy61|j}Rj#p4Ypj!Bhc0C)fZ(Is@Z delta 3761 zcmV;i4o>mr9orp$ABzY8C#?No00Zq@ZF8eW65g-qS4_#iWVg<;-YhxmlrD#1BymPS z0NHWsswgaBn~DS+pmls(``@p7co9P0^=4OcatUph1T)h!Ju^K|_Y93@zURfEJ^SU= z{-_1iKRIFFK;`dt|FrX}-90^Rb-SmnUi($6-99<(y&|oDJ<62RDvIrpkXNDa$Dbk$l9n=npaqoxDgS}YvNuxoUPCRQyc~WzhX-Eyr4*ih0-mM=l?b!7_V&C|ym^e_v zbt1?i@x2?7TX*3ck@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmt zl;cEdm>j2n>8h!6qNeI5XRyzyL3Pf!l1yP-tNq~Kl0$xKs$(i^R5!>s-w?|ZOv~i; z5jB$nmc>taMdYodP)#t;?wv*8gl9JNeQuv=D%arfe>D%dcB}PWtM-HA&E4CKe`spk z%(ro{=8R_n*J+p7#@$YLn@{JBQj4eUw}t#4kKcBG+nY7FPdjCiBwg69+6`x$jQxK9 zw8W@T^ITF5OEI?jJtw|#{ixwZB?-IbS~TscAqj%=n1JNn605;0belD@J*Omluir1T zN>4NzxxuEiy;i?GT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x z?3^fXV@EE#x_c3`bydfQ!{zj+OJ|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7 zT9D9jNaWwf4|eE$PagdhnSmh*ow*x}0{GhWL*QTfuqGZcY30qGkTnD1 zEhFOJvYU}IC9)GmkT-HXC$twtTiq<&88FN4%<&?J*bxaZExLE+nXE$;#7G4J^9R+l zZhlW37xJ;~Y}7i(?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5Tc zaYB#dUt>1jx2q5vBXcLV-9-cpjh)ihTlTd&MD<-;^W0D9?7ZfKpH+ntLL|kc`j8j! z8cEgAUodK5vbaOAX_i#TWHi5@1xH{=ZWs1lbQA_KGB5x~Fo2*b^FjM4gze+hct|4%f8Arv1)?w!Z*>zy6C z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-WW>_r|#cV0i!_g-XdP0N)2- z9*}t9#4*Fx*e8hiu6MTrSVnwYf^G1Z1p#0|%?U#v4+MT>)iJnoHv1NY{$1V``YSVk zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f zFhr|G43dLMyh*G;1OtQy$xRGOQYE>!!7w=vj9KWy2zhx6C_7faCGd{%Qc?tYDpHbY z#W6HpP6Dud3E-+|C$yf&{k8E7{^JfWpzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^ z{|@Z`Pr&EvcKR(W2kXD`|6YcZy96PBVC-T2_uKt$=cL=m_1|ipR_p&I=rhj$G^Qfe z*=`#?UY80?rnSxnSb4Rw1=$xxML^-5AknY@!JbmN>7nFqOl%8ccE zo&Jjo=DrRC!_{J+kA4_Ega0QdomTn$uivfk|3&CC@Lxw2`C9ltf~(WY2KMzJ1yxa)^-A+i zX|hp%4EliqDY<+sVx^eRLJAIl$d?g@!ermCjW>CEx!Xk%kw&^Y)oMQ&G#Nc!me)7H z%Ad=UF{a`=QKvGDL?J;^E_qohBuo`k=Y@-68HHZe@~(-#_ic<;(|%C1-Pp4r23#HdGG9nJAaMV8GH4d6^~~DTbl{-vzZgbL{yAIOVPT2jaxT`wb;+v zeDFgIoC22DiQ|xr<>ByZqn$*$ydBmV&GqhB-OaSROHF}7Ni`gY4;4A6hvVGfUBBVZ zmceEoJ{EW)kFl@<>%5OP{YMXT~b&8=Mlq##=*z-CY_y78yb9{^tPJ+;R2S}5^ z$ghcWpF>G!}VVW1n` z+jIXR@@Kz9Ov<~3A3nw_kNDokxa0$|F`s1#%X-DWS!0cUuh;GU<~mmM?K(cuJ;NAh z6Sxz>JDm<|P84zhr%?h}feW?&0C82u1`y24f`na&TOVt_Cp) zPjvX45)JMt0UwH-6B(|=owr*9hfFu8nne|G%&0iHcB0xodY5$X5;~znXH@8>1YNw| zeTOcoey$plc|B`1{D|sgTHsOVm zl!%_STDq}++K^P&pmme#TZN5}rB9~%a62`H4M<=2r0|M|>$&kUq}6Jspjkti9~oP9 zRK> z(#XrB85S~!* zW&|l`P4>Z>&9Cx{g+H?wo09#uU(lH5%PR#`N5{ zHc;AsLA{PjwI5&+VZw)?4pUGKlPQLfsSPMflT28Oj`nN!YLRS!ERhcRsca5B*c%rh zC`+!h?YSgOwCLzO^zHe~j^gAn<7l#4#BSk!4tsCKkBvv~>@Z(rEHym@DJJ7aT~v(F z2@0w88rJkBjn_ekew@-N-R#g4Ny*cVFKc6eKh{Nu$sWUW>oD0GC%|-1*wiCR>|x?{ zfJi}|;2UIvZzI@UAHGMwHu?Y;xaaur&%^i8V-!2f4*&sk2V-HGXZ+#Ynr@5>ywUwO z3#82aCBB9R#rHB^C2xWOthQb^ds!(eSPw}VCI0IA-eNE}NCNR8L!3y8Wbo$(RZO^l z6f+MOU+BYOgXDEW`i9>+VZvWfW?|2HLlUgSLK;a*wlD{Eu?MIi?E6 z?4*gRg2tam-$T4s_zB3mmX8&oKWU(UAr^c1C{ZI%RCP1O{Um9~gJowp!~_9%}Z>umm^iA6mI2K7=BGo??`^l3K3QzM6Rn3+T* zOw-2KuwHoC0$nT=g~?kdBn~nt0yPZS?xY<;B~WEi;5EoMa<#uw^$Q+4uZRir&s0~f zWE|M7s?ZL83>y1EIE~r;3&1!tbrTIhxNH~8aBiR54^c8S+)Utju%Lo}d=pa4$(Gq# z(~G%T3_-RjDCVW{4EY{lyS;qdu$`4`5Vq6Tj{kPv+Vy|B13MneCnj;i4p}a656P2j zn7}D9ci$|oxpT=xpv+d%*1b9$CcgNDH!iYVROaLwfaL&#LWG1t5rV#ZJnG{@gFZjoADoc%!i@yW^-ak|5-VqJ$Ib14FBj? zksp8J$PdJjdft)rRQ>4__2woQJ5OibTtaeDh(A&s$rHaG!aW)P!LeTuL6=P6&_OBw zm258Gm$7opZ92EW;E9sRooZQRa(TX_2&S9k*%2N~98 z@_ZAYcY<1jF0nCW4_xv`pi%7rOTJzQ_P5_~9Msq1N-rb- Date: Wed, 30 Aug 2023 09:28:03 +0000 Subject: [PATCH 112/164] Fix Ubuntu support --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8e155d1..84a2421 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -405,9 +405,9 @@ if [ "$UPSTREAM6" != "yes" ]; then bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null -elif [ "$update" != "0" ]; then +else if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then - apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f) + apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1) fi [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 From 73cecfb6f91c9dc64867da0ca23d576a99f07426 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 31 Aug 2023 07:21:07 +0000 Subject: [PATCH 113/164] Fix V2Ray update --- debian9-x86_64.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 84a2421..a0c9553 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -915,7 +915,8 @@ if [ "$V2RAY" = "yes" ]; then apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.json ]; then - V2RAY_UUID=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' v2ray-server.json | head -n 1 | tr -d "\n") + V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n") + [ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2" fi #if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json From 0ad22072a71952a015324fe76303d0eccfdbd1ef Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 31 Aug 2023 07:21:36 +0000 Subject: [PATCH 114/164] Increase nf_contrack_max and nf_conntrack_buckets values --- shadowsocks.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shadowsocks.conf b/shadowsocks.conf index 0b813e7..7444223 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -50,7 +50,8 @@ net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_congestion_control = cubic net.core.default_qdisc = fq # Default conntrack is too small -net.netfilter.nf_conntrack_max = 131072 +net.netfilter.nf_conntrack_max = 524288 +net.netfilter.nf_conntrack_buckets=131072 net.netfilter.nf_conntrack_tcp_timeout_established = 86400 net.ipv4.conf.all.log_martians = 0 From e9fd4192dc95cd0bdb794eed8fe07317b87bc89f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 1 Sep 2023 07:19:07 +0000 Subject: [PATCH 115/164] Update omr-admin, don't add TCP congestion control on kernel 6.1, remove 9000 MTU --- debian9-x86_64.sh | 91 +++++++++++++++++++++++++---------------------- omr-service | 12 +++---- shadowsocks.conf | 2 +- 3 files changed, 55 insertions(+), 50 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a0c9553..68d8a52 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="d77ffb62084271a388a09d1b0d17e42aae0514ab" -OMR_ADMIN_BINARY_VERSION="0.3+20230828" +OMR_ADMIN_VERSION="80ff9621748ec198b3a81660539a144ef443a531" +OMR_ADMIN_BINARY_VERSION="0.3+20230901" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -420,6 +420,7 @@ if [ "$ARCH" = "amd64" ]; then apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox echo "Install iperf3 OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 + chmod 644 /lib/systemd/system/iperf3.service fi if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -547,51 +548,53 @@ else apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi -# Load OLIA Congestion module at boot time -if ! grep -q olia /etc/modules ; then - echo mptcp_olia >> /etc/modules -fi -# Load WVEGAS Congestion module at boot time -if ! grep -q wvegas /etc/modules ; then - echo mptcp_wvegas >> /etc/modules -fi -# Load BALIA Congestion module at boot time -if ! grep -q balia /etc/modules ; then - echo mptcp_balia >> /etc/modules -fi # Load BBR Congestion module at boot time if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi -# Load BBRv2 Congestion module at boot time -if ! grep -q bbr2 /etc/modules ; then - echo tcp_bbr2 >> /etc/modules -fi -# Load mctcpdesync Congestion module at boot time -if ! grep -q mctcp_desync /etc/modules ; then - echo mctcp_desync >> /etc/modules -fi -# Load ndiffports module at boot time -if ! grep -q mptcp_ndiffports /etc/modules ; then - echo mptcp_ndiffports >> /etc/modules -fi -# Load redundant module at boot time -if ! grep -q mptcp_redundant /etc/modules ; then - echo mptcp_redundant >> /etc/modules -fi -# Load rr module at boot time -if ! grep -q mptcp_rr /etc/modules ; then - echo mptcp_rr >> /etc/modules -fi -# Load mctcp ECF scheduler at boot time -if ! grep -q mptcp_ecf /etc/modules ; then - echo mptcp_ecf >> /etc/modules -fi -# Load mctcp BLEST scheduler at boot time -if ! grep -q mptcp_blest /etc/modules ; then - echo mptcp_blest >> /etc/modules -fi +if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + # Load OLIA Congestion module at boot time + if ! grep -q olia /etc/modules ; then + echo mptcp_olia >> /etc/modules + fi + # Load WVEGAS Congestion module at boot time + if ! grep -q wvegas /etc/modules ; then + echo mptcp_wvegas >> /etc/modules + fi + # Load BALIA Congestion module at boot time + if ! grep -q balia /etc/modules ; then + echo mptcp_balia >> /etc/modules + fi + # Load BBRv2 Congestion module at boot time + if ! grep -q bbr2 /etc/modules ; then + echo tcp_bbr2 >> /etc/modules + fi + # Load mctcpdesync Congestion module at boot time + if ! grep -q mctcp_desync /etc/modules ; then + echo mctcp_desync >> /etc/modules + fi + # Load ndiffports module at boot time + if ! grep -q mptcp_ndiffports /etc/modules ; then + echo mptcp_ndiffports >> /etc/modules + fi + # Load redundant module at boot time + if ! grep -q mptcp_redundant /etc/modules ; then + echo mptcp_redundant >> /etc/modules + fi + # Load rr module at boot time + if ! grep -q mptcp_rr /etc/modules ; then + echo mptcp_rr >> /etc/modules + fi + # Load mctcp ECF scheduler at boot time + if ! grep -q mptcp_ecf /etc/modules ; then + echo mptcp_ecf >> /etc/modules + fi + # Load mctcp BLEST scheduler at boot time + if ! grep -q mptcp_blest /etc/modules ; then + echo mptcp_blest >> /etc/modules + fi +fi if systemctl -q is-active omr-admin.service; then systemctl -q stop omr-admin > /dev/null 2>&1 fi @@ -721,6 +724,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then [ "$NOINTERNET" = "yes" ] && { sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } + chmod 644 /lib/systemd/system/omr-admin.service + chmod 644 /lib/systemd/system/omr-admin-ipv6.service #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py [ "$(ip -6 a)" != "" ] && { systemctl enable omr-admin-ipv6.service @@ -1203,7 +1208,7 @@ if [ "$OPENVPN" = "yes" ]; then cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi mkdir -p /etc/openvpn/ccd - + chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then diff --git a/omr-service b/omr-service index 9c99994..d1d9e77 100755 --- a/omr-service +++ b/omr-service @@ -7,13 +7,13 @@ _multipath() { for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then - [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on + [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on 2>&1 >/dev/null [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { - multipath $intf signal + multipath $intf signal 2>&1 >/dev/null ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null } else - [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off + [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off 2>&1 >/dev/null fi fi done @@ -29,7 +29,7 @@ _glorytun_udp() { for intf in /etc/glorytun-udp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} done - ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null + #ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null fi } @@ -48,7 +48,7 @@ _glorytun_tcp() { sleep 10 fi fi - ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null + #ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null fi } @@ -62,7 +62,7 @@ _dsvpn() { logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" systemctl restart dsvpn@dsvpn0 fi - ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null + #ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null fi } diff --git a/shadowsocks.conf b/shadowsocks.conf index 7444223..c270238 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -47,7 +47,7 @@ net.ipv4.tcp_wmem = 4096 65536 33554432 net.ipv4.tcp_mtu_probing = 0 # for low-latency network, use cubic instead -net.ipv4.tcp_congestion_control = cubic +net.ipv4.tcp_congestion_control = bbr net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 524288 From a029915e390006acfc456034b7054db85397e84f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 7 Sep 2023 07:55:39 +0000 Subject: [PATCH 116/164] Decrease timeout before restarting not working Glorytun TCP --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index d1d9e77..ec2adc2 100755 --- a/omr-service +++ b/omr-service @@ -42,7 +42,7 @@ _glorytun_tcp() { localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" [ -z "$localip" ] && localip="10.255.255.1" remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 15 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then + if [ "$(ping -c 4 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 sleep 10 From afa31c4f036c462b9b6da9adf9c66513e864ce79 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 7 Sep 2023 07:56:25 +0000 Subject: [PATCH 117/164] Custom 6.1 sysctl kernel configuration --- debian9-x86_64.sh | 12 ++++++-- shadowsocks.6.1.conf | 67 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 shadowsocks.6.1.conf diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 68d8a52..6b0c0f0 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -739,9 +739,17 @@ fi # Get shadowsocks optimization if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf + if [ "$UPSTREAM6" = "yes" ]; then + wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf + else + wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf + fi else - cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf + if [ "$UPSTREAM6" = "yes" ]; then + cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf + else + cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf + fi fi if [ "$update" != 0 ]; then diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf new file mode 100644 index 0000000..53f3bb0 --- /dev/null +++ b/shadowsocks.6.1.conf @@ -0,0 +1,67 @@ +# local sysctl settings can be stored in this directory +# max open files +fs.file-max = 512000 +# max read buffer +net.core.rmem_max = 16777216 +# max write buffer +net.core.wmem_max = 16777216 +#net.core.optmem_max = 33554432 +# default read buffer +#net.core.rmem_default = 16777216 +# default write buffer +#net.core.wmem_default = 16777216 +# max processor input queue +net.core.netdev_max_backlog = 4096 +# max backlog +net.core.somaxconn = 4096 + +# resist SYN flood attacks +net.ipv4.tcp_syncookies = 1 +# reuse timewait sockets when safe +net.ipv4.tcp_tw_reuse = 1 +# turn off fast timewait sockets recycling +#net.ipv4.tcp_tw_recycle = 0 +# short FIN timeout +net.ipv4.tcp_fin_timeout = 80 +# Increase max orphans +net.ipv4.tcp_max_orphans = 16384 +# short keepalive time +net.ipv4.tcp_keepalive_time = 7200 +# outbound port range +net.ipv4.ip_local_port_range = 9999 65000 +# max SYN backlog +net.ipv4.tcp_max_syn_backlog = 10240 +# max timewait sockets held by system simultaneously +net.ipv4.tcp_max_tw_buckets = 10000 +# turn on TCP Fast Open on both client and server side +net.ipv4.tcp_fastopen = 3 +# TCP buffer +net.ipv4.tcp_mem = 1638400 1638400 1638400 +# UDP buffer +#net.ipv4.udp_mem = 4096 87380 16777216 +# TCP receive buffer +net.ipv4.tcp_rmem = 4096 87380 16777216 +# TCP write buffer +net.ipv4.tcp_wmem = 4096 87380 16777216 +# turn on path MTU discovery +net.ipv4.tcp_mtu_probing = 0 + +# for low-latency network, use cubic instead +net.ipv4.tcp_congestion_control = bbr +net.core.default_qdisc = fq +# Default conntrack is too small +net.netfilter.nf_conntrack_max = 524288 +net.netfilter.nf_conntrack_buckets=131072 +net.netfilter.nf_conntrack_tcp_timeout_established = 86400 + +net.ipv4.conf.all.log_martians = 0 +net.ipv4.conf.default.log_martians = 0 + +# MPTCP settings +net.mptcp.checksum_enabled = 0 +net.mptcp.add_addr_timeout = 120 +net.mptcp.allow_join_initial_addr_port = 1 +net.mptcp.enabled = 1 +net.mptcp.pm_type = 0 +net.mptcp.stale_loss_cnt = 4 +net.ipv4.tcp_ecn = 2 From 8cef34ed5bb17d14ff672bdb33791c76a32c730f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 7 Sep 2023 12:25:38 +0000 Subject: [PATCH 118/164] Fix https://github.com/Ysurac/openmptcprouter/issues/2949 --- debian9-x86_64.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6b0c0f0..f3ab73d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -553,7 +553,7 @@ if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi -if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then +if [ "$UPSTREAM" != "yes" ] && [ "$UPSTREAM6" != "yes" ]; then # Load OLIA Congestion module at boot time if ! grep -q olia /etc/modules ; then echo mptcp_olia >> /etc/modules From 8ac6293b588373a966576c4f1c8772f6f4ab7dd0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 14 Sep 2023 09:31:45 +0000 Subject: [PATCH 119/164] Update API, add check for omr-service, fix v2ray service file --- debian9-x86_64.sh | 19 +++++++++++++------ omr-service | 2 +- omr.service.in | 2 +- v2ray-server.json | 3 +-- v2ray.service | 18 ++++++++++++++++++ 5 files changed, 34 insertions(+), 10 deletions(-) create mode 100644 v2ray.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index f3ab73d..8cabcd3 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="80ff9621748ec198b3a81660539a144ef443a531" -OMR_ADMIN_BINARY_VERSION="0.3+20230901" +OMR_ADMIN_VERSION="488cc5346dbfe8bcbee4413013dc22b698f1d15c" +OMR_ADMIN_BINARY_VERSION="0.3+20230911" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -816,6 +816,7 @@ else cp ${DIR}/omr-update /usr/bin/omr-update chmod 755 /usr/bin/omr-update fi +chmod 644 /lib/systemd/system/omr-update.service # Install simple-obfs if [ "$OBFS" = "yes" ]; then @@ -940,9 +941,15 @@ if [ "$V2RAY" = "yes" ]; then fi rm -f /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json - if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then - mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service + #if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then + # mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service + #fi + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service + else + cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service fi + chmod 644 /lib/systemd/system/v2ray.service systemctl daemon-reload systemctl enable v2ray.service #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -1671,13 +1678,13 @@ if [ "$update" = "0" ]; then fi if [ "$MLVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - MLVPN first port: 65201' + MLVPN first port: 65201 Your MLVPN password: $MLVPN_PASS EOF fi if [ "$UBOND" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - UBOND first port: 65251' + UBOND first port: 65251 Your UBOND password: $UBOND_PASS EOF fi diff --git a/omr-service b/omr-service index ec2adc2..6846980 100755 --- a/omr-service +++ b/omr-service @@ -114,7 +114,7 @@ _gre_tunnels() { . "$(readlink -f "$intf")" iface="$(basename $intf)" if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then - ip tunnel del $iface 2>&1 >/dev/null + [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface 2>&1 >/dev/null ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null ip link set $iface up 2>&1 >/dev/null ip addr add $LOCALIP dev $iface 2>&1 >/dev/null diff --git a/omr.service.in b/omr.service.in index 4e17716..0e9352b 100644 --- a/omr.service.in +++ b/omr.service.in @@ -1,6 +1,6 @@ [Unit] Description=OMR -After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service +After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service [Service] Type=simple diff --git a/v2ray-server.json b/v2ray-server.json index d605b3d..95f8dbf 100644 --- a/v2ray-server.json +++ b/v2ray-server.json @@ -92,8 +92,7 @@ "pass": "V2RAY_UUID", "user": "openmptcprouter" } - ], - "udp": true + ] }, "streamSettings": { "sockopt": { diff --git a/v2ray.service b/v2ray.service new file mode 100644 index 0000000..9ac9baa --- /dev/null +++ b/v2ray.service @@ -0,0 +1,18 @@ +[Unit] +Description=V2Ray Service +Documentation=https://www.v2fly.org/ +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +User=root +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=true +ExecStart=/usr/bin/v2ray run -config /etc/v2ray/config.json +Restart=always +RestartPreventExitStatus=23 +StartLimitInterval=0 + +[Install] +WantedBy=multi-user.target From 0743e7c75a9aba4c28a47ec04465908fcda4027b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 23 Sep 2023 06:46:50 +0000 Subject: [PATCH 120/164] Fix omr-service --- omr-service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/omr-service b/omr-service index 6846980..2d13221 100755 --- a/omr-service +++ b/omr-service @@ -98,7 +98,7 @@ _lan_route() { while IFS=$"\n" read -r d; do if [ "$d" != "" ]; then network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip onlink 2>&1 >/dev/null + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null fi done fi @@ -146,7 +146,7 @@ _openvpn_bonding() { ip link set ovpnbonding8 up 2>&1 >/dev/null ip link set omr-bonding up mtu 1440 2>&1 >/dev/null ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null - ip r add 10.255.248.0/24 dev omr-bonding onlink 2>&1 >/dev/null + ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null fi } From 0d9a766d288402441b911afc1b4ccb16aa471da1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 10 Oct 2023 14:38:56 +0000 Subject: [PATCH 121/164] Add shadowsocks-go and XRay --- debian9-x86_64.sh | 122 ++++++++++++++++++- omr-service | 2 +- shadowsocks-go.server.json | 39 ++++++ v2ray.service | 2 +- xray-server.json | 243 +++++++++++++++++++++++++++++++++++++ xray.service | 18 +++ 6 files changed, 422 insertions(+), 4 deletions(-) create mode 100644 shadowsocks-go.server.json create mode 100644 xray-server.json create mode 100644 xray.service diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 8cabcd3..e86b28d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -17,6 +17,11 @@ OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-no} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} +XRAY=${XRAY:-yes} +XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID} +SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes} +PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)} +UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)} UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} @@ -61,13 +66,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="488cc5346dbfe8bcbee4413013dc22b698f1d15c" -OMR_ADMIN_BINARY_VERSION="0.3+20230911" +OMR_ADMIN_VERSION="d560968d43850c48119c1b72372d6f341878ffa6" +OMR_ADMIN_BINARY_VERSION="0.4+20231009" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" +XRAY_VERSION="1.8.5" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -75,6 +81,7 @@ EASYRSA_VERSION="3.0.6" #fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" +SHADOWSOCKS_GO_VERSION="1.8.0" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" @@ -888,6 +895,48 @@ if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi +if systemctl -q is-active shadowsocks-go.service; then + systemctl -q stop shadowsocks-go > /dev/null 2>&1 + systemctl -q disable shadowsocks-go > /dev/null 2>&1 +fi + +if [ "$SHADOWSOCKS_GO" = "yes" ]; then + if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then + if [ "$ARCH" = "amd64" ]; then + wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb + rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb + elif [ "$ARCH" = "arm64" ]; then + wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb + rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb + fi + else + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION} + fi + if [ -f /etc/shadowsocks-go/server.json ]; then + PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n") + [ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2" + UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n") + [ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2" + fi + wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json + sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json + sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json + jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new + mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak + mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json + + chmod 644 /lib/systemd/system/shadowsocks-go.service + systemctl daemon-reload + systemctl enable shadowsocks-go.service +fi + + if systemctl -q is-active v2ray.service; then systemctl -q stop v2ray > /dev/null 2>&1 systemctl -q disable v2ray > /dev/null 2>&1 @@ -898,10 +947,14 @@ if [ "$V2RAY" = "yes" ]; then if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then if [ "$ARCH" = "amd64" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb elif [ "$ARCH" = "arm64" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb fi @@ -957,6 +1010,66 @@ if [ "$V2RAY" = "yes" ]; then #fi fi +if systemctl -q is-active xray.service; then + systemctl -q stop xray > /dev/null 2>&1 + systemctl -q disable xray > /dev/null 2>&1 +fi + +if [ "$XRAY" = "yes" ]; then + #apt-get -y -o Dpkg::Options::="--force-overwrite" install xray + if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then + if [ "$ARCH" = "amd64" ]; then + wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb + rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb + elif [ "$ARCH" = "arm64" ]; then + wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb + rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb + fi + else + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION} + fi + if [ -f /etc/xray/xray-server.json ]; then + XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n") + [ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2" + PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n") + [ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2" + UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n") + [ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2" + fi + jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new + mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak + mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json + #if [ ! -f /etc/xray/xray-server.json ]; then + wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json + sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json + sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json + sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json + sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json + #fi + if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then + sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json + fi + rm -f /etc/xray/config.json + ln -s /etc/xray/xray-server.json /etc/xray/config.json + #if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then + # mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service + #fi + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service + else + cp ${DIR}/xray.service /lib/systemd/system/xray.service + fi + chmod 644 /lib/systemd/system/xray.service + systemctl daemon-reload + systemctl enable xray.service +fi + if systemctl -q is-active mlvpn@mlvpn0.service; then systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1 @@ -1003,6 +1116,8 @@ if [ "$MLVPN" = "yes" ]; then fi fi else + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$mlvpnupdate" = "0" ]; then @@ -1620,6 +1735,8 @@ if [ "$update" = "0" ]; then echo 'Shadowsocks encryption: chacha20' echo 'Your shadowsocks key: ' echo $SHADOWSOCKS_PASS + echo 'Your shadowsocks 2022 key: ' + echo "${PSK}:${UPSK}" echo 'Glorytun port: 65001' echo 'Glorytun encryption: chacha20' echo 'Your glorytun key: ' @@ -1666,6 +1783,7 @@ if [ "$update" = "0" ]; then Shadowsocks port: 65101 Shadowsocks encryption: chacha20 Your shadowsocks key: ${SHADOWSOCKS_PASS} + Your shadowsocks 2022 key: ${PSK}:${UPSK} Glorytun port: 65001 Glorytun encryption: chacha20 Your glorytun key: ${GLORYTUN_PASS} diff --git a/omr-service b/omr-service index 2d13221..8a14b69 100755 --- a/omr-service +++ b/omr-service @@ -42,7 +42,7 @@ _glorytun_tcp() { localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" [ -z "$localip" ] && localip="10.255.255.1" remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 4 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then + if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" systemctl restart glorytun-tcp@tun0 sleep 10 diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json new file mode 100644 index 0000000..fd5731e --- /dev/null +++ b/shadowsocks-go.server.json @@ -0,0 +1,39 @@ +{ + "servers": [ + { + "name": "ss-2022", + "protocol": "2022-blake3-aes-256-gcm", + "tcpListeners": [ + { + "network": "tcp", + "address": ":65280", + "fastOpen": false, + "reusePort": false, + "multipath": true + } + ], + "enableTCP": true, + "listenerTFO": false, + "enableUDP": true, + "mtu": 1500, + "psk": "PSK", + "uPSKStorePath": "/etc/shadowsocks-go/upsks.json" + } + ], + "stats": { + "enabled": true + }, + "api": { + "enabled": true, + "debugPprof": false, + "enableTrustedProxyCheck": false, + "trustedProxies": [], + "proxyHeader": "X-Forwarded-For", + "listen": "127.0.0.1:65279", + "certFile": "", + "keyFile": "", + "clientCertFile": "", + "secretPath": "", + "fiberConfigPath": "" + } +} \ No newline at end of file diff --git a/v2ray.service b/v2ray.service index 9ac9baa..f97647e 100644 --- a/v2ray.service +++ b/v2ray.service @@ -9,7 +9,7 @@ User=root CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW NoNewPrivileges=true -ExecStart=/usr/bin/v2ray run -config /etc/v2ray/config.json +ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json Restart=always RestartPreventExitStatus=23 StartLimitInterval=0 diff --git a/xray-server.json b/xray-server.json new file mode 100644 index 0000000..e90f200 --- /dev/null +++ b/xray-server.json @@ -0,0 +1,243 @@ +{ + "log": { + "loglevel": "error", + "error": "/tmp/v2rayError.log" + }, + "transport": { + "tcpSettings": {}, + "wsSettings": {}, + "kcpSettings": { + "mtu": 1460, + "tti": 10, + "uplinkCapacity": 100, + "downlinkCapacity": 100, + "congestion": false, + "readBufferSize": 8, + "writeBufferSize": 8 + } + }, + "inbounds": [ + { + "tag": "omrin-tunnel", + "port": 65248, + "protocol": "vless", + "settings": { + "decryption": "none", + "clients": [ + { + "id": "V2RAY_UUID", + "level": 0, + "alterId": 0, + "email": "openmptcprouter" + } + ] + }, + "streamSettings": { + "sockopt": { + "tcpMptcp": true, + "mark": 0 + }, + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", + "keyFile": "/etc/openvpn/ca/pki/private/server.key" + } + ] + } + } + }, + { + "tag": "omrin-vmess-tunnel", + "port": 65250, + "protocol": "vmess", + "settings": { + "decryption": "none", + "clients": [ + { + "id": "V2RAY_UUID", + "level": 0, + "alterId": 0, + "email": "openmptcprouter" + } + ] + }, + "streamSettings": { + "sockopt": { + "tcpMptcp": true, + "mark": 0 + }, + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", + "keyFile": "/etc/openvpn/ca/pki/private/server.key" + } + ] + } + } + }, + { + "tag": "omrin-socks-tunnel", + "port": 65251, + "protocol": "socks", + "settings": { + "auth": "password", + "accounts": [ + { + "pass": "V2RAY_UUID", + "user": "openmptcprouter" + } + ] + }, + "streamSettings": { + "sockopt": { + "tcpMptcp": true, + "mark": 0 + }, + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", + "keyFile": "/etc/openvpn/ca/pki/private/server.key" + } + ] + } + } + }, + { + "tag": "omrin-trojan-tunnel", + "port": 65249, + "protocol": "trojan", + "settings": { + "clients": [ + { + "password": "V2RAY_UUID", + "email": "openmptcprouter", + "level": 0 + } + ] + }, + "streamSettings": { + "sockopt": { + "tcpMptcp": true, + "mark": 0 + }, + "network": "tcp", + "security": "tls", + "tlsSettings": { + "certificates": [ + { + "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", + "keyFile": "/etc/openvpn/ca/pki/private/server.key" + } + ] + } + } + }, + { + "tag": "omrin-shadowsocks-tunnel", + "port": 65252, + "protocol": "shadowsocks", + "settings": { + "password": "XRAY_PSK", + "method": "2022-blake3-aes-256-gcm", + "network": "tcp,udp", + "clients": [ + { + "password": "XRAY_UPSK", + "email": "openmptcprouter" + } + ] + }, + "streamSettings": { + "sockopt": { + "tcpMptcp": true, + "mark": 0 + }, + "network": "tcp" + } + }, + { + "listen": "127.0.0.1", + "port": 10086, + "protocol": "dokodemo-door", + "settings": { + "address": "127.0.0.1" + }, + "tag": "api" + } + ], + "outbounds": [ + { + "protocol": "freedom", + "settings": { + "userLevel": 0 + }, + "tag": "direct" + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "omrin-tunnel", + "omrin-vmess-tunnel", + "omrin-socks-tunnel", + "omrin-trojan-tunnel" + ], + "outboundTag": "OMRLan", + "domain": [ + "full:omr.lan" + ] + }, + { + "inboundTag": [ + "api" + ], + "outboundTag": "api", + "type": "field" + } + ] + }, + "reverse": { + "portals": [ + { + "tag": "OMRLan", + "domain": "omr.lan" + } + ] + }, + "stats": {}, + "api": { + "tag": "api", + "services": [ + "HandlerService", + "LoggerService", + "StatsService" + ] + }, + "policy": { + "levels": { + "0": { + "uplinkOnly": 0, + "downlinkOnly": 0, + "bufferSize": 512, + "connIdle": 2400, + "statsUserUplink": true, + "statsUserDownlink": true + } + }, + "system": { + "statsInboundUplink": true, + "statsInboundDownlink": true + } + } +} diff --git a/xray.service b/xray.service new file mode 100644 index 0000000..ca9d3c6 --- /dev/null +++ b/xray.service @@ -0,0 +1,18 @@ +[Unit] +Description=XRay Service +Documentation=https://www.v2fly.org/ +After=network.target nss-lookup.target +Wants=network-online.target + +[Service] +User=root +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW +NoNewPrivileges=true +ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json +Restart=always +RestartPreventExitStatus=23 +StartLimitInterval=0 + +[Install] +WantedBy=multi-user.target From c0af37c0c2b46f240d6558f856b354a552118132 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 26 Oct 2023 14:29:51 +0000 Subject: [PATCH 122/164] Fix dsvpn restart in omr-service, add VLESS-REALITY support --- debian9-x86_64.sh | 30 ++++++++++++++++++++++-------- omr-service | 2 +- xray-server.json | 1 + 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e86b28d..dacbfa6 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -66,8 +66,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="d560968d43850c48119c1b72372d6f341878ffa6" -OMR_ADMIN_BINARY_VERSION="0.4+20231009" +OMR_ADMIN_VERSION="afbcb55ef352a77c5f50a1b7e402ec515f5944b0" +OMR_ADMIN_BINARY_VERSION="0.5+20231021" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -538,10 +538,10 @@ if [ "$SOURCES" = "yes" ]; then #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - dpkg-buildpackage -b -us -uc + dpkg-buildpackage -b -us -uc 2>&1 >/dev/null rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend cd /tmp @@ -1041,6 +1041,10 @@ if [ "$XRAY" = "yes" ]; then [ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2" UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n") [ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2" + XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") + [ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2" + XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") + [ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2" fi jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak @@ -1051,10 +1055,20 @@ if [ "$XRAY" = "yes" ]; then sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json + wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json + if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then + XRAY_X25519_KEYS=$(/usr/bin/xray x25519) + XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n") + XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n") + fi + sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json + sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json + sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json + + #fi + #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then + # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json #fi - if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then - sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json - fi rm -f /etc/xray/config.json ln -s /etc/xray/xray-server.json /etc/xray/config.json #if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then @@ -1656,7 +1670,7 @@ sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install socat + apt-get -y install socat cron if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" diff --git a/omr-service b/omr-service index 8a14b69..3fa14a6 100755 --- a/omr-service +++ b/omr-service @@ -60,7 +60,7 @@ _dsvpn() { remoteip="$(echo $localip | sed 's/\.1/\.2/')" if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" - systemctl restart dsvpn@dsvpn0 + systemctl restart dsvpn-server@dsvpn0 fi #ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null fi diff --git a/xray-server.json b/xray-server.json index e90f200..5db520d 100644 --- a/xray-server.json +++ b/xray-server.json @@ -189,6 +189,7 @@ "type": "field", "inboundTag": [ "omrin-tunnel", + "omrin-vless-reality", "omrin-vmess-tunnel", "omrin-socks-tunnel", "omrin-trojan-tunnel" From c708189fb9b1156bdbeb08e0a83cca72a19e1123 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 8 Dec 2023 07:59:01 +0000 Subject: [PATCH 123/164] Update omr-admin, fix Pi-Hole install, optimize OpenVPN --- debian9-x86_64.sh | 28 ++++++++++++++-------------- multipath | 4 +++- omr-pihole.sh | 2 +- openvpn-tun0.conf | 3 +++ 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index dacbfa6..19d4a36 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -66,8 +66,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="afbcb55ef352a77c5f50a1b7e402ec515f5944b0" -OMR_ADMIN_BINARY_VERSION="0.5+20231021" +OMR_ADMIN_VERSION="a671b9171edeb82fc8ff8bb150ca6ffd6f57ee6a" +OMR_ADMIN_BINARY_VERSION="0.7+20231206" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -302,25 +302,25 @@ else Pin: origin ${REPO} Pin-Priority: 1001 EOF + if [ -n "$(echo $OMR_VERSION | grep test)" ]; then + echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list +# cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref +# Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones +# Package: * +# Pin: origin ${REPO} +# Pin-Priority: 1002 +# EOF + else + rm -f /etc/apt/sources.list.d/openmptcprouter-test.list + fi if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then - cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref + cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref Explanation: Prefer libuv1 Debian native package Package: libuv1 Pin: version * Pin-Priority: 1003 EOF fi - if [ -n "$(echo $OMR_VERSION | grep test)" ]; then - echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list - cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref - Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones - Package: * - Pin: origin ${REPO} - Pin-Priority: 1002 - EOF - else - rm -f /etc/apt/sources.list.d/openmptcprouter-test.list - fi wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - fi diff --git a/multipath b/multipath index 23d87e1..bc90876 100755 --- a/multipath +++ b/multipath @@ -117,7 +117,9 @@ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then else ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') - IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') + #IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') + [ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local') + [ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local') RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null case $TYPE in diff --git a/omr-pihole.sh b/omr-pihole.sh index bfffd4a..a32acfb 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -31,7 +31,7 @@ $SERVER["socket"] == "10.255.252.1:80" { } $SERVER["socket"] == "10.255.251.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { } EOF -systemctl -q restart lighttpd +systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf cat >> /etc/pihole/setupVars.conf <<-EOF diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index fc778d9..82c34f9 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -18,6 +18,9 @@ crl-verify /etc/openvpn/ca/pki/crl.pem keepalive 10 240 sndbuf 0 rcvbuf 0 +txqueuelen 2000 +tun-mtu 1400 +mssfix 1360 tls-server tls-version-min 1.2 #compress lzo From 6e64c063254cfad7f43f7b26466be2f27b3fed8e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 8 Dec 2023 19:15:02 +0000 Subject: [PATCH 124/164] Add management port on openvpn --- openvpn-tun0.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index 82c34f9..d0d18f3 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -26,3 +26,4 @@ tls-version-min 1.2 #compress lzo push "route 10.255.252.1 255.255.255.255" client-config-dir ccd +management localhost 65302 From c0c962700743545da6cdefa3de73415a99e6fd63 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 1 Feb 2024 19:48:09 +0000 Subject: [PATCH 125/164] Update script to latest version on server with vless-reality, iperf from distribution, updated API,... --- debian9-x86_64.sh | 110 ++++++++++++++++++++++++++++++---------- iperf3.override.conf | 3 ++ iperf3.service.in | 2 +- omr-service | 28 +++++++++- openvpn-tun0.6.1.conf | 32 ++++++++++++ openvpn-tun1.6.1.conf | 29 +++++++++++ shadowsocks.6.1.conf | 2 +- shadowsocks.conf | 2 +- xray-vless-reality.json | 47 +++++++++++++++++ xray.service | 2 +- 10 files changed, 223 insertions(+), 34 deletions(-) create mode 100644 iperf3.override.conf create mode 100644 openvpn-tun0.6.1.conf create mode 100644 openvpn-tun1.6.1.conf create mode 100644 xray-vless-reality.json diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 19d4a36..06c044f 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -42,6 +42,7 @@ fi NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} +IPERF=${IPERF:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} KERNEL_VERSION="5.4.207" @@ -66,14 +67,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="a671b9171edeb82fc8ff8bb150ca6ffd6f57ee6a" -OMR_ADMIN_BINARY_VERSION="0.7+20231206" +OMR_ADMIN_VERSION="70e3403ba4344d5c5006f03f989c8024d0f4708b" +OMR_ADMIN_BINARY_VERSION="0.8+20231228" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" -XRAY_VERSION="1.8.5" +XRAY_VERSION="1.8.6" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -174,23 +175,27 @@ if [ "$UPDATE" = "yes" ]; then echo "Update mode" fi # Force update key -[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { - echo "Update OpenMPTCProuter repo key" - wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - -} +#[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { +# echo "Update OpenMPTCProuter repo key" +# #wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - +# wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg +#} CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then exit 1 fi +# Force update key [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" + apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' 2>&1 >/dev/null if [ "$CHINA" = "yes" ]; then #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - - wget -O - https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - + wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg else - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg fi } @@ -321,7 +326,8 @@ else Pin-Priority: 1003 EOF fi - wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - + wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg fi #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 @@ -347,7 +353,7 @@ fi echo "Install mptcp kernel and shadowsocks..." apt-get update --allow-releaseinfo-change sleep 2 -apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config +apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset if [ -z "$(dpkg-query -l | grep grub)" ]; then if [ -d /boot/grub2 ]; then @@ -425,9 +431,29 @@ fi if [ "$ARCH" = "amd64" ]; then echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox - echo "Install iperf3 OpenMPTCProuter edition" - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 - chmod 644 /lib/systemd/system/iperf3.service +fi +if [ "$IPERF" = "yes" ]; then + #echo "Install iperf3 OpenMPTCProuter edition" + #apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 + #chmod 644 /lib/systemd/system/iperf3.service + echo "Install iperf3" + [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null + apt-get -y install iperf3 + if [ ! -f "/etc/iperf3/private.pem" ]; then + mkdir -p /etc/iperf3 + openssl genrsa -out /etc/iperf3/private.pem 2048 + openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem + IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }') + echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv + fi + chown -Rf iperf3 /etc/iperf3 || true + systemctl enable iperf3.service + mkdir -p /etc/systemd/system/iperf3.service.d + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf + else + cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf + fi fi if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -457,10 +483,10 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then cd /tmp fi rm -rf iproute2 - if [ "$ARCH" = "amd64" ]; then - echo "MPTCPize iperf3..." - mptcpize enable iperf3 - fi + + echo "MPTCPize iperf3..." + mptcpize enable iperf3 2>&1 >/dev/null + #if [ "$UPSTREAM6" = "yes" ]; then # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg # apt-get -y install systemtap @@ -739,8 +765,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then } systemctl enable omr-admin.service if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - mptcpize enable omr-admin.service - [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service + mptcpize enable omr-admin.service 2>&1 >/dev/null + [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null fi fi @@ -1329,8 +1355,13 @@ if [ "$OPENVPN" = "yes" ]; then openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048 fi if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf - wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf + wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf + else + wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf + wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf + fi wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf @@ -1340,8 +1371,13 @@ if [ "$OPENVPN" = "yes" ]; then wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf else - cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf - cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf + if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf + cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf + else + cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf + cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf + fi cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf @@ -1352,11 +1388,17 @@ if [ "$OPENVPN" = "yes" ]; then cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi mkdir -p /etc/openvpn/ccd + if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then + echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt + fi + if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then + echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt + fi chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - mptcpize enable openvpn@tun0 + mptcpize enable openvpn@tun0 2>&1 >/dev/null fi systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding2.service @@ -1474,7 +1516,7 @@ if [ "$DSVPN" = "yes" ]; then DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - mptcpize enable dsvpn-server@dsvpn0 + mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null fi fi @@ -1501,7 +1543,7 @@ if [ "$SOURCES" = "yes" ]; then if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz else - wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz fi tar xzf glorytun-0.0.35.tar.gz if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -1563,22 +1605,34 @@ if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in + wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass + wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in + wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in else cp ${DIR}/omr-service /usr/local/bin/omr-service cp ${DIR}/omr.service.in /lib/systemd/system/omr.service cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service + cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass + cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service + cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer + fi chmod 644 /lib/systemd/system/omr.service chmod 644 /lib/systemd/system/omr6in4@.service chmod 755 /usr/local/bin/omr-service chmod 755 /usr/local/bin/omr-6in4-run +chmod 644 /lib/systemd/system/omr-bypass.service +chmod 644 /lib/systemd/system/omr-bypass.timer +systemctl daemon-reload if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi systemctl enable omr6in4@user0.service systemctl enable omr.service +systemctl enable omr-bypass.timer +systemctl enable omr-bypass.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config @@ -1734,7 +1788,7 @@ if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' echo "OpenMPTCProuter Server $OMR_VERSION is now installed !" - echo '\033[4m\0331mSSH port: 65222 (instead of port 22)\033[0m' + echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m' if [ "$OMR_ADMIN" = "yes" ]; then echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' diff --git a/iperf3.override.conf b/iperf3.override.conf new file mode 100644 index 0000000..94edfcc --- /dev/null +++ b/iperf3.override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem \ No newline at end of file diff --git a/iperf3.service.in b/iperf3.service.in index 72d8094..03f7ff2 100644 --- a/iperf3.service.in +++ b/iperf3.service.in @@ -3,7 +3,7 @@ Description=iperf3 Requires=network.target [Service] -ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem +ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem Restart=on-failure [Install] diff --git a/omr-service b/omr-service index 3fa14a6..d35b011 100755 --- a/omr-service +++ b/omr-service @@ -67,12 +67,33 @@ _dsvpn() { } _shadowsocks() { - [ -n "$(systemctl -a | grep 'shadowsocks')" ] && [ -z "$(pgrep ss-server)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks" + [ -n "$(systemctl -a | grep 'shadowsocks-libev')" ] && [ -z "$(pgrep ss-server)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev" systemctl restart shadowsocks-libev-manager@manager } } +_shadowsocks_go() { + [ -n "$(systemctl -a | grep 'shadowsocks-go')" ] && [ -z "$(pgrep shadowsocks-go)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go" + systemctl restart shadowsocks-go + } +} + +_xray() { + [ -n "$(systemctl -a | grep 'xray')" ] && [ -z "$(pgrep xray)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart XRay" + systemctl restart xray + } +} + +_v2ray() { + [ -n "$(systemctl -a | grep 'v2ray')" ] && [ -z "$(pgrep v2ray)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart V2Ray" + systemctl restart v2ray + } +} + _wireguard() { if [ -n "$(systemctl -a | grep 'wg')" ]; then [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null @@ -161,6 +182,9 @@ while true; do _glorytun_udp _glorytun_tcp _shadowsocks + _shadowsocks_go + _xray + _v2ray _dsvpn _wireguard _multipath diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf new file mode 100644 index 0000000..9158040 --- /dev/null +++ b/openvpn-tun0.6.1.conf @@ -0,0 +1,32 @@ +topology subnet +dev tun0 +user nobody +group nogroup +data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 +disable-dco +proto tcp-server +port 65301 +persist-tun +persist-key +duplicate-cn +verb 3 +server 10.255.252.0 255.255.255.0 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 10 240 +txqueuelen 1000 +sndbuf 262144 +push "sndbuf 262144" +rcvbuf 262144 +push "rcvbuf 262144" +tun-mtu 1420 +tls-server +tls-version-min 1.2 +push "route 10.255.252.1 255.255.255.255" +client-config-dir ccd +ifconfig-pool-persist ccd/ipp_tcp.txt +passtos +management localhost 65302 diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf new file mode 100644 index 0000000..2f5f4d2 --- /dev/null +++ b/openvpn-tun1.6.1.conf @@ -0,0 +1,29 @@ +topology subnet +dev tun1 +data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 +proto udp +port 65301 +persist-tun +persist-key +duplicate-cn +verb 3 +server 10.255.250.0 255.255.255.0 +ca /etc/openvpn/ca/pki/ca.crt +cert /etc/openvpn/ca/pki/issued/server.crt +key /etc/openvpn/ca/pki/private/server.key +dh /etc/openvpn/server/dh2048.pem +crl-verify /etc/openvpn/ca/pki/crl.pem +keepalive 10 240 +txqueuelen 1000 +sndbuf 262144 +push "sndbuf 262144" +rcvbuf 262144 +push "rcvbuf 262144" +tun-mtu 1420 +tls-server +tls-version-min 1.2 +push "route 10.255.252.1 255.255.255.255" +client-config-dir ccd +#ifconfig-pool-persist ccd/ipp_udp.txt +fast-io +passtos diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf index 53f3bb0..d3cd55a 100644 --- a/shadowsocks.6.1.conf +++ b/shadowsocks.6.1.conf @@ -22,7 +22,7 @@ net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout -net.ipv4.tcp_fin_timeout = 80 +net.ipv4.tcp_fin_timeout = 30 # Increase max orphans net.ipv4.tcp_max_orphans = 16384 # short keepalive time diff --git a/shadowsocks.conf b/shadowsocks.conf index c270238..aa9587f 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -22,7 +22,7 @@ net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout -net.ipv4.tcp_fin_timeout = 80 +net.ipv4.tcp_fin_timeout = 30 # Increase max orphans net.ipv4.tcp_max_orphans = 16384 # short keepalive time diff --git a/xray-vless-reality.json b/xray-vless-reality.json new file mode 100644 index 0000000..ca1a9c6 --- /dev/null +++ b/xray-vless-reality.json @@ -0,0 +1,47 @@ +{ + "inbounds": [ + { + "port": 443, + "tag": "omrin-vless-reality", + "protocol": "vless", + "settings": { + "clients": [ + { + "id": "XRAY_UUID", + "flow": "xtls-rprx-vision" + } + ], + "decryption": "none" + }, + "streamSettings": { + "network": "tcp", + "security": "reality", + "realitySettings": { + "dest": "1.1.1.1:443", + "serverNames": [ + "" + ], + "privateKey": "XRAY_X25519_PRIVATE_KEY", + "publicKey": "XRAY_X25519_PUBLIC_KEY", + "shortIds": [ + "" + ] + }, + "sockopt": { + "tcpMptcp": true, + "mark": 0 + } + } + } + ], + "routing": { + "rules": [ + { + "type": "field", + "inboundTag": [ + "omrin-vless-reality" + ] + } + ] + } +} \ No newline at end of file diff --git a/xray.service b/xray.service index ca9d3c6..a1df9e4 100644 --- a/xray.service +++ b/xray.service @@ -1,6 +1,6 @@ [Unit] Description=XRay Service -Documentation=https://www.v2fly.org/ +Documentation=https://xtls.github.io/ After=network.target nss-lookup.target Wants=network-online.target From a9e217fb7ca6e0964ec7b5acd88fddd5038f10cf Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 9 Feb 2024 10:42:55 +0000 Subject: [PATCH 126/164] Add omr-bypass service --- omr-bypass | 82 +++++++++++++++++++++++++++++++++++++++++++ omr-bypass.service.in | 12 +++++++ omr-bypass.timer.in | 8 +++++ 3 files changed, 102 insertions(+) create mode 100755 omr-bypass create mode 100644 omr-bypass.service.in create mode 100644 omr-bypass.timer.in diff --git a/omr-bypass b/omr-bypass new file mode 100755 index 0000000..5aa8e02 --- /dev/null +++ b/omr-bypass @@ -0,0 +1,82 @@ +#!/bin/sh +# Copyright (C) 2023 Ycarus (Yannick Chabanois) for OpenMPTCProuter +# Released under GPL 3. See LICENSE for the full terms. + +[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0 + +# Configuration +INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" +[ "$INTERFACE" = "null" ] && INTERFACE="vpn1" +GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" +GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" +TABLE="991337" +MARK="0x539" + +CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')" +PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" +[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0 +jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp +mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json +# Action +ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null +ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null +ipset -q --exist restore <<-EOF +create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64 +create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64 +EOF +ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[]) +for ip in $ipv4; do + ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip +done +ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[]) +for ip in $ipv6; do + ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip +done +iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null +iptables-restore -w --wait=60 --noflush <<-EOF +*mangle +:omr-bypass - +-A PREROUTING -j omr-bypass +COMMIT +EOF +iptables-restore -w --wait=60 --noflush <<-EOF +*mangle +:omr-bypass-local - +-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local +COMMIT +EOF +iptables-restore -w --wait=60 --noflush <<-EOF +*mangle +-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} +-A omr-bypass -m mark --mark ${MARK} -j RETURN +-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} +-A omr-bypass-local -m mark --mark ${MARK} -j RETURN +COMMIT +EOF +ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 +ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE} +ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null +ip6tables-restore -w --wait=60 --noflush <<-EOF +*mangle +:omr-bypass - +-A PREROUTING -j omr-bypass +COMMIT +EOF +ip6tables-restore -w --wait=60 --noflush <<-EOF +*mangle +:omr-bypass-local - +-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local +COMMIT +EOF +ip6tables-restore -w --wait=60 --noflush <<-EOF +*mangle +-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} +-A omr-bypass -m mark --mark ${MARK} -j RETURN +-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} +-A omr-bypass-local -m mark --mark ${MARK} -j RETURN +COMMIT +EOF +if [ -n "$GATEWAY6" ]; then + ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 + ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE} +fi \ No newline at end of file diff --git a/omr-bypass.service.in b/omr-bypass.service.in new file mode 100644 index 0000000..0d49437 --- /dev/null +++ b/omr-bypass.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=OMR-ByPass +After=network.target network-online.target shorewall.service + +[Service] +Type=simple +ExecStart=/usr/local/bin/omr-bypass +KillSignal=9 +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW + +[Install] +WantedBy=multi-user.target diff --git a/omr-bypass.timer.in b/omr-bypass.timer.in new file mode 100644 index 0000000..85d7eb7 --- /dev/null +++ b/omr-bypass.timer.in @@ -0,0 +1,8 @@ +[Unit] +Description=Timer for omr-bypass + +[Timer] +OnUnitActiveSec=300 + +[Install] +WantedBy=timers.target From a5fc57038b3a03bb80be147f9f9a844a17bb22a1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 9 Feb 2024 10:52:04 +0000 Subject: [PATCH 127/164] Update omr-admin API and fix omr-bypass rights --- debian9-x86_64.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 06c044f..a776a12 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -67,8 +67,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="70e3403ba4344d5c5006f03f989c8024d0f4708b" -OMR_ADMIN_BINARY_VERSION="0.8+20231228" +OMR_ADMIN_VERSION="8451122349457737523d698579d0b567da4e89b0" +OMR_ADMIN_BINARY_VERSION="0.8+20240208" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -1621,6 +1621,7 @@ fi chmod 644 /lib/systemd/system/omr.service chmod 644 /lib/systemd/system/omr6in4@.service chmod 755 /usr/local/bin/omr-service +chmod 755 /usr/local/bin/omr-bypass chmod 755 /usr/local/bin/omr-6in4-run chmod 644 /lib/systemd/system/omr-bypass.service chmod 644 /lib/systemd/system/omr-bypass.timer From 0bd93fb5c8d01aea84303b001d7b6dfa26570b96 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 13 Feb 2024 14:08:52 +0000 Subject: [PATCH 128/164] Update omr-admin API script --- debian9-x86_64.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index a776a12..fdcc69d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -67,8 +67,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="8451122349457737523d698579d0b567da4e89b0" -OMR_ADMIN_BINARY_VERSION="0.8+20240208" +OMR_ADMIN_VERSION="0780292d156cd8c00cbc83e1ca7d1ff3fde7cf5c" +OMR_ADMIN_BINARY_VERSION="0.8+20240213" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -237,7 +237,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] VERSION_ID="11" fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then - echo "Update Debian 10 Stretch to Debian 11 Buster" + echo "Update Debian 11 Buster to Debian 12" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list From 001aa3be4df69ddb4ff5caed49579600212aad9f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 22 Feb 2024 17:31:57 +0000 Subject: [PATCH 129/164] Add kernel 6.6 support, allow to disable all proxy and VPNs, change IPv6 address in omr-pihole --- debian9-x86_64.sh | 576 +++++++++++++++++++++++++--------------------- omr-pihole.sh | 2 +- 2 files changed, 313 insertions(+), 265 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index fdcc69d..209b2a1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -6,8 +6,11 @@ # See /LICENSE for more information. # +KERNEL=${KERNEL:-5.4} UPSTREAM=${UPSTREAM:-no} +[ "$UPSTREAM" = "yes" ] && KERNEL="5.15" UPSTREAM6=${UPSTREAM6:-no} +[ "$UPSTREAM6" = "yes" ] && KERNEL="6.1" SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} @@ -19,6 +22,7 @@ V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} XRAY=${XRAY:-yes} XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID} +SHADOWSOCKS=${SHADOWSOCKS:-yes} SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes} PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)} UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)} @@ -36,7 +40,7 @@ OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} -if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" ]; then +if [ "$KERNEL" != "5.4" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} @@ -48,18 +52,20 @@ INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev KERNEL_VERSION="5.4.207" KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -if [ "$UPSTREAM" = "yes" ]; then +if [ "$KERNEL" = "5.15" ]; then KERNEL_VERSION="5.15.57" KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi -if [ "$UPSTREAM6" = "yes" ]; then +if [ "$KERNEL" = "6.1" ]; then KERNEL_VERSION="6.1.0" KERNEL_PACKAGE_VERSION="1.30" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" fi +GLORYTUN_UDP=${GLORYTUN_UDP:-yes} GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" +GLORYTUN_TCP=${GLORYTUN_TCP:-yes} GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" @@ -67,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="0780292d156cd8c00cbc83e1ca7d1ff3fde7cf5c" -OMR_ADMIN_BINARY_VERSION="0.8+20240213" +OMR_ADMIN_VERSION="a30f1f32461aefcdb47851d533439032af6e4b05" +OMR_ADMIN_BINARY_VERSION="0.9+20240222" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -126,12 +132,12 @@ fi echo "Check architecture..." ARCH=$(dpkg --print-architecture | tr -d "\n") -if [ "$UPSTREAM6" != "yes" ] && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then +if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then echo "Only x86_64 (amd64) is supported on this OS" exit 1 fi -if [ "$UPSTREAM6" != "yes" ]; then +if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then echo "Check virtualized environment" VIRT="$(systemd-detect-virt 2>/dev/null || true)" if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then @@ -225,7 +231,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 10 Stretch to Debian 11 Buster" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade @@ -236,7 +242,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="11" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 11 Buster to Debian 12" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade @@ -256,7 +262,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$UPSTREAM6" = "yes" ]; then +if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Ubuntu 20.04 to Ubuntu 22.04" apt-get -y -f --force-yes upgrade apt-get -y -f --force-yes dist-upgrade @@ -377,7 +383,7 @@ if [ -z "$(dpkg-query -l | grep grub)" ]; then echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub } fi -if [ "$UPSTREAM6" != "yes" ]; then +if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb @@ -418,6 +424,15 @@ if [ "$UPSTREAM6" != "yes" ]; then bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null +elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then + wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg + echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list + apt-get update + apt-get -y install linux-xanmod-x64v3 + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } else if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1) @@ -447,7 +462,7 @@ if [ "$IPERF" = "yes" ]; then echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv fi chown -Rf iperf3 /etc/iperf3 || true - systemctl enable iperf3.service + systemctl enable iperf3.service || true mkdir -p /etc/systemd/system/iperf3.service.d if [ "$LOCALFILES" = "no" ]; then wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf @@ -456,7 +471,7 @@ if [ "$IPERF" = "yes" ]; then fi fi -if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then +if [ "$KERNEL" != "5.4" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp @@ -496,89 +511,89 @@ if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then fi apt-get -y remove shadowsocks-libev - -if [ "$SOURCES" = "yes" ]; then - #apt -t stretch-backports -y install shadowsocks-libev - ## Compile Shadowsocks - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - cd /tmp - rm -rf shadowsocks-libev - git clone https://github.com/Ysurac/shadowsocks-libev.git - cd shadowsocks-libev - git checkout ${SHADOWSOCKS_VERSION} - git submodule update --init --recursive - #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch - #patch -p1 < 020-NOCRYPTO.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch - #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch - # Shadowsocks eBPF support - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch - #patch -p1 < 030-eBPF.patch - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev - #cd /tmp - #rm -rf libbpf - #git clone https://github.com/libbpf/libbpf.git - #cd libbpf - #if [ "$ID" = "debian" ]; then - # rm -f /var/lib/dpkg/lock - # apt -y -t stretch-backports install linux-libc-dev - #elif [ "$ID" = "ubuntu" ]; then - # rm -f /var/lib/dpkg/lock - # apt-get -y install linux-libc-dev - #fi - #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" - #cp /tmp/libbpf/src/libbpf.so /usr/lib - #cp /tmp/libbpf/src/*.h /usr/include/bpf - #cd /tmp - #rm -rf /tmp/libbpf - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev - apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc - sleep 1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - systemctl enable haveged - - if [ "$ID" = "debian" ]; then +if [ "$SHADOWSOCKS" = "yes" ]; then + if [ "$SOURCES" = "yes" ]; then + #apt -t stretch-backports -y install shadowsocks-libev + ## Compile Shadowsocks + #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz + cd /tmp + rm -rf shadowsocks-libev + git clone https://github.com/Ysurac/shadowsocks-libev.git + cd shadowsocks-libev + git checkout ${SHADOWSOCKS_VERSION} + git submodule update --init --recursive + #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz + #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} + #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch + #patch -p1 < 020-NOCRYPTO.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch + #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch + # Shadowsocks eBPF support + #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch + #patch -p1 < 030-eBPF.patch + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev + #cd /tmp + #rm -rf libbpf + #git clone https://github.com/libbpf/libbpf.git + #cd libbpf + #if [ "$ID" = "debian" ]; then + # rm -f /var/lib/dpkg/lock + # apt -y -t stretch-backports install linux-libc-dev + #elif [ "$ID" = "ubuntu" ]; then + # rm -f /var/lib/dpkg/lock + # apt-get -y install linux-libc-dev + #fi + #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" + #cp /tmp/libbpf/src/libbpf.so /usr/lib + #cp /tmp/libbpf/src/*.h /usr/include/bpf + #cd /tmp + #rm -rf /tmp/libbpf rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - if [ "$VERSION_ID" = "9" ]; then - apt -y -t stretch-backports install libsodium-dev - else - apt -y install libsodium-dev + apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev + apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc + sleep 1 + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + systemctl enable haveged + if [ "$ID" = "debian" ]; then + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + if [ "$VERSION_ID" = "9" ]; then + apt -y -t stretch-backports install libsodium-dev + else + apt -y install libsodium-dev + fi + elif [ "$ID" = "ubuntu" ]; then + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get -y install libsodium-dev fi - elif [ "$ID" = "ubuntu" ]; then + #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - apt-get -y install libsodium-dev + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg-buildpackage -b -us -uc 2>&1 >/dev/null + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + cd /tmp + #dpkg -i shadowsocks-libev_*.deb + dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null + #mkdir -p /usr/lib/shadowsocks-libev + #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev + #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + rm -rf /tmp/shadowsocks-libev + else + apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi - #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg-buildpackage -b -us -uc 2>&1 >/dev/null - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - cd /tmp - #dpkg -i shadowsocks-libev_*.deb - dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null - #mkdir -p /usr/lib/shadowsocks-libev - #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - rm -rf /tmp/shadowsocks-libev -else - apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi # Load BBR Congestion module at boot time @@ -586,7 +601,7 @@ if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi -if [ "$UPSTREAM" != "yes" ] && [ "$UPSTREAM6" != "yes" ]; then +if [ "$KERNEL" = "5.4" ]; then # Load OLIA Congestion module at boot time if ! grep -q olia /etc/modules ; then echo mptcp_olia >> /etc/modules @@ -706,7 +721,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then fi mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf - [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn + #[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn + [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in @@ -764,7 +780,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" != "5.4" ]; then mptcpize enable omr-admin.service 2>&1 >/dev/null [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null fi @@ -772,74 +788,75 @@ fi # Get shadowsocks optimization if [ "$LOCALFILES" = "no" ]; then - if [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf else wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf fi else - if [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf else cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf fi fi -if [ "$update" != 0 ]; then - if [ ! -f /etc/shadowsocks-libev/manager.json ]; then - SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') - else - SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') +if [ "$SHADOWSOCKS" = "yes" ]; then + if [ "$update" != 0 ]; then + if [ ! -f /etc/shadowsocks-libev/manager.json ]; then + SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') + elif [ -f /etc/shadowsocks-libev/manager.json ]; then + SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') + fi fi -fi -# Install shadowsocks config and add a shadowsocks by CPU -if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json - else - cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json - fi - SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') - if [ "$NBCPU" -gt "1" ]; then - for i in $(seq 2 NBCPU); do + # Install shadowsocks config and add a shadowsocks by CPU + if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json + else + cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json + fi + SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') + if [ "$NBCPU" -gt "1" ]; then + for i in $(seq 2 NBCPU); do + sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json + done + fi + #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json + sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json + [ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json + elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then + for i in $(seq 2 $NBCPU); do sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json done + sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json + fi + [ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl + #sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json + #sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in + else + cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service + fi + if systemctl -q is-enabled shadowsocks-libev; then + systemctl -q disable shadowsocks-libev + fi + [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service + systemctl enable shadowsocks-libev-manager@manager.service + if [ $NBCPU -gt 1 ]; then + for i in $(seq 1 $NBCPU); do + [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service + done + fi + if systemctl -q is-active shadowsocks-libev-manager@manager; then + systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi - #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json - sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json - [ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json -elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then - for i in $(seq 2 $NBCPU); do - sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json - done - sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json -fi -[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl -#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json -#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service -if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in -else - cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service -fi -if systemctl -q is-enabled shadowsocks-libev; then - systemctl -q disable shadowsocks-libev -fi -[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service -systemctl enable shadowsocks-libev-manager@manager.service -if [ $NBCPU -gt 1 ]; then - for i in $(seq 1 $NBCPU); do - [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service - done fi if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf fi -if systemctl -q is-active shadowsocks-libev-manager@manager; then - systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 -fi - if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update @@ -917,7 +934,7 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then fi fi -if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then +if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi @@ -1015,7 +1032,7 @@ if [ "$V2RAY" = "yes" ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json #fi - if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then + if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json fi rm -f /etc/v2ray/config.json @@ -1355,7 +1372,7 @@ if [ "$OPENVPN" = "yes" ]; then openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048 fi if [ "$LOCALFILES" = "no" ]; then - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" != "5.4" ]; then wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf else @@ -1371,7 +1388,7 @@ if [ "$OPENVPN" = "yes" ]; then wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf else - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" != "5.4" ]; then cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf else @@ -1397,7 +1414,7 @@ if [ "$OPENVPN" = "yes" ]; then chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" != "5.4" ]; then mptcpize enable openvpn@tun0 2>&1 >/dev/null fi systemctl enable openvpn@bonding1.service @@ -1415,61 +1432,63 @@ echo 'Glorytun UDP' if systemctl -q is-active glorytun-udp@tun0.service; then systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1 fi -if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun - apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config - rm -rf /tmp/glorytun-udp - cd /tmp - git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp - cd /tmp/glorytun-udp - git checkout ${GLORYTUN_UDP_VERSION} - git submodule update --init --recursive - meson build - ninja -C build install - sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network - rm /lib/systemd/system/glorytun* - rm /lib/systemd/network/glorytun* - if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run +if [ "$GLORYTUN_UDP" = "yes" ]; then + if [ "$SOURCES" = "yes" ]; then + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + rm -f /usr/bin/glorytun + apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config + rm -rf /tmp/glorytun-udp + cd /tmp + git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp + cd /tmp/glorytun-udp + git checkout ${GLORYTUN_UDP_VERSION} + git submodule update --init --recursive + meson build + ninja -C build install + sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network + rm /lib/systemd/system/glorytun* + rm /lib/systemd/network/glorytun* + if [ "$LOCALFILES" = "no" ]; then + wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run + else + cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run + fi + chmod 755 /usr/local/bin/glorytun-udp-run + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in + else + cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service + fi + chmod 644 /lib/systemd/system/glorytun-udp@.service + #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network + rm -f /lib/systemd/network/glorytun-udp.network + mkdir -p /etc/glorytun-udp + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh + wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp + else + cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh + cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 + fi + chmod 755 /etc/glorytun-udp/post.sh + if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key + elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then + cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key + fi + systemctl enable glorytun-udp@tun0.service + systemctl enable systemd-networkd.service + cd /tmp + rm -rf /tmp/glorytun-udp else - cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run + rm -f /usr/local/bin/glorytun + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} + chmod 644 /lib/systemd/system/glorytun-udp@.service + GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi - chmod 755 /usr/local/bin/glorytun-udp-run - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in - else - cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service - fi - chmod 644 /lib/systemd/system/glorytun-udp@.service - #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network - rm -f /lib/systemd/network/glorytun-udp.network - mkdir -p /etc/glorytun-udp - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh - wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp - else - cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh - cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 - fi - chmod 755 /etc/glorytun-udp/post.sh - if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key - elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then - cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key - fi - systemctl enable glorytun-udp@tun0.service - systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-udp -else - rm -f /usr/local/bin/glorytun - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} - chmod 644 /lib/systemd/system/glorytun-udp@.service - GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" + [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 fi -[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 # Add chrony for time sync @@ -1515,7 +1534,7 @@ if [ "$DSVPN" = "yes" ]; then chmod 644 /lib/systemd/system/dsvpn-server@.service DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then + if [ "$KERNEL" != "5.4" ]; then mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null fi fi @@ -1524,58 +1543,60 @@ fi if systemctl -q is-active glorytun-tcp@tun0.service; then systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1 fi -if [ "$SOURCES" = "yes" ]; then - if [ "$ID" = "debian" ]; then - if [ "$VERSION_ID" = "9" ]; then - apt -t stretch-backports -y install libsodium-dev - else - apt -y install libsodium-dev +if [ "$GLORYTUN_TCP" = "yes" ]; then + if [ "$SOURCES" = "yes" ]; then + if [ "$ID" = "debian" ]; then + if [ "$VERSION_ID" = "9" ]; then + apt -t stretch-backports -y install libsodium-dev + else + apt -y install libsodium-dev + fi + elif [ "$ID" = "ubuntu" ]; then + apt-get -y install libsodium-dev fi - elif [ "$ID" = "ubuntu" ]; then - apt-get -y install libsodium-dev - fi - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun-tcp - apt-get -y install build-essential pkg-config autoconf automake - rm -rf /tmp/glorytun-0.0.35 - cd /tmp - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + rm -f /usr/bin/glorytun-tcp + apt-get -y install build-essential pkg-config autoconf automake + rm -rf /tmp/glorytun-0.0.35 + cd /tmp + if [ "$KERNEL" != "5.4" ]; then + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz + else + wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + fi + tar xzf glorytun-0.0.35.tar.gz + if [ "$KERNEL" != "5.4" ]; then + mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 + fi + cd glorytun-0.0.35 + ./autogen.sh + ./configure + make + cp glorytun /usr/local/bin/glorytun-tcp + wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run + chmod 755 /usr/local/bin/glorytun-tcp-run + wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in + #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network + chmod 644 /lib/systemd/system/glorytun-tcp@.service + rm -f /lib/systemd/network/glorytun-tcp.network + mkdir -p /etc/glorytun-tcp + wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh + chmod 755 /etc/glorytun-tcp/post.sh + wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun + if [ "$update" = "0" ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key + fi + systemctl enable glorytun-tcp@tun0.service + #systemctl enable systemd-networkd.service + cd /tmp + rm -rf /tmp/glorytun-0.0.35 else - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + rm -f /usr/local/bin/glorytun-tcp + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} fi - tar xzf glorytun-0.0.35.tar.gz - if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 - fi - cd glorytun-0.0.35 - ./autogen.sh - ./configure - make - cp glorytun /usr/local/bin/glorytun-tcp - wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run - chmod 755 /usr/local/bin/glorytun-tcp-run - wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in - #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network - chmod 644 /lib/systemd/system/glorytun-tcp@.service - rm -f /lib/systemd/network/glorytun-tcp.network - mkdir -p /etc/glorytun-tcp - wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh - chmod 755 /etc/glorytun-tcp/post.sh - wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun - if [ "$update" = "0" ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key - fi - systemctl enable glorytun-tcp@tun0.service - #systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-0.0.35 -else - rm -f /usr/local/bin/glorytun-tcp - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} + [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 fi -[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 # Load tun module at boot time @@ -1849,14 +1870,26 @@ if [ "$update" = "0" ]; then # Save info in file cat > /root/openmptcprouter_config.txt <<-EOF SSH port: 65222 (instead of port 22) - Shadowsocks port: 65101 - Shadowsocks encryption: chacha20 - Your shadowsocks key: ${SHADOWSOCKS_PASS} - Your shadowsocks 2022 key: ${PSK}:${UPSK} - Glorytun port: 65001 - Glorytun encryption: chacha20 - Your glorytun key: ${GLORYTUN_PASS} EOF + if [ "$SHADOWSOCKS" = "yes" ]; then + cat >> /root/openmptcprouter_config.txt <<-EOF + Shadowsocks port: 65101 + Shadowsocks encryption: chacha20 + Your shadowsocks key: ${SHADOWSOCKS_PASS} + EOF + fi + if [ "$SHADOWSOCKS_GO" = "yes" ]; then + cat >> /root/openmptcprouter_config.txt <<-EOF + Your shadowsocks 2022 key: ${PSK}:${UPSK} + EOF + fi + if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then + cat >> /root/openmptcprouter_config.txt <<-EOF + Glorytun port: 65001 + Glorytun encryption: chacha20 + Your glorytun key: ${GLORYTUN_PASS} + EOF + fi if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF A Dead Simple VPN port: 65401 @@ -1882,7 +1915,7 @@ if [ "$update" = "0" ]; then Your OpenMPTCProuter Server username: openmptcprouter EOF fi - systemctl -q restart sshd + #systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" @@ -1910,18 +1943,27 @@ else systemctl -q restart v2ray echo 'done' fi + if [ "$XRAY" = "yes" ]; then + echo 'Restarting xray...' + systemctl -q restart xray + echo 'done' + fi if [ "$DSVPN" = "yes" ]; then echo 'Restarting dsvpn...' systemctl -q start dsvpn-server@dsvpn0 || true systemctl -q restart 'dsvpn-server@*' || true echo 'done' fi - echo 'Restarting glorytun...' - systemctl -q start glorytun-tcp@tun0 || true - systemctl -q restart 'glorytun-tcp@*' || true - systemctl -q start glorytun-udp@tun0 || true - systemctl -q restart 'glorytun-udp@*' || true - echo 'done' + if [ "$GLORYTUN_TCP" = "yes" ]; then + echo 'Restarting glorytun tcp...' + systemctl -q start glorytun-tcp@tun0 || true + systemctl -q restart 'glorytun-tcp@*' || true + fi + if [ "$GLORYTUN_UDP" = "yes" ]; then + systemctl -q start glorytun-udp@tun0 || true + systemctl -q restart 'glorytun-udp@*' || true + echo 'done' + fi echo 'Restarting omr6in4...' systemctl -q start omr6in4@user0 || true systemctl -q restart omr6in4@* || true @@ -1963,13 +2005,19 @@ else echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi echo 'Apply latest sysctl...' - sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 + sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true echo 'done' echo 'Restarting omr...' systemctl -q restart omr echo 'done' - echo 'Restarting shadowsocks...' - systemctl -q restart shadowsocks-libev-manager@manager + if [ "$SHADOWSOCKS" = "yes" ]; then + echo 'Restarting shadowsocks...' + systemctl -q restart shadowsocks-libev-manager@manager + fi + if [ "$SHADOWSOCKS_GO" = "yes" ]; then + echo 'Restarting shadowsocks-go...' + systemctl -q restart shadowsocks-go + fi # if [ $NBCPU -gt 1 ]; then # for i in $NBCPU; do # systemctl restart shadowsocks-libev-server@config$i diff --git a/omr-pihole.sh b/omr-pihole.sh index a32acfb..b8b0c27 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -37,7 +37,7 @@ mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf cat >> /etc/pihole/setupVars.conf <<-EOF PIHOLE_INTERFACE=gt-tun0 IPV4_ADDRESS=10.255.0.0/16 -IPV6_ADDRESS=fe80::aff:ff01/64 +IPV6_ADDRESS=fd00::a00:/106 RATE_LIMIT=0/0 EOF From b4d8f5551c1589e2b404f76e643c17a1dd739649 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 26 Feb 2024 14:28:12 +0000 Subject: [PATCH 130/164] Add some allow-downgrades to fix error in some install with kernel 6.1 --- debian9-x86_64.sh | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 209b2a1..976ecb2 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -110,6 +110,12 @@ export DEBIAN_FRONTEND=noninteractive echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi +# Check Kernel +if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then + echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported" + exit 1 +fi + # Check Linux version echo "Check Linux version..." if test -f /etc/os-release ; then @@ -223,8 +229,8 @@ apt-get -y install apt-transport-https gnupg openssh-server #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 9 Stretch to Debian 10 Buster" - apt-get -y -f --force-yes upgrade - apt-get -y -f --force-yes dist-upgrade + apt-get -y -f --force-yes --allow-downgrades upgrade + apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade @@ -233,8 +239,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 10 Stretch to Debian 11 Buster" - apt-get -y -f --force-yes upgrade - apt-get -y -f --force-yes dist-upgrade + apt-get -y -f --force-yes --allow-downgrades upgrade + apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:buster:bullseye:g' /etc/apt/sources.list sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change @@ -244,8 +250,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 11 Buster to Debian 12" - apt-get -y -f --force-yes upgrade - apt-get -y -f --force-yes dist-upgrade + apt-get -y -f --force-yes --allow-downgrades upgrade + apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade @@ -254,8 +260,8 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Ubuntu 18.04 to Ubuntu 20.04" - apt-get -y -f --force-yes upgrade - apt-get -y -f --force-yes dist-upgrade + apt-get -y -f --force-yes --allow-downgrades upgrade + apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:bionic:focal:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade @@ -264,8 +270,8 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Ubuntu 20.04 to Ubuntu 22.04" - apt-get -y -f --force-yes upgrade - apt-get -y -f --force-yes dist-upgrade + apt-get -y -f --force-yes --allow-downgrades upgrade + apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:focal:jammy:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade @@ -691,7 +697,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then pip3 -q install uvloop fi else - apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop + apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi fi apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen @@ -756,7 +762,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} + apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ fi From 2b99a77d1a7c1c3736a1328e0b7b50a4b5575990 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 1 Mar 2024 19:03:24 +0000 Subject: [PATCH 131/164] Update omr-admin --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 976ecb2..9860a02 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -73,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="a30f1f32461aefcdb47851d533439032af6e4b05" -OMR_ADMIN_BINARY_VERSION="0.9+20240222" +OMR_ADMIN_VERSION="7adb6dd1083420fa3bff20f3d58aa36d30e36e3c" +OMR_ADMIN_BINARY_VERSION="0.9+20240301" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" From 96775408d7d40e917f190cf9d60744f0bcb83fdb Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Mar 2024 08:16:15 +0000 Subject: [PATCH 132/164] Update omr-admin script and fix on openvpn --- debian9-x86_64.sh | 7 ++++--- openvpn-tun0.6.1.conf | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 9860a02..02c495d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -73,8 +73,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="7adb6dd1083420fa3bff20f3d58aa36d30e36e3c" -OMR_ADMIN_BINARY_VERSION="0.9+20240301" +OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df" +OMR_ADMIN_BINARY_VERSION="0.9+20240324" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -1869,8 +1869,9 @@ if [ "$update" = "0" ]; then echo '====================================================================================' echo '\033[1m /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m' echo '------------------------------------------------------------------------------------' - echo ' After reboot, check with uname -a that the kernel name contain mptcp.' + echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.' echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub' + echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.' echo '====================================================================================' # Save info in file diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf index 9158040..0aff68b 100644 --- a/openvpn-tun0.6.1.conf +++ b/openvpn-tun0.6.1.conf @@ -29,4 +29,4 @@ push "route 10.255.252.1 255.255.255.255" client-config-dir ccd ifconfig-pool-persist ccd/ipp_tcp.txt passtos -management localhost 65302 +management 127.0.0.1 65302 From 1ab5d977ded12de9266499577815cffe8a8f3540 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Apr 2024 12:57:02 +0000 Subject: [PATCH 133/164] Fix route in openvpn MPTCP over VPN --- openvpn-tun1.6.1.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf index 2f5f4d2..a89b527 100644 --- a/openvpn-tun1.6.1.conf +++ b/openvpn-tun1.6.1.conf @@ -22,7 +22,7 @@ push "rcvbuf 262144" tun-mtu 1420 tls-server tls-version-min 1.2 -push "route 10.255.252.1 255.255.255.255" +push "route 10.255.250.1 255.255.255.255" client-config-dir ccd #ifconfig-pool-persist ccd/ipp_udp.txt fast-io From 90d327abbeb7e3284fff1aef19a92516d00d2adf Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Apr 2024 12:58:45 +0000 Subject: [PATCH 134/164] Test for Debian 6.6 official kernel when not on x86_64 --- debian9-x86_64.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 02c495d..7106c3a 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -439,6 +439,14 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 } +elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then + echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list + apt-get update + apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1) + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } else if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1) From 103e508dd7e5e5e4495dc0e43f97e28510ea00c7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Apr 2024 17:28:22 +0000 Subject: [PATCH 135/164] Change in master branch --- debian9-x86_64.sh | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 23d2f9e..9a53ac7 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -61,8 +61,10 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="f9fb6aa0a65e8e20950977bda970c90012f830d7" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4" -OMR_ADMIN_BINARY_VERSION="0.3+20230709" +#OMR_ADMIN_VERSION="ef57968ea44020cf693aa671c3e9f51387efb0b4" +#OMR_ADMIN_BINARY_VERSION="0.3+20230718" +OMR_ADMIN_VERSION="c4374c28594517231190e320020cb20d9dd1bcb2" +OMR_ADMIN_BINARY_VERSION="0.3+20230823" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="4.43.0" @@ -581,11 +583,11 @@ if [ "$OMR_ADMIN" = "yes" ]; then #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U pip3 -q install netjsonconfig - if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then - pip3 -q install fastapi==0.99.1 -U - else - pip3 -q install fastapi -U - fi +# if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ])); then + pip3 -q install fastapi==0.99.1 -U +# else +# pip3 -q install fastapi -U +# fi pip3 -q install jsonschema -U pip3 -q install python-multipart jinja2 -U pip3 -q install starlette From c13a84dc6bf06a32c08de88f260fc75dea0077aa Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 10 Apr 2024 17:35:43 +0000 Subject: [PATCH 136/164] Update changelog --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index ef7d9d2..db2a6a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +omr-server (0.1030) unstable; urgency=medium + + * Many changes + + -- OpenMPTCProuter Wed, 10 Apr 2024 19:35:34 +0200 + omr-server (0.1028) unstable; urgency=medium * Many changes From efdb9e3ef7f4275b1eafbce7fe90c98a52a772ea Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sun, 14 Apr 2024 17:01:13 +0000 Subject: [PATCH 137/164] Fixes on script --- debian9-x86_64.sh | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 7106c3a..021782d 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -91,13 +91,13 @@ SHADOWSOCKS_BINARY_VERSION="3.3.5-3" SHADOWSOCKS_GO_VERSION="1.8.0" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server-test" +VPSPATH="server" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1029-test" +OMR_VERSION="0.1030" DIR=$( pwd ) #" @@ -229,33 +229,33 @@ apt-get -y install apt-transport-https gnupg openssh-server #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 9 Stretch to Debian 10 Buster" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="10" fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then - echo "Update Debian 10 Stretch to Debian 11 Buster" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade + echo "Update Debian 10 Buster to Debian 11 Bullseye" + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade sed -i 's:buster:bullseye:g' /etc/apt/sources.list sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="11" fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then - echo "Update Debian 11 Buster to Debian 12" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade + echo "Update Debian 11 Bullseye to Debian 12 Bookworm" + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="12" fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then @@ -349,7 +349,7 @@ if [ "$ID" = "debian" ]; then echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi # Add buster-backports repo - echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list + echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list if [ "$VERSION_ID" = "12" ]; then echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list fi From 172c0461be5b3cbd8e47108ef975abf7b9287a0a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Apr 2024 07:39:29 +0000 Subject: [PATCH 138/164] Add changes from master branch and create a new test script --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 021782d..6d4e85c 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -91,13 +91,13 @@ SHADOWSOCKS_BINARY_VERSION="3.3.5-3" SHADOWSOCKS_GO_VERSION="1.8.0" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server" +VPSPATH="server-test" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1030" +OMR_VERSION="0.1031-test" DIR=$( pwd ) #" From 1cc3bda15802aaec2b38dfc2aed2267aaa54176d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Apr 2024 15:02:32 +0000 Subject: [PATCH 139/164] Add support for a specific interface for IPv6 --- debian9-x86_64.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6d4e85c..32f531c 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -49,6 +49,7 @@ SPEEDTEST=${SPEEDTEST:-yes} IPERF=${IPERF:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} +INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} KERNEL_VERSION="5.4.207" KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" @@ -1699,7 +1700,7 @@ if [ "$update" = "0" ]; then fi tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz - sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* systemctl enable shorewall6 else # Update only needed firewall files @@ -1731,7 +1732,7 @@ else sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules - sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* if [ "$LOCALFILES" = "no" ]; then rm -rf ${DIR}/shorewall4 rm -rf ${DIR}/shorewall6 From 49390c7277eb0c25202ff279a50bcb1c3030d165 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 15 Apr 2024 15:03:24 +0000 Subject: [PATCH 140/164] Fix buster backports for existing install --- debian9-x86_64.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 021782d..177115e 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -215,6 +215,7 @@ echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock +rm -f /etc/apt/sources.list.d/buster-backports.list if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then apt-get update else From 70a240a396d91a01f6a8cfc9d65556ac5fee88a1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 4 Jul 2024 09:45:34 +0000 Subject: [PATCH 141/164] Update to latest changes --- debian9-x86_64.sh | 68 +++++++++++++++++++++++------------- omr-service | 80 +++++++++++++++++++++---------------------- openvpn-tun0.6.1.conf | 2 +- openvpn-tun1.6.1.conf | 2 +- 4 files changed, 87 insertions(+), 65 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 5a66064..57a9ec1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -44,6 +44,7 @@ if [ "$KERNEL" != "5.4" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} +GRETUNNELS=${GRETUNNELS:-yes} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} IPERF=${IPERF:-yes} @@ -74,8 +75,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df" -OMR_ADMIN_BINARY_VERSION="0.9+20240324" +OMR_ADMIN_VERSION="21d071ebece556f3114c18ed9e86414ea6c85e1c" +OMR_ADMIN_BINARY_VERSION="0.11+20240704" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -202,7 +203,7 @@ fi # Force update key [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" - apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' 2>&1 >/dev/null + apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' >/dev/null 2>&1 if [ "$CHINA" = "yes" ]; then #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg @@ -431,12 +432,22 @@ if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} - [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null + [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg >/dev/null 2>&1 elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then - wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg - echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list - apt-get update - apt-get -y install linux-xanmod-x64v3 + # awk command from xanmod website + PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") + KERNEL_VERSION="6.6.36" + KERNEL_REV="0~20240628.g36640c1" + wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + +# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg +# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list +# apt-get update +# apt-get -y install linux-xanmod-lts-x64v3 [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 @@ -444,14 +455,16 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list apt-get update - apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1) + latestkernel=$(apt-cache search linux-image-6.6 | grep -v headers | grep -v dbg | grep -v rt | tail -n 1 | cut -d" " -f1) + latestkernelheaders=$(echo $latestkernel | sed 's/image/headers/g') + apt-get -y install $latestkernel $latestkernelheaders [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 } else if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then - apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1) + apt-get -y install $(apt-cache search linux-image-unsigned-6.1 | tail -n 1 | cut -d" " -f1) fi [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 @@ -468,7 +481,7 @@ if [ "$IPERF" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 #chmod 644 /lib/systemd/system/iperf3.service echo "Install iperf3" - [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null + [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1 apt-get -y install iperf3 if [ ! -f "/etc/iperf3/private.pem" ]; then mkdir -p /etc/iperf3 @@ -487,6 +500,10 @@ if [ "$IPERF" = "yes" ]; then fi fi +rm -f /var/lib/dpkg/lock +rm -f /var/lib/dpkg/lock-frontend + + if [ "$KERNEL" != "5.4" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential @@ -515,8 +532,10 @@ if [ "$KERNEL" != "5.4" ]; then fi rm -rf iproute2 - echo "MPTCPize iperf3..." - mptcpize enable iperf3 2>&1 >/dev/null + if [ "$ID" = "debian" ]; then + echo "MPTCPize iperf3..." + mptcpize enable iperf3 >/dev/null 2>&1 + fi #if [ "$UPSTREAM6" = "yes" ]; then # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg @@ -594,15 +613,15 @@ if [ "$SHADOWSOCKS" = "yes" ]; then #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1 rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - dpkg-buildpackage -b -us -uc 2>&1 >/dev/null + dpkg-buildpackage -b -us -uc >/dev/null 2>&1 rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend cd /tmp #dpkg -i shadowsocks-libev_*.deb - dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null + dpkg -i omr-shadowsocks-libev_*.deb >/dev/null 2>&1 #mkdir -p /usr/lib/shadowsocks-libev #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} @@ -789,6 +808,9 @@ if [ "$OMR_ADMIN" = "yes" ]; then [ "$NOINTERNET" = "yes" ] && { sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } + [ "$GRETUNNELS" = "no" ] && { + sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + } chmod 644 /lib/systemd/system/omr-admin.service chmod 644 /lib/systemd/system/omr-admin-ipv6.service #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py @@ -797,8 +819,8 @@ if [ "$OMR_ADMIN" = "yes" ]; then } systemctl enable omr-admin.service if [ "$KERNEL" != "5.4" ]; then - mptcpize enable omr-admin.service 2>&1 >/dev/null - [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null + mptcpize enable omr-admin.service >/dev/null 2>&1 + [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 fi fi @@ -1374,7 +1396,7 @@ if [ "$OPENVPN" = "yes" ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca - ./easyrsa --batch init-pki 2>&1 >/dev/null + ./easyrsa --batch init-pki >/dev/null 2>&1 ./easyrsa --batch build-ca nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass @@ -1431,7 +1453,7 @@ if [ "$OPENVPN" = "yes" ]; then systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service if [ "$KERNEL" != "5.4" ]; then - mptcpize enable openvpn@tun0 2>&1 >/dev/null + mptcpize enable openvpn@tun0 >/dev/null 2>&1 fi systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding2.service @@ -1551,7 +1573,7 @@ if [ "$DSVPN" = "yes" ]; then DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi if [ "$KERNEL" != "5.4" ]; then - mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null + mptcpize enable dsvpn-server@dsvpn0 >/dev/null 2>&1 fi fi @@ -1770,7 +1792,7 @@ if [ "$TLS" = "yes" ]; then #[ "$(shorewall status | grep stopped)" = "" ] && shorewall open all all tcp 443 curl https://get.acme.sh | sh systemctl -q restart shorewall - ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null + ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 >/dev/null 2>&1' --post-hook 'shorewall close all all tcp 443 >/dev/null 2>&1' >/dev/null 2>&1 set -e if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then rm -f /etc/openmptcprouter-vps-admin/cert.pem @@ -1818,7 +1840,7 @@ else fi if [ "$SOURCES" != "yes" ]; then - apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true + apt-get -y install omr-server=${OMR_VERSION} >/dev/null 2>&1 || true rm -f /etc/openmtpcprouter-vps-admin/update-bin fi diff --git a/omr-service b/omr-service index d35b011..be312e1 100755 --- a/omr-service +++ b/omr-service @@ -7,13 +7,13 @@ _multipath() { for intf in `ls -1 /sys/class/net`; do if [ "$intf" != "bonding_masters" ]; then if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then - [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on 2>&1 >/dev/null + [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1 [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { - multipath $intf signal 2>&1 >/dev/null - ip mptcp limits set subflows 8 add_addr_accepted 8 2>&1 >/dev/null + multipath $intf signal >/dev/null 2>&1 + ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1 } else - [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off 2>&1 >/dev/null + [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1 fi fi done @@ -29,7 +29,7 @@ _glorytun_udp() { for intf in /etc/glorytun-udp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} done - #ip link set mtu 9000 dev gt-udp-tun0 2>&1 >/dev/null + #ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1 fi } @@ -48,12 +48,12 @@ _glorytun_tcp() { sleep 10 fi fi - #ip link set mtu 9000 dev gt-tun0 2>&1 >/dev/null + #ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1 fi } _dsvpn() { - [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null + [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1 if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" [ -z "$localip" ] && localip="10.255.251.1" @@ -62,7 +62,7 @@ _dsvpn() { logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" systemctl restart dsvpn-server@dsvpn0 fi - #ip link set mtu 9000 dev dsvpn0 2>&1 >/dev/null + #ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1 fi } @@ -96,8 +96,8 @@ _v2ray() { _wireguard() { if [ -n "$(systemctl -a | grep 'wg')" ]; then - [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 2>&1 >/dev/null - [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 2>&1 >/dev/null + [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1 + [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1 fi } @@ -119,7 +119,7 @@ _lan_route() { while IFS=$"\n" read -r d; do if [ "$d" != "" ]; then network=$(ipcalc -n $d | grep Network | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 fi done fi @@ -135,11 +135,11 @@ _gre_tunnels() { . "$(readlink -f "$intf")" iface="$(basename $intf)" if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then - [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface 2>&1 >/dev/null - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR 2>&1 >/dev/null - ip link set $iface up 2>&1 >/dev/null - ip addr add $LOCALIP dev $iface 2>&1 >/dev/null - ip route add $NETWORK dev $iface onlink 2>&1 >/dev/null + [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1 + ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1 + ip link set $iface up >/dev/null 2>&1 + ip addr add $LOCALIP dev $iface >/dev/null 2>&1 + ip route add $NETWORK dev $iface onlink >/dev/null 2>&1 fi fi done @@ -148,33 +148,33 @@ _gre_tunnels() { _openvpn_bonding() { if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then - echo 0 > /sys/class/net/omr-bonding/bonding/mode 2>&1 >/dev/null - ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding1 up 2>&1 >/dev/null - ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding2 up 2>&1 >/dev/null - ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding3 up 2>&1 >/dev/null - ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding4 up 2>&1 >/dev/null - ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding5 up 2>&1 >/dev/null - ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding6 up 2>&1 >/dev/null - ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding7 up 2>&1 >/dev/null - ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null - ip link set ovpnbonding8 up 2>&1 >/dev/null - ip link set omr-bonding up mtu 1440 2>&1 >/dev/null - ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null - ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null - ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null + echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1 + ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding1 up >/dev/null 2>&1 + ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding2 up >/dev/null 2>&1 + ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding3 up >/dev/null 2>&1 + ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding4 up >/dev/null 2>&1 + ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding5 up >/dev/null 2>&1 + ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding6 up >/dev/null 2>&1 + ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding7 up >/dev/null 2>&1 + ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1 + ip link set ovpnbonding8 up >/dev/null 2>&1 + ip link set omr-bonding up mtu 1440 >/dev/null 2>&1 + ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1 + ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1 + ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1 fi } -sysctl -p /etc/sysctl.d/90-shadowsocks.conf 2>&1 >/dev/null -modprobe bonding 2>&1 >/dev/null -ip link add omr-bonding type bond 2>&1 >/dev/null +sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1 +modprobe bonding >/dev/null 2>&1 +ip link add omr-bonding type bond >/dev/null 2>&1 #[ -n "$(uname -r | grep '6.1')" ] && { # stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & #} diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf index 0aff68b..6198b64 100644 --- a/openvpn-tun0.6.1.conf +++ b/openvpn-tun0.6.1.conf @@ -8,7 +8,7 @@ proto tcp-server port 65301 persist-tun persist-key -duplicate-cn +#duplicate-cn verb 3 server 10.255.252.0 255.255.255.0 ca /etc/openvpn/ca/pki/ca.crt diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf index a89b527..ada8114 100644 --- a/openvpn-tun1.6.1.conf +++ b/openvpn-tun1.6.1.conf @@ -25,5 +25,5 @@ tls-version-min 1.2 push "route 10.255.250.1 255.255.255.255" client-config-dir ccd #ifconfig-pool-persist ccd/ipp_udp.txt -fast-io +#fast-io passtos From 4e16d813bf6b65b3eeff49fb82fb0adc6a7456f6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 31 Jul 2024 11:00:49 +0000 Subject: [PATCH 142/164] Add kernel 6.10 support and fail2ban --- debian9-x86_64.sh | 149 +++++++++++++++++++++++++++++++--------------- 1 file changed, 101 insertions(+), 48 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 57a9ec1..197bb2b 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter +# Copyright (C) 2018-2024 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. @@ -8,7 +8,7 @@ KERNEL=${KERNEL:-5.4} UPSTREAM=${UPSTREAM:-no} -[ "$UPSTREAM" = "yes" ] && KERNEL="5.15" +[ "$UPSTREAM" = "yes" ] && KERNEL="6.1" UPSTREAM6=${UPSTREAM6:-no} [ "$UPSTREAM6" = "yes" ] && KERNEL="6.1" SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} @@ -37,8 +37,10 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} UBOND=${UBOND:-no} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} +OPENVPN_BONDING=${OPENVPN_BONDING:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} +FAIL2BAN=${FAIL2BAN:-yes} SOURCES=${SOURCES:-no} if [ "$KERNEL" != "5.4" ]; then SOURCES="yes" @@ -54,11 +56,11 @@ INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=d KERNEL_VERSION="5.4.207" KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -if [ "$KERNEL" = "5.15" ]; then - KERNEL_VERSION="5.15.57" - KERNEL_PACKAGE_VERSION="1.6" - KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" -fi +#if [ "$KERNEL" = "5.15" ]; then +# KERNEL_VERSION="5.15.57" +# KERNEL_PACKAGE_VERSION="1.6" +# KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" +#fi if [ "$KERNEL" = "6.1" ]; then KERNEL_VERSION="6.1.0" KERNEL_PACKAGE_VERSION="1.30" @@ -75,8 +77,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="21d071ebece556f3114c18ed9e86414ea6c85e1c" -OMR_ADMIN_BINARY_VERSION="0.11+20240704" +OMR_ADMIN_VERSION="9e86294e416ad7bdc812a941c7cc89f97b90315d" +OMR_ADMIN_BINARY_VERSION="0.12+20240725" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -113,8 +115,8 @@ echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi # Check Kernel -if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then - echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported" +if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ]; then + echo "Only kernels 5.4, 6.1, 6.6 and 6.10 are currently supported" exit 1 fi @@ -240,7 +242,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="10" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then echo "Update Debian 10 Buster to Debian 11 Bullseye" apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade @@ -251,7 +253,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="11" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then echo "Update Debian 11 Bullseye to Debian 12 Bookworm" apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade @@ -271,7 +273,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then +if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then echo "Update Ubuntu 20.04 to Ubuntu 22.04" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade @@ -444,6 +446,29 @@ elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb +# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg +# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list +# apt-get update +# apt-get -y install linux-xanmod-lts-x64v3 + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } +elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then + # awk command from xanmod website + PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") + if [ "$PSABI" = "x64v1" ]; then + echo "psABI x86-64-v1 not supported by Xanmod kernel 6.10, use an older kernel" + exit 0 + fi + KERNEL_VERSION="6.10.2" + KERNEL_REV="0~20240728.gae7b555" + wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + # wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg # echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list # apt-get update @@ -681,6 +706,10 @@ fi if systemctl -q is-active omr-admin.service; then systemctl -q stop omr-admin > /dev/null 2>&1 fi +if systemctl -q is-active omr-admin-ipv6.service; then + systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 + systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 +fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Install OpenMPTCProuter VPS Admin' @@ -735,14 +764,14 @@ if [ "$OMR_ADMIN" = "yes" ]; then #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then - pip3 -q install netjsonconfig --break-system-packages + #pip3 -q install netjsonconfig --break-system-packages pip3 -q install fastapi -U --break-system-packages pip3 -q install jsonschema -U --break-system-packages pip3 -q install python-multipart jinja2 -U --break-system-packages pip3 -q install starlette --break-system-packages pip3 -q install starlette --break-system-packages else - pip3 -q install netjsonconfig + #pip3 -q install netjsonconfig if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then pip3 -q install fastapi==0.99.1 -U else @@ -761,7 +790,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in - wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in + #wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip @@ -812,27 +841,31 @@ if [ "$OMR_ADMIN" = "yes" ]; then sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } chmod 644 /lib/systemd/system/omr-admin.service - chmod 644 /lib/systemd/system/omr-admin-ipv6.service + #chmod 644 /lib/systemd/system/omr-admin-ipv6.service #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py - [ "$(ip -6 a)" != "" ] && { - systemctl enable omr-admin-ipv6.service - } + #[ "$(ip -6 a)" != "" ] && { + # systemctl enable omr-admin-ipv6.service + #} systemctl enable omr-admin.service if [ "$KERNEL" != "5.4" ]; then mptcpize enable omr-admin.service >/dev/null 2>&1 - [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 + #[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 + fi + if systemctl -q is-active omr-admin-ipv6.service; then + systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1 + systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1 fi fi # Get shadowsocks optimization if [ "$LOCALFILES" = "no" ]; then - if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then + if [ "$KERNEL" != "5.4" ]; then wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf else wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf fi else - if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then + if [ "$KERNEL" != "5.4" ]; then cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf else cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf @@ -1336,6 +1369,20 @@ if [ "$WIREGUARD" = "yes" ]; then echo "Install wireguard done" fi +if systemctl -q is-active fail2ban.service; then + systemctl -q stop fail2ban > /dev/null 2>&1 + systemctl -q disable fail2ban > /dev/null 2>&1 +fi +if [ "$FAIL2BAN" = "yes" ]; then + echo "Install Fail2ban" + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get -y install fail2ban + systemctl enable fail2ban + wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf + echo "Install Fail2ban done" +fi + if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 @@ -1417,14 +1464,16 @@ if [ "$OPENVPN" = "yes" ]; then wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf fi - wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf - wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf - wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf - wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf - wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf - wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf - wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf - wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf + if [ "$OPENVPN_BONDING" = "yes" ]; then + wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf + wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf + wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf + wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf + wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf + wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf + wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf + wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf + fi else if [ "$KERNEL" != "5.4" ]; then cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf @@ -1433,14 +1482,16 @@ if [ "$OPENVPN" = "yes" ]; then cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf fi - cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf - cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf - cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf - cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf - cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf - cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf - cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf - cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf + if [ "$OPENVPN_BONDING" = "yes" ]; then + cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf + cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf + cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf + cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf + cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf + cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf + cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf + cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf + fi fi mkdir -p /etc/openvpn/ccd if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then @@ -1455,14 +1506,16 @@ if [ "$OPENVPN" = "yes" ]; then if [ "$KERNEL" != "5.4" ]; then mptcpize enable openvpn@tun0 >/dev/null 2>&1 fi - systemctl enable openvpn@bonding1.service - systemctl enable openvpn@bonding2.service - systemctl enable openvpn@bonding3.service - systemctl enable openvpn@bonding4.service - systemctl enable openvpn@bonding5.service - systemctl enable openvpn@bonding6.service - systemctl enable openvpn@bonding7.service - systemctl enable openvpn@bonding8.service + if [ "$OPENVPN_BONDING" = "yes" ]; then + systemctl enable openvpn@bonding1.service + systemctl enable openvpn@bonding2.service + systemctl enable openvpn@bonding3.service + systemctl enable openvpn@bonding4.service + systemctl enable openvpn@bonding5.service + systemctl enable openvpn@bonding6.service + systemctl enable openvpn@bonding7.service + systemctl enable openvpn@bonding8.service + fi fi echo 'Glorytun UDP' From 6aa0d0388860a54295bfb10c068fcebdb002c3a9 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 31 Jul 2024 11:01:55 +0000 Subject: [PATCH 143/164] Update URL for default update script --- omr-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-update b/omr-update index ff2e201..6c3a094 100755 --- a/omr-update +++ b/omr-update @@ -1,6 +1,6 @@ #!/bin/sh if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server/debian10-x86_64.sh | sh + wget -O - http://www.openmptcprouter.com/server/debian.sh | sh rm -f /etc/openmptcprouter-vps-admin/update reboot fi From 654e1a1335f10cf9af83a0c6e0a47bcaff9c62a4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 31 Jul 2024 11:02:21 +0000 Subject: [PATCH 144/164] Change in kernel settings --- shadowsocks.6.1.conf | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf index d3cd55a..7828850 100644 --- a/shadowsocks.6.1.conf +++ b/shadowsocks.6.1.conf @@ -2,18 +2,18 @@ # max open files fs.file-max = 512000 # max read buffer -net.core.rmem_max = 16777216 +net.core.rmem_max = 7500000 # max write buffer -net.core.wmem_max = 16777216 +net.core.wmem_max = 7500000 #net.core.optmem_max = 33554432 # default read buffer #net.core.rmem_default = 16777216 # default write buffer #net.core.wmem_default = 16777216 # max processor input queue -net.core.netdev_max_backlog = 4096 +net.core.netdev_max_backlog = 10000 # max backlog -net.core.somaxconn = 4096 +net.core.somaxconn = 16384 # resist SYN flood attacks net.ipv4.tcp_syncookies = 1 @@ -30,24 +30,27 @@ net.ipv4.tcp_keepalive_time = 7200 # outbound port range net.ipv4.ip_local_port_range = 9999 65000 # max SYN backlog -net.ipv4.tcp_max_syn_backlog = 10240 +net.ipv4.tcp_max_syn_backlog = 4096 # max timewait sockets held by system simultaneously -net.ipv4.tcp_max_tw_buckets = 10000 +net.ipv4.tcp_max_tw_buckets = 16384 # turn on TCP Fast Open on both client and server side net.ipv4.tcp_fastopen = 3 # TCP buffer -net.ipv4.tcp_mem = 1638400 1638400 1638400 +net.ipv4.tcp_mem = 409600 819200 1638400 # UDP buffer -#net.ipv4.udp_mem = 4096 87380 16777216 +net.ipv4.udp_mem = 4096 87380 16777216 # TCP receive buffer net.ipv4.tcp_rmem = 4096 87380 16777216 # TCP write buffer net.ipv4.tcp_wmem = 4096 87380 16777216 # turn on path MTU discovery net.ipv4.tcp_mtu_probing = 0 +# 1/8 * available memory in receive buffer +net.ipv4.tcp_adv_win_scale=-3 +# limits the size of unsent bytes in the write queue +net.ipv4.tcp_notsent_lowat = 131072 # for low-latency network, use cubic instead -net.ipv4.tcp_congestion_control = bbr net.core.default_qdisc = fq # Default conntrack is too small net.netfilter.nf_conntrack_max = 524288 @@ -58,10 +61,17 @@ net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 # MPTCP settings +net.ipv4.tcp_ecn = 2 net.mptcp.checksum_enabled = 0 net.mptcp.add_addr_timeout = 120 net.mptcp.allow_join_initial_addr_port = 1 net.mptcp.enabled = 1 net.mptcp.pm_type = 0 net.mptcp.stale_loss_cnt = 4 -net.ipv4.tcp_ecn = 2 +net.mptcp.mptcp_checksum=0 +net.mptcp.mptcp_path_manager=fullmesh +net.mptcp.mptcp_scheduler=mptcp_burst +net.mptcp.mptcp_syn_retries=4 +net.mptcp.mptcp_version=1 +net.mptcp.checksum_enabled=0 +net.ipv4.tcp_congestion_control=bbr \ No newline at end of file From 5abd262382ddbd9f076c478555f4786c918d4a30 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 1 Aug 2024 07:55:38 +0000 Subject: [PATCH 145/164] Add missing files --- fail2ban-jail-openmptcprouter.conf | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 fail2ban-jail-openmptcprouter.conf diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf new file mode 100644 index 0000000..53f499b --- /dev/null +++ b/fail2ban-jail-openmptcprouter.conf @@ -0,0 +1,6 @@ +[DEFAULT] +backend = systemd +banaction = shorewall + +[sshd] +enabled = true From b76adb8a2441d94ef8c6c877dda91ef2dd12ef31 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 9 Aug 2024 15:35:17 +0000 Subject: [PATCH 146/164] Update omr-admin API, add gre-tunnel and lan-routes as options, add OpenVPN to fail2ban --- debian9-x86_64.sh | 35 +++++++++++++++++++++--------- fail2ban-filter-openvpn.conf | 10 +++++++++ fail2ban-jail-openmptcprouter.conf | 15 +++++++++++++ omr-service | 11 ++++++++-- 4 files changed, 59 insertions(+), 12 deletions(-) create mode 100644 fail2ban-filter-openvpn.conf diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 197bb2b..f39e3d0 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -47,6 +47,7 @@ if [ "$KERNEL" != "5.4" ]; then fi NOINTERNET=${NOINTERNET:-no} GRETUNNELS=${GRETUNNELS:-yes} +LANROUTES=${LANROUTES:-yes} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} IPERF=${IPERF:-yes} @@ -77,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="9e86294e416ad7bdc812a941c7cc89f97b90315d" -OMR_ADMIN_BINARY_VERSION="0.12+20240725" +OMR_ADMIN_VERSION="24030b76868296c5869cfa8a032fd43c7d60df39" +OMR_ADMIN_BINARY_VERSION="0.12+20240802" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -835,10 +836,18 @@ if [ "$OMR_ADMIN" = "yes" ]; then sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json [ "$NOINTERNET" = "yes" ] && { - sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + jq '. + {internet: false}' omr-admin-config.json > omr-admin-config.json.tmp + mv omr-admin-config.json.tmp omr-admin-config.json + #sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } [ "$GRETUNNELS" = "no" ] && { - sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + jq '. + {gre_tunnels: false}' omr-admin-config.json > omr-admin-config.json.tmp + mv omr-admin-config.json.tmp omr-admin-config.json + #sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + } + [ "$LANROUTES" = "no" ] && { + jq '. + {lan_routes: false}' omr-admin-config.json > omr-admin-config.json.tmp + mv omr-admin-config.json.tmp omr-admin-config.json } chmod 644 /lib/systemd/system/omr-admin.service #chmod 644 /lib/systemd/system/omr-admin-ipv6.service @@ -1380,6 +1389,7 @@ if [ "$FAIL2BAN" = "yes" ]; then apt-get -y install fail2ban systemctl enable fail2ban wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf + wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf echo "Install Fail2ban done" fi @@ -1767,8 +1777,10 @@ if [ "$update" = "0" ]; then fi tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall rm /etc/shorewall/openmptcprouter-shorewall.tar.gz - sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* - systemctl enable shorewall + if [ -n "$INTERFACE" ]; then + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* + systemctl enable shorewall + fi if [ "$LOCALFILES" = "no" ]; then wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz else @@ -1776,8 +1788,10 @@ if [ "$update" = "0" ]; then fi tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz - sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* - systemctl enable shorewall6 + if [ -n "$INTERFACE6" ]; then + sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* + systemctl enable shorewall6 + fi else # Update only needed firewall files if [ "$LOCALFILES" = "no" ]; then @@ -2117,10 +2131,11 @@ else # fi echo 'done' echo 'Restarting shorewall...' - systemctl -q restart shorewall - systemctl -q restart shorewall6 + [ -n "$INTERFACE" ] && systemctl -q restart shorewall >/dev/null 2>&1 || true + [ -n "$INTERFACE6" ] && systemctl -q restart shorewall6 >/dev/null 2>&1 || true echo 'done' echo '====================================================================================' echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' echo '====================================================================================' fi +exit 0 \ No newline at end of file diff --git a/fail2ban-filter-openvpn.conf b/fail2ban-filter-openvpn.conf new file mode 100644 index 0000000..1a53b2f --- /dev/null +++ b/fail2ban-filter-openvpn.conf @@ -0,0 +1,10 @@ +[INCLUDES] +before = common.conf + +[Definition] +_daemon = ovpn-server +failregex =%(__prefix_line)s:[0-9]{4,5} TLS Auth Error:.* + %(__prefix_line)s:[0-9]{4,5} VERIFY ERROR:.* + %(__prefix_line)s:[0-9]{4,5} TLS Error: TLS handshake failed.* + %(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]:[0-9]{4,5} +maxlines = 1 diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf index 53f499b..45cf34d 100644 --- a/fail2ban-jail-openmptcprouter.conf +++ b/fail2ban-jail-openmptcprouter.conf @@ -4,3 +4,18 @@ banaction = shorewall [sshd] enabled = true + +[openvpn_tcp] +enabled = true +port = 65301 +protocol = tcp +filter = openvpn +maxretry = 5 + +[openvpn_udp] +enabled = true +port = 65301 +protocol = udp +filter = openvpn +maxretry = 5 + diff --git a/omr-service b/omr-service index be312e1..4c28eba 100755 --- a/omr-service +++ b/omr-service @@ -114,12 +114,15 @@ _lan_route() { while IFS=$"\n" read -r c; do if [ -n "$c" ]; then vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') + username=$(echo "$c" | jq -r '.username') if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then echo "$c" | jq -c -r '.lanips[]? //empty' | while IFS=$"\n" read -r d; do if [ "$d" != "" ]; then network=$(ipcalc -n $d | grep Network | awk '{print $2}') + netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 + [ -n "$network" ] && [ -n "$netmask" ] && [ -z "$(grep ${network} /etc/openvpn/cdd/${username})" ] && echo "iroute $network $netmask" >> /etc/openvpn/ccd/${username} fi done fi @@ -178,6 +181,10 @@ ip link add omr-bonding type bond >/dev/null 2>&1 #[ -n "$(uname -r | grep '6.1')" ] && { # stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & #} + +gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" +lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" + while true; do _glorytun_udp _glorytun_tcp @@ -189,8 +196,8 @@ while true; do _wireguard _multipath _omr_api - _lan_route - _gre_tunnels + [ "$lan_routes" != "false" ] && _lan_route + [ "$gre_tunnels" != "false" ] && _gre_tunnels _openvpn_bonding sleep 10 done From 93f9244e83d5dd8d6d84d2657ed68455ebb06f67 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 28 Aug 2024 09:36:57 +0000 Subject: [PATCH 147/164] Update OMR-Admin API --- debian9-x86_64.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index f39e3d0..b8f93b9 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="24030b76868296c5869cfa8a032fd43c7d60df39" -OMR_ADMIN_BINARY_VERSION="0.12+20240802" +OMR_ADMIN_VERSION="f98c362de5ee224e125378ee641b6c5d5db0e7e9" +OMR_ADMIN_BINARY_VERSION="0.12+20240827" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" From c06b6ac75f76999b6dbacadcf4cf146bceb2f67e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 28 Aug 2024 09:37:31 +0000 Subject: [PATCH 148/164] Better check if VPN are installed or not for OMR-Service --- omr-service | 75 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/omr-service b/omr-service index 4c28eba..80250ba 100755 --- a/omr-service +++ b/omr-service @@ -20,7 +20,8 @@ _multipath() { } _glorytun_udp() { - if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then + #if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then + if systemctl list-unit-files glorytun-udp@.service >/dev/null; then [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { logger -t "OMR-Service" "Restart Glorytun-UDP" systemctl -q restart 'glorytun-udp@*' @@ -34,7 +35,8 @@ _glorytun_udp() { } _glorytun_tcp() { - if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then + #if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then + if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then for intf in /etc/glorytun-tcp/tun*; do [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} done @@ -53,49 +55,61 @@ _glorytun_tcp() { } _dsvpn() { - [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1 - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then - localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.251.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then - logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" - systemctl restart dsvpn-server@dsvpn0 + #if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then + if systemctl list-unit-files dsvpn-server@.service >/dev/null; then + [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1 + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then + localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" + [ -z "$localip" ] && localip="10.255.251.1" + remoteip="$(echo $localip | sed 's/\.1/\.2/')" + if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" + systemctl restart dsvpn-server@dsvpn0 + fi + #ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1 fi - #ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1 fi } _shadowsocks() { - [ -n "$(systemctl -a | grep 'shadowsocks-libev')" ] && [ -z "$(pgrep ss-server)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev" - systemctl restart shadowsocks-libev-manager@manager - } + if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then + [ -z "$(pgrep ss-server)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev" + systemctl restart shadowsocks-libev-manager@manager + } + fi } _shadowsocks_go() { - [ -n "$(systemctl -a | grep 'shadowsocks-go')" ] && [ -z "$(pgrep shadowsocks-go)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go" - systemctl restart shadowsocks-go - } + if systemctl list-unit-files shadowsocks-go.service >/dev/null; then + [ -z "$(pgrep shadowsocks-go)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go" + systemctl restart shadowsocks-go + } + fi } _xray() { - [ -n "$(systemctl -a | grep 'xray')" ] && [ -z "$(pgrep xray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart XRay" - systemctl restart xray - } + if systemctl list-unit-files xray.service >/dev/null; then + [ -z "$(pgrep xray)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart XRay" + systemctl restart xray + } + fi } _v2ray() { - [ -n "$(systemctl -a | grep 'v2ray')" ] && [ -z "$(pgrep v2ray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart V2Ray" - systemctl restart v2ray - } + if systemctl list-unit-files v2ray.service >/dev/null; then + [ -z "$(pgrep v2ray)" ] && { + logger -t "OMR-Service" "ss-server not detected, restart V2Ray" + systemctl restart v2ray + } + fi } _wireguard() { - if [ -n "$(systemctl -a | grep 'wg')" ]; then + #if [ -n "$(systemctl -a | grep 'wg')" ]; then + if systemctl list-unit-files wg-quick@.service >/dev/null; then [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1 [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1 fi @@ -120,9 +134,10 @@ _lan_route() { while IFS=$"\n" read -r d; do if [ "$d" != "" ]; then network=$(ipcalc -n $d | grep Network | awk '{print $2}') + networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1) netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 - [ -n "$network" ] && [ -n "$netmask" ] && [ -z "$(grep ${network} /etc/openvpn/cdd/${username})" ] && echo "iroute $network $netmask" >> /etc/openvpn/ccd/${username} + [ -n "$networkonly" ] && [ -n "$netmask" ] && [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ] && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username} fi done fi @@ -150,7 +165,7 @@ _gre_tunnels() { } _openvpn_bonding() { - if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then + if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1 ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1 ip link set ovpnbonding1 up >/dev/null 2>&1 From c0e0e19b6c6e18035801f4ad77a667b3c655b264 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 28 Aug 2024 09:37:58 +0000 Subject: [PATCH 149/164] No need for client-config-dir on OpenVPN UDP --- openvpn-tun1.6.1.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf index ada8114..c9144dd 100644 --- a/openvpn-tun1.6.1.conf +++ b/openvpn-tun1.6.1.conf @@ -23,7 +23,7 @@ tun-mtu 1420 tls-server tls-version-min 1.2 push "route 10.255.250.1 255.255.255.255" -client-config-dir ccd +#client-config-dir ccd #ifconfig-pool-persist ccd/ipp_udp.txt #fast-io passtos From c635b0a1b6c845421936ce97130fc4ba53c6939e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 7 Oct 2024 09:29:20 +0000 Subject: [PATCH 150/164] Sync with server --- debian9-x86_64.sh | 56 ++++++++++++++++++++++++++++++++++++------- openvpn-bonding1.conf | 1 + openvpn-bonding2.conf | 1 + openvpn-bonding3.conf | 1 + openvpn-bonding4.conf | 1 + openvpn-bonding5.conf | 1 + openvpn-bonding6.conf | 1 + openvpn-bonding7.conf | 1 + openvpn-bonding8.conf | 1 + openvpn-tun0.6.1.conf | 1 + openvpn-tun1.6.1.conf | 1 + 11 files changed, 58 insertions(+), 8 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index b8f93b9..e15eb86 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -78,14 +78,14 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="f98c362de5ee224e125378ee641b6c5d5db0e7e9" -OMR_ADMIN_BINARY_VERSION="0.12+20240827" +OMR_ADMIN_VERSION="b31e764e7b6159b748b3b176bc26395e051a1f38" +OMR_ADMIN_BINARY_VERSION="0.12+20240920" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" -XRAY_VERSION="1.8.6" +XRAY_VERSION="1.8.24" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -116,8 +116,8 @@ echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi # Check Kernel -if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ]; then - echo "Only kernels 5.4, 6.1, 6.6 and 6.10 are currently supported" +if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ]; then + echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported" exit 1 fi @@ -217,6 +217,9 @@ fi } echo "Remove lock and update packages list..." +rm -f /etc/apt/sources.list.d/xanmod* +rm -f /etc/apt/trusted.gpg.d/xanmod* + rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock @@ -470,6 +473,29 @@ elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb +# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg +# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list +# apt-get update +# apt-get -y install linux-xanmod-lts-x64v3 + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } +elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then + # awk command from xanmod website + PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") + if [ "$PSABI" = "x64v1" ]; then + echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel" + exit 0 + fi + KERNEL_VERSION="6.11.0" + KERNEL_REV="0~20240916.g9c60408" + wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + # wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg # echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list # apt-get update @@ -904,7 +930,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then fi #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json - [ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json + [ "$(ip -6 a 2>/dev/null)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then for i in $(seq 2 $NBCPU); do sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json @@ -1386,7 +1412,7 @@ if [ "$FAIL2BAN" = "yes" ]; then echo "Install Fail2ban" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - apt-get -y install fail2ban + apt-get -y install fail2ban python3-systemd systemctl enable fail2ban wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf @@ -1503,6 +1529,20 @@ if [ "$OPENVPN" = "yes" ]; then cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi fi + if [ "$(ip -6 a 2>/dev/null)" = "" ]; then + sed -i 's/proto tcp6-server//' /etc/openvpn.tun0.conf + sed -i 's/proto udp6//' /etc/openvpn.tun1.conf + if [ "$OPENVPN_BONDING" = "yes" ]; then + sed -i 's/proto udp6//' /etc/openvpn.bonding1.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding2.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding3.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding4.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding5.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding6.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding7.conf + sed -i 's/proto udp6//' /etc/openvpn.bonding8.conf + fi + fi mkdir -p /etc/openvpn/ccd if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt @@ -1588,7 +1628,7 @@ if [ "$GLORYTUN_UDP" = "yes" ]; then chmod 644 /lib/systemd/system/glorytun-udp@.service GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi - [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 + [ "$(ip -6 a 2>/dev/null)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 fi diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf index d675d34..45a07d7 100644 --- a/openvpn-bonding1.conf +++ b/openvpn-bonding1.conf @@ -2,6 +2,7 @@ dev ovpnbonding1 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65351 persist-tun persist-key diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf index 8920940..71798b4 100644 --- a/openvpn-bonding2.conf +++ b/openvpn-bonding2.conf @@ -2,6 +2,7 @@ dev ovpnbonding2 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65352 persist-tun persist-key diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf index b04099e..9614a96 100644 --- a/openvpn-bonding3.conf +++ b/openvpn-bonding3.conf @@ -2,6 +2,7 @@ dev ovpnbonding3 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65353 persist-tun persist-key diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf index d977b4e..846f5dc 100644 --- a/openvpn-bonding4.conf +++ b/openvpn-bonding4.conf @@ -2,6 +2,7 @@ dev ovpnbonding4 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65354 persist-tun persist-key diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf index e5866b4..aafccd3 100644 --- a/openvpn-bonding5.conf +++ b/openvpn-bonding5.conf @@ -2,6 +2,7 @@ dev ovpnbonding5 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65355 persist-tun persist-key diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf index fb9ad29..30b2067 100644 --- a/openvpn-bonding6.conf +++ b/openvpn-bonding6.conf @@ -2,6 +2,7 @@ dev ovpnbonding6 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65356 persist-tun persist-key diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf index f197366..c5f1fe1 100644 --- a/openvpn-bonding7.conf +++ b/openvpn-bonding7.conf @@ -2,6 +2,7 @@ dev ovpnbonding7 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65357 persist-tun persist-key diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf index 2e6d7a6..dbdd11b 100644 --- a/openvpn-bonding8.conf +++ b/openvpn-bonding8.conf @@ -2,6 +2,7 @@ dev ovpnbonding8 dev-type tap cipher AES-256-CBC proto udp +proto udp6 port 65358 persist-tun persist-key diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf index 6198b64..daa78ab 100644 --- a/openvpn-tun0.6.1.conf +++ b/openvpn-tun0.6.1.conf @@ -5,6 +5,7 @@ group nogroup data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 disable-dco proto tcp-server +proto tcp6-server port 65301 persist-tun persist-key diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf index c9144dd..6d91a8e 100644 --- a/openvpn-tun1.6.1.conf +++ b/openvpn-tun1.6.1.conf @@ -2,6 +2,7 @@ topology subnet dev tun1 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 proto udp +proto udp6 port 65301 persist-tun persist-key From 3ac858c56b4b22ee08ec574661f1bc61ede16cb6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 16 Oct 2024 13:42:39 +0000 Subject: [PATCH 151/164] Less output logs --- debian9-x86_64.sh | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index e15eb86..539f49c 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -597,7 +597,7 @@ if [ "$KERNEL" != "5.4" ]; then #fi fi -apt-get -y remove shadowsocks-libev +apt-get -y remove shadowsocks-libev >/dev/null 2>&1 if [ "$SHADOWSOCKS" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then #apt -t stretch-backports -y install shadowsocks-libev @@ -730,10 +730,10 @@ if [ "$KERNEL" = "5.4" ]; then echo mptcp_blest >> /etc/modules fi fi -if systemctl -q is-active omr-admin.service; then +if systemctl -q is-active omr-admin.service 2>/dev/null; then systemctl -q stop omr-admin > /dev/null 2>&1 fi -if systemctl -q is-active omr-admin-ipv6.service; then +if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 fi @@ -886,7 +886,7 @@ if [ "$OMR_ADMIN" = "yes" ]; then mptcpize enable omr-admin.service >/dev/null 2>&1 #[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 fi - if systemctl -q is-active omr-admin-ipv6.service; then + if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1 systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1 fi @@ -945,7 +945,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then else cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service fi - if systemctl -q is-enabled shadowsocks-libev; then + if systemctl -q is-enabled shadowsocks-libev 2>/dev/null; then systemctl -q disable shadowsocks-libev fi [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service @@ -955,7 +955,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service done fi - if systemctl -q is-active shadowsocks-libev-manager@manager; then + if systemctl -q is-active shadowsocks-libev-manager@manager 2>/dev/null; then systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi fi @@ -1044,7 +1044,7 @@ if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-lib sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi -if systemctl -q is-active shadowsocks-go.service; then +if systemctl -q is-active shadowsocks-go.service 2>/dev/null; then systemctl -q stop shadowsocks-go > /dev/null 2>&1 systemctl -q disable shadowsocks-go > /dev/null 2>&1 fi @@ -1086,7 +1086,7 @@ if [ "$SHADOWSOCKS_GO" = "yes" ]; then fi -if systemctl -q is-active v2ray.service; then +if systemctl -q is-active v2ray.service 2>/dev/null; then systemctl -q stop v2ray > /dev/null 2>&1 systemctl -q disable v2ray > /dev/null 2>&1 fi @@ -1159,7 +1159,7 @@ if [ "$V2RAY" = "yes" ]; then #fi fi -if systemctl -q is-active xray.service; then +if systemctl -q is-active xray.service 2>/dev/null; then systemctl -q stop xray > /dev/null 2>&1 systemctl -q disable xray > /dev/null 2>&1 fi @@ -1233,7 +1233,7 @@ if [ "$XRAY" = "yes" ]; then systemctl enable xray.service fi -if systemctl -q is-active mlvpn@mlvpn0.service; then +if systemctl -q is-active mlvpn@mlvpn0.service 2>/dev/null; then systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1 fi @@ -1295,7 +1295,7 @@ if [ "$MLVPN" = "yes" ]; then systemctl enable systemd-networkd.service echo "install mlvpn done" fi -if systemctl -q is-active ubond@ubond0.service; then +if systemctl -q is-active ubond@ubond0.service 2>/dev/null; then systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1 fi @@ -1351,7 +1351,7 @@ if [ "$UBOND" = "yes" ]; then echo "install ubond done" fi -if systemctl -q is-active wg-quick@wg0.service; then +if systemctl -q is-active wg-quick@wg0.service 2>/dev/null; then systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 fi @@ -1404,7 +1404,7 @@ if [ "$WIREGUARD" = "yes" ]; then echo "Install wireguard done" fi -if systemctl -q is-active fail2ban.service; then +if systemctl -q is-active fail2ban.service 2>/dev/null; then systemctl -q stop fail2ban > /dev/null 2>&1 systemctl -q disable fail2ban > /dev/null 2>&1 fi @@ -1419,7 +1419,7 @@ if [ "$FAIL2BAN" = "yes" ]; then echo "Install Fail2ban done" fi -if systemctl -q is-active openvpn-server@tun0.service; then +if systemctl -q is-active openvpn-server@tun0.service 2>/dev/null; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 fi @@ -1570,7 +1570,7 @@ fi echo 'Glorytun UDP' # Install Glorytun UDP -if systemctl -q is-active glorytun-udp@tun0.service; then +if systemctl -q is-active glorytun-udp@tun0.service 2>/dev/null; then systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1 fi if [ "$GLORYTUN_UDP" = "yes" ]; then @@ -1639,7 +1639,7 @@ systemctl enable chrony if [ "$DSVPN" = "yes" ]; then echo 'A Dead Simple VPN' # Install A Dead Simple VPN - if systemctl -q is-active dsvpn-server.service; then + if systemctl -q is-active dsvpn-server.service 2>/dev/null; then systemctl -q disable dsvpn-server > /dev/null 2>&1 systemctl -q stop dsvpn-server > /dev/null 2>&1 fi @@ -1681,7 +1681,7 @@ if [ "$DSVPN" = "yes" ]; then fi # Install Glorytun TCP -if systemctl -q is-active glorytun-tcp@tun0.service; then +if systemctl -q is-active glorytun-tcp@tun0.service 2>/dev/null; then systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1 fi if [ "$GLORYTUN_TCP" = "yes" ]; then @@ -1788,7 +1788,7 @@ chmod 755 /usr/local/bin/omr-6in4-run chmod 644 /lib/systemd/system/omr-bypass.service chmod 644 /lib/systemd/system/omr-bypass.timer systemctl daemon-reload -if systemctl -q is-active omr-6in4.service; then +if systemctl -q is-active omr-6in4.service 2>/dev/null; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi From 455f3c86d86f47dd3296954b4488582427e2bdd6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 16 Oct 2024 13:43:00 +0000 Subject: [PATCH 152/164] Enable FastOpen on Shadowsocks-go --- shadowsocks-go.server.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json index fd5731e..f6bd1ed 100644 --- a/shadowsocks-go.server.json +++ b/shadowsocks-go.server.json @@ -7,13 +7,13 @@ { "network": "tcp", "address": ":65280", - "fastOpen": false, + "fastOpen": true, "reusePort": false, "multipath": true } ], "enableTCP": true, - "listenerTFO": false, + "listenerTFO": true, "enableUDP": true, "mtu": 1500, "psk": "PSK", From 3b4f875051892fd68a280b84cce91f2adda2d306 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 23 Oct 2024 06:11:05 +0000 Subject: [PATCH 153/164] Update OMR admin, omr-service and shadowsocks-go --- debian9-x86_64.sh | 6 +++--- omr-service | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 539f49c..2ca9e36 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="b31e764e7b6159b748b3b176bc26395e051a1f38" -OMR_ADMIN_BINARY_VERSION="0.12+20240920" +OMR_ADMIN_VERSION="371ce38ec213fb6d18b79a91e5aa354ea36b649f" +OMR_ADMIN_BINARY_VERSION="0.13+20241016" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -93,7 +93,7 @@ EASYRSA_VERSION="3.0.6" #fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" -SHADOWSOCKS_GO_VERSION="1.8.0" +SHADOWSOCKS_GO_VERSION="1.11.3" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" diff --git a/omr-service b/omr-service index 80250ba..12800ed 100755 --- a/omr-service +++ b/omr-service @@ -124,7 +124,7 @@ _omr_api() { } _lan_route() { - cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' | + jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json | while IFS=$"\n" read -r c; do if [ -n "$c" ]; then vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') From 458b472a78f37dd83cb8c4834bb594fe9bc03f73 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 30 Oct 2024 14:58:01 +0000 Subject: [PATCH 154/164] Update OMR-Admin, for update to Debian 12 and fix when IPv6 is disabled --- debian9-x86_64.sh | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 2ca9e36..6437553 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="371ce38ec213fb6d18b79a91e5aa354ea36b649f" -OMR_ADMIN_BINARY_VERSION="0.13+20241016" +OMR_ADMIN_VERSION="8caecd236d8d8239e7d77fa3f6de62619bd564ee" +OMR_ADMIN_BINARY_VERSION="0.14+20241025" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -102,7 +102,7 @@ VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} -OMR_VERSION="0.1031-test" +OMR_VERSION="0.1032-test" DIR=$( pwd ) #" @@ -246,21 +246,23 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="10" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 10 Buster to Debian 11 Bullseye" apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade sed -i 's:buster:bullseye:g' /etc/apt/sources.list + sed -i 's:archive:deb:g' /etc/apt/sources.list sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade VERSION_ID="11" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then +if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 11 Bullseye to Debian 12 Bookworm" apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade + sed -i 's:archive:deb:g' /etc/apt/sources.list sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade @@ -277,7 +279,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && [ "$KERNEL" != "5.4" ]; then +if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Ubuntu 20.04 to Ubuntu 22.04" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade @@ -1530,17 +1532,17 @@ if [ "$OPENVPN" = "yes" ]; then fi fi if [ "$(ip -6 a 2>/dev/null)" = "" ]; then - sed -i 's/proto tcp6-server//' /etc/openvpn.tun0.conf - sed -i 's/proto udp6//' /etc/openvpn.tun1.conf + sed -i 's/proto tcp6-server//' /etc/openvpn/tun0.conf + sed -i 's/proto udp6//' /etc/openvpn/tun1.conf if [ "$OPENVPN_BONDING" = "yes" ]; then - sed -i 's/proto udp6//' /etc/openvpn.bonding1.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding2.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding3.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding4.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding5.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding6.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding7.conf - sed -i 's/proto udp6//' /etc/openvpn.bonding8.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding1.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding2.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding3.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding4.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding5.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding6.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding7.conf + sed -i 's/proto udp6//' /etc/openvpn/bonding8.conf fi fi mkdir -p /etc/openvpn/ccd From 2a0501172fa820ec02ac0cc23ed5e8bf19aae87e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 18 Nov 2024 10:24:10 +0000 Subject: [PATCH 155/164] Update XRay --- debian9-x86_64.sh | 17 ++++++++++------- xray-server.json | 13 ------------- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 6437553..d42dce6 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -85,7 +85,7 @@ DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" -XRAY_VERSION="1.8.24" +XRAY_VERSION="24.11.5" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then @@ -864,18 +864,18 @@ if [ "$OMR_ADMIN" = "yes" ]; then sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json [ "$NOINTERNET" = "yes" ] && { - jq '. + {internet: false}' omr-admin-config.json > omr-admin-config.json.tmp - mv omr-admin-config.json.tmp omr-admin-config.json + jq '. + {internet: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp + mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json #sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } [ "$GRETUNNELS" = "no" ] && { - jq '. + {gre_tunnels: false}' omr-admin-config.json > omr-admin-config.json.tmp - mv omr-admin-config.json.tmp omr-admin-config.json + jq '. + {gre_tunnels: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp + mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json #sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } [ "$LANROUTES" = "no" ] && { - jq '. + {lan_routes: false}' omr-admin-config.json > omr-admin-config.json.tmp - mv omr-admin-config.json.tmp omr-admin-config.json + jq '. + {lan_routes: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp + mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json } chmod 644 /lib/systemd/system/omr-admin.service #chmod 644 /lib/systemd/system/omr-admin-ipv6.service @@ -1196,6 +1196,9 @@ if [ "$XRAY" = "yes" ]; then [ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2" XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") [ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2" + #jq -M 'del(.transport)' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + #mv -f /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + fi jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak diff --git a/xray-server.json b/xray-server.json index 5db520d..3c0d0f4 100644 --- a/xray-server.json +++ b/xray-server.json @@ -3,19 +3,6 @@ "loglevel": "error", "error": "/tmp/v2rayError.log" }, - "transport": { - "tcpSettings": {}, - "wsSettings": {}, - "kcpSettings": { - "mtu": 1460, - "tti": 10, - "uplinkCapacity": 100, - "downlinkCapacity": 100, - "congestion": false, - "readBufferSize": 8, - "writeBufferSize": 8 - } - }, "inbounds": [ { "tag": "omrin-tunnel", From 4b590a13eb2f601ce544fc622da3e4a54e4f5db7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Nov 2024 14:52:55 +0000 Subject: [PATCH 156/164] Update omr-admin, add kernel 6.12 support --- debian9-x86_64.sh | 45 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index d42dce6..bdc55f1 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -6,7 +6,7 @@ # See /LICENSE for more information. # -KERNEL=${KERNEL:-5.4} +KERNEL=${KERNEL:-6.6} UPSTREAM=${UPSTREAM:-no} [ "$UPSTREAM" = "yes" ] && KERNEL="6.1" UPSTREAM6=${UPSTREAM6:-no} @@ -78,8 +78,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="8caecd236d8d8239e7d77fa3f6de62619bd564ee" -OMR_ADMIN_BINARY_VERSION="0.14+20241025" +OMR_ADMIN_VERSION="be866bf752119b3460d907f92572fcac773c1a97" +OMR_ADMIN_BINARY_VERSION="0.14+20241125" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -116,7 +116,7 @@ echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi # Check Kernel -if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ]; then +if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ] && [ "$KERNEL" != "6.12" ]; then echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported" exit 1 fi @@ -498,6 +498,32 @@ elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb +# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg +# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list +# apt-get update +# apt-get -y install linux-xanmod-lts-x64v3 + [ -f /etc/default/grub ] && { + sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 + [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 + } +elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then + # awk command from xanmod website + PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") + if [ "$PSABI" = "x64v1" ]; then + echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel" + exit 0 + fi + if [ "$PSABI" = "x64v4" ]; then + PSABI="x64v3" + fi + KERNEL_VERSION="6.12.1" + KERNEL_REV="0~20241122.ge695ae7" + wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb + # wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg # echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list # apt-get update @@ -1203,7 +1229,7 @@ if [ "$XRAY" = "yes" ]; then jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - #if [ ! -f /etc/xray/xray-server.json ]; then + if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ]; then wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json @@ -1218,8 +1244,13 @@ if [ "$XRAY" = "yes" ]; then sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json - - #fi + #for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do + # if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then + # jq '. + {"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + # mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + # fi + #done + fi #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json #fi From be6a17dcddae80dcbbc5324f9ed6715140192dfc Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Nov 2024 14:53:26 +0000 Subject: [PATCH 157/164] Fix omr-service OpenVPN route setting --- omr-service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/omr-service b/omr-service index 12800ed..06ea52d 100755 --- a/omr-service +++ b/omr-service @@ -137,7 +137,7 @@ _lan_route() { networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1) netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}') [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 - [ -n "$networkonly" ] && [ -n "$netmask" ] && [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ] && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username} + [ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username} fi done fi From c942c303843e6c27f008d74e2d8138328a592e7b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 29 Jan 2025 13:51:48 +0000 Subject: [PATCH 158/164] Update omr-admin API, disable fastOpen, add vpn1 management in omr-service,.. --- debian9-x86_64.sh | 48 +++++++++++++++++++------------ omr-service | 14 +++++++++ openmptcprouter-shorewall.tar.gz | Bin 4154 -> 4164 bytes openvpn-tun0.6.1.conf | 4 +-- openvpn-tun0.conf | 2 +- shadowsocks-go.server.json | 2 +- shorewall4/params.vpn | 6 ++-- 7 files changed, 51 insertions(+), 25 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index bdc55f1..719a1bf 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -54,6 +54,7 @@ IPERF=${IPERF:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} +[ -z "$INTERFACE6" ] && INTERFACE6="$INTERFACE" KERNEL_VERSION="5.4.207" KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" @@ -71,6 +72,7 @@ GLORYTUN_UDP=${GLORYTUN_UDP:-yes} GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP=${GLORYTUN_TCP:-yes} +# Old Glorytun TCP version if sources is not enabled... GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" @@ -78,8 +80,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="be866bf752119b3460d907f92572fcac773c1a97" -OMR_ADMIN_BINARY_VERSION="0.14+20241125" +OMR_ADMIN_VERSION="530d20c6b482d491accfa4ea5dd44afa5d1eccdc" +OMR_ADMIN_BINARY_VERSION="0.14+20241216" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -224,6 +226,7 @@ rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock rm -f /etc/apt/sources.list.d/buster-backports.list +rm -f /etc/apt/sources.list.d/stretch-backports.list if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then apt-get update else @@ -509,15 +512,11 @@ elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then # awk command from xanmod website PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v1" ]; then - echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel" - exit 0 - fi if [ "$PSABI" = "x64v4" ]; then PSABI="x64v3" fi - KERNEL_VERSION="6.12.1" - KERNEL_REV="0~20241122.ge695ae7" + KERNEL_VERSION="6.12.10" + KERNEL_REV="0~20250117.g773b57f" wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" @@ -614,7 +613,7 @@ if [ "$KERNEL" != "5.4" ]; then if [ "$ID" = "debian" ]; then echo "MPTCPize iperf3..." - mptcpize enable iperf3 >/dev/null 2>&1 + mptcpize enable iperf3 >/dev/null 2>&1 || true fi #if [ "$UPSTREAM6" = "yes" ]; then @@ -625,8 +624,10 @@ if [ "$KERNEL" != "5.4" ]; then #fi fi -apt-get -y remove shadowsocks-libev >/dev/null 2>&1 +echo "Remove Shadowsocks-libev..." +apt-get -y remove shadowsocks-libev >/dev/null 2>&1 || true if [ "$SHADOWSOCKS" = "yes" ]; then + echo "Install Shadowsocks-libev..." if [ "$SOURCES" = "yes" ]; then #apt -t stretch-backports -y install shadowsocks-libev ## Compile Shadowsocks @@ -1229,7 +1230,7 @@ if [ "$XRAY" = "yes" ]; then jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ]; then + if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ] || [ -z "$(grep -i transport /etc/xray/xray-server.json)" ]; then wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json @@ -1244,12 +1245,23 @@ if [ "$XRAY" = "yes" ]; then sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json - #for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do - # if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then - # jq '. + {"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - # mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - # fi - #done + for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do + if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then + xrayid="$(/usr/bin/xray uuid)" + jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-vmess-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-socks-tunnel") | .settings.accounts) += [{"user": $xrayuser,"pass": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-trojan-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + [ -e /etc/shadowsocks-go/upsks.json ] && shadowsockspass="$(jq --arg xrayuser $xrayuser -r '.[$xrayuser]' /etc/shadowsocks-go/upsks.json)" + [ -z "$shadowsockspass" ] && shadowsockspass=$(head -c 32 /dev/urandom | base64 -w0) + jq --arg xrayuser "$xrayuser" --arg shadowsockspass "$shadowsockspass" '(.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients) += [{"email": $xrayuser,"password": $shadowsockspass}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp + mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json + fi + done fi #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json @@ -1451,7 +1463,7 @@ if [ "$FAIL2BAN" = "yes" ]; then apt-get -y install fail2ban python3-systemd systemctl enable fail2ban wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf - wget -O /etc/fail2ban/filter.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf + wget -O /etc/fail2ban/filter.d/openvpn.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf echo "Install Fail2ban done" fi diff --git a/omr-service b/omr-service index 06ea52d..9021e59 100755 --- a/omr-service +++ b/omr-service @@ -190,6 +190,19 @@ _openvpn_bonding() { fi } +_vpn1() { + vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0') + [ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default') + if [ -n "$vpn1route" ]; then + ip r del $vpn1route + vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')" + ip r a default via $vpngw dev vpn1 table 991337 + for route in $(ip r show dev vpn1); do + ip r a $route table 991337 + done + fi +} + sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1 modprobe bonding >/dev/null 2>&1 ip link add omr-bonding type bond >/dev/null 2>&1 @@ -214,5 +227,6 @@ while true; do [ "$lan_routes" != "false" ] && _lan_route [ "$gre_tunnels" != "false" ] && _gre_tunnels _openvpn_bonding + _vpn1 sleep 10 done diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index 92957efcab04f4eca8eb09a1b98a997dd26d155f..fcc04f34f15f1a5273a4cc83694f962f2c58783d 100644 GIT binary patch literal 4164 zcmV-K5WDXmiwFSK-F#;N1MNI(bE8O-{T2O+3fs5S9cR5?V{ho@Fd&IF0tS#hp124C zOV}nx5;{Qb@lEu9-^?mN2+6J9X~{j;OWGl*tgOs>WMyVS6%&84hyrKw+q>gI4WQF% z(JMgyTJOSrz18S6o2_QI+jv*2*IRHQwIkLkg;f|i0U_@K-;X{=w=e(yDV&y0iTUIQ z?z1zSk#d<--Dpw`6HIlI=tl`D`+h*Y#e*NroyhYS#JTrZ5pjXSb3@1>(UTXF2XE${ zljvpXl9Rc!ASt(U%IyT${nXct5pR)Z>GVyYbjk~stf?HwncCP8B#sj$)8aVY&@7D; zbAwuE7+^pp2M&iJvV4JAdF43qrrZ^X6*%eHu9AX$vSw)qjSioDH; zN`iIyt6?+GMb~$A$#R+R6R3GJSJdQHX}f6XEZkh(+nr9nsJugH=q)#E+pcx; zy=AJST_qRuT+w4Rk_VE#$;?3Yv3Az;=Y zyvJ2Qok9gT3jXpX@E)Hc@?Q8r8Zi9jMy=i=_b=cf+>AiWb>`HwSm-!r-hJQ%F9dx^ z;JPIAAEIX`aQ{wT{1usiD+%1G7lOCBUqvqQA_A7R>IYDM?!#<&LDXt7bpt8}sy7db z|3DK1bxagD3?XmeF5JMG5q)((^CnPO@h0vfbcqv^CE~&-cbe3-j}woCJ4f^=st-d@#09T zM88M0zaLfs3L{fDa=cjx1{R}-Xmx_ zh6-j0oE3Kl-prOUlbb$GmgnF%9%jyCcpg9xxzHof@biTq&R4-hcpkz~Ph6VStCc=3 z7u;i1j#i8R~*J`BCb1@&GZoxpSMXW$p2C+6MA!UdlRF3M%jOpefthpWd&H;f>M z(j~>n!kI(ad-oCC$}_l8U`kd?h>F z=f!@Zw`ux=he`dS{$rLod7taawSR;tX5t6a4@`c>!*J||%4fHU8)6}n3njzVEP_Tt zlkQo#5JF#KlSd<7;s|r*o zj{?u}t>?tQ6RZc~cry0bfA9dEoc*u2+s(rMzXhbBEj57Ox;6#8HN1t@-8=ug&3E-y z7c4-#-R`pIKeb~1zX{yvrp=3@(W}!yfCU95ZDed=8zrP=wgQ%%wPFSLJ;2hRd6Spp z%Gme(x7O(7pZ~&tG5_BJzTo+GLTK@TOr&a9#c@y{o|8Jm*e69OGhr4bO1ANCZ z0JS6s4*|XrBzwhD51b1`wj&YTLzcnk=`}+h$SR)%CdA+^DO(;loK@jE;*D!e3!19Z z=q1j#hy%4kdAoG$aLjB7>0C8(xt!h_PxJyl|bRQKj2b+BDH${19Qp@;b+P#YgUxdX2nNb%ibm<2X`7hFGLsUY|ZusO({pZl1{1(!>KF<8$C0Z?r zzu4#{V9KO!bVFWrUbE31jk^L<6 z!D!FC1>8sEDT_o1J0(auU<(422Gpw<0ODY6plGwX*!_qNY$C`HojWD1w8Z=XeCf*&sK{t|drJ1sI z*Q+0~ApklI%K+PR_%`VLKr(tqtbQMQ-+;Q`LK_sK9KHp8*^q7_q?T%T~03O&=yhd*W5e1`hA9aAl&3aS9f1mdvYWPxTpMt(OgofX;!n z3#0DKiqxxqbb=}bz16uJhG=+L7TxXKJ4x;6<$r|ue?oIDexRw!T_S`o!GPt67jo4` zLs}}uE3A#G8#+k0Bx8%%d<{Pu8~tr;Y)1gUZb^1WxEECbRVrD6Zub>_U~aKUS9crr zJM^fYa;P-|D82=HqY)L9Nh5s@rv%zqTu1YuPa<5!c$x@6tHGU&`G?mt-q3M5ESb<; zSnT)Zfvxk_uy=Cy2PQ??__XfI%dBI>mwg^5St!9yzNl#(Ht@@Gq0&AIcGEr>&)FX?=)w!sefxFCLPfEz?izS|bw){Mn z#?ofhcc9pNrGJ6(aU6&NV>yJ;G+-=sPJq!I(UHZ8e}r*0!0HLw2#GuQ!R5rK|33R8dOKPTSOq_1F$&$Ph(a)@^XfyeTnvizpLT^f}~6R%MgFG9}f5 zTQLcC@iZ@XFQC_m_;~LcG2*W!%IAtVWx-~?k#SDvXYT|&`gt55oTu&#RahAEvTB=x z0Y*6HDk%I&ADN7Yph&!7gGr+aZKNxb#pJ<60VfRe(*|p)DPw%<$ry+d64};JQt@F$ zOl{HGg{_x$e1yUHi`a5S0^Ci9A;646jLB|Q3>A0`UBo+;A3^)pZK9&2Uv$tuo4zrY zB{M~8h84REhU)VW2T&76IYaPr%NwH2T8GcGK}6EE;D81ynEJ7Lt!lT>X@<<)6PA>r z2SAhsijRXnW_@ugtBR~jz{wJZ2_EQ!PKDMM^Y<%#qjjdj%2F`g54$^>>WE*_}x9C$sJR~rZ zf0cT*^}U^$ODc^5sRd>g#RyRPc?{vYot}G(sc1+?{jw88sk2TjHxtg9o@7xJHrh<^ z7OH)A8nP<0>BERj{syX;hCoO}QFLHg+7i;PPLjXCs98x$H)NQgdhet`n)DB^b@*#+ z{$bRBa}o+@H?o*aV1_fsiTJUZX=OYE5T_6CVD9sZ4Ra(z3Tm}RurMD~R5DFi#l;Iu3b@H*t1=?uQrjB6fxL={=#UnN7cS^v?brb-R`>6MRT)pZ)mT!US=;%L_dtDY>* zsck>zstSyfj!Po!54w*fU0Y>y5(}`NgW23zoTUe-&TZGmhtvjhKXiS_zr zJ8!*$+1-Ex_vMa39MNY-*SIw1$sG*fm{^Awi*xQuw$O$rGifWW_4{mjG2+eZBo~#L z-4}a?|8fvQ#CdEP`}Y4f>y3ByR;^QScK~X*|EJY%70>_Q0&?d+lRZBeNmoZs_`fSR zaHg*NmD_(h#m=Aac;^q=kdw3_@w=6M?^S3i`d)=La}MZiCH_kLh<1E9ircyWhoj$) z!WdTIFrv$TMvB87K=gZ4KzhYr$%<^AScrB-dU&i|*xWspDa zK(=eUko8^2#x7)Y7qYbr+0G(67mN&W^-hfI!X)T0R3k=RAnM1MjLUpS162hq410Nx zFY{q?!i=DrKwlfC@At#fDN?>aOAac1;J8|a{#9$hGCh-2gcg4a!pL7P-RV)c0q^tw zt!6iO{-*&tT=@UDfY0%UaL2*-fFax?B`xv$z3o81f> zr?+;{#ov2M)8#FSa*lIcVi%|6(@+u|5JK{5FDrR-Ioi8|>FMd7kDl%xm|+(9ejGZpU*4S#ngHE) zn_K~kSGEWDY^&F6wpzVrhke&%*><<{4mD3$rwrCn?1Tut3xgp39NnS(|4=xqoFVfm z2;FCAu|TyNYPj*N5v7>MEY*(+rW^(#^8AM&TspBA_{g~r)-iH{!gC|YLGhCpp$Bi_ zUZD78<)Z4+@lnRDmT{{ByB~&{G2t!Ls+_$ERL*$8k~NiK7*m@Xg2XVQWLgZP8=9pt zqOKW`Fv(?VN(N)z%9b#$RDSRt&^bS~w6Ubp4`RC4X+&NgSm61YfO#7|JL&r!#11WH!DB5{@i;=%MUGmx9~%}+LVlED~4kW z#l|hJwOh{M&4R=pdzs7sv3}WNw>h&tu2?165O!I6;cUBLx7+O%3aXMdkTug*&E4|8 z8{d0DRP&=k4O>Mny1uVVR;yy4K+Ri)q9(6OyG0|%cMEmzbi2i(@*bg)x7x04r`av` zmZ?tmmGqZ|qHMP~hSuJ(kGBRNm+W3{3exM>&VSF3-SEMgxzRDK$$mIs|2a_2cWk=_ zL>$*_x3K;1vZeih6WF%@AKfs*cD-G1q8c)t)g*tE)g4IjtJwC5XFtRnS$+pq`3wQ`OC(v@8CGjj4b{q@uK6JttgndZp zx+n@B;%6sx|At1eUcCgiwANz-)NIsI@`)q5w#^$$_7!UaD-rC-p(f!d`d>!b@z5QNKO_lXRN7bj9Z z{xv53{jd(PFf?~#$6G{DpmtO^f^XkglIpP?dKM~hN9TO@v!+T2Az8H~W5^5m9)qUi zP{FK#vtrJ{o7pnXWadw^)dl#ChlTSPU4+m>F7yaA{K5~S z&pgJpcpgQ~B(k}}35FW?z8gO^lhi=qO{>qgnsu%NKD~*rog^>u3;k`=A3n_3 zOZNLbbM(H@lNqQKWgeKk7a3O-e#F2|f zBM-_OJvk7;xGr>W=s{=tnJC;&hAA|Td9^u5cDJ%BC{s~FRITbzp&|-A$G4sn|4pzN zh||e9VE@4bbc@gbIvuXG|8D_VXiE&>x2{bIZw+r@bq~(}-tPSGmCt|P1a5TG=0(xy zvm_88|JjN*F?O(A1=CVnL07cRauN3*5369|&0bC`wl&wbD6i&~TdeqW1nplgaO+-=f|HbRPYBPnTGp2*hKU}~6F z1wWI_mqoDV*-G<*AnDc)*~9Zbssa`jOT9w&ip(M!Pmer^hNhEestox_le0yF*i@Y$ zFg`)S>>5jGs40qeE32cl$0k$g$bp0u9(o3(F%0=Jr2mx!=&EmRl}dOk2-k~KzWOC_ z!2h?~?c)9)AZJVe{}%8C{@=hV^0n^&0`7Wc4Dct80f;3zdI<21Al)mLdEi1IvKxuu zJ!Cn2kzO<8k*xA*V1f+ZlJe#8hO-7-C%kcu(}Jd|Bzj5mEqSsp*ygES-sdLoCA z)f--sbBL*G8N6_vr%|QbO4c+n@V|?3#1uSZYvj8#qP{C{_RD%j-xlFngC8 zv+(BcaRh~1btv$PXDc!{De$wIyNZ#hnmI|)M#h7en6)@aWj+TX-Z}|I-qVPT_T~BT zc1sSeT_%S#M)&+j!n={MyU|r3!stA&V&n;|cW8>@pv>#y4m9Nu@3bjm7_16RtM|^l zO8Wf&1K+LJvH3=;(ESKjhMLGlkdWWIq~sz9=I*>s3?vbp4&3h0?Q8cw8vG(G8OWTv z5TUCejM3jww*yfLF}u-|GY_7lVD?Ky>iW0{!k2jMqrl(lC16UWZgoRZbWyX&l?bbK zJDpbN-{!HN@ACLe^GtJ`4(CxS&T$+OCyoUjcNcibIojyzt}@|?0JIO!^K_6H;7*n- zgpmQ>J%k#QX-EcxuwXIMZu|1`GS8jvUfG)9iH4quDsM65Z6{`Zb)G)Xq?<)+gwRZQWr-sab*Ks6w8X2FD|5=Xh^vLr+uEq7(F5p?N&6WE<-UN;wH({@`iSKWc z(73Z_Yst3i(USXvP_oUzjqyH^FNj15yDH^3ar~9@2$B6F3czSDJRk03^c2Udt48Db z`MJI+29}_)r1Vjta`mTpxj6pQErv;Ks);PbBLjY?NQbn9Aa+6nq`;kcbh#A>#0+by z+mZ?anI!h_+^BMj*3stOKqCxjj0Vk=p^10LZ_tfo3^Y@=?)vNr8v>xiu#9kfj^75I zA4x|4gw-EH?;B9}TWEuVl;gKxC>zo(g#4#$1S~l~kw)+*!yFkMzYzlk78|fiv1~;f z+2mm|v?p1WY~k?z0Iy6`F-gJV&60W5?5hDqZ1j>N2V^)|Ey>s+ zHebU}rp9m=o7fS+Z(5Sy5$?rxKvgQ1pxZ-*ADKHWven&I{f<4VXAIUF0TkZ?z0r^g z%A}zogQo`0Zkff)OOhBSON<|=%Xjdm=4T46W6w1tztzwjd2lSkcXfGQ&0zs zD1(ry3MfYdO$f%oKI{alK-NOGC=L0kV)cDk8|TbWimndAz?sjSD5i_xi^+Nsd%5%+ z7TjtOn=i1I$tDxQCQm)`XuLWXRWo!~Ic&9pIeoFjDrn1(Q)wz~SA7qPzE}D;7@x+0 z7%-M&7)=AlQfCAh%?TMI3t_D~=L7U)Xq5bb7ST>*khJ)7V6WrkC#HW9p{}#PO zvAg^P6MXLCjm{+O{q$YMFvq#F(bH}bz|4XrK3fXpC+V+3z(8!KzL^#$nFty<1X&%? zkaUx_i52V99mOjywukP}&zO@3fXss*=V8tmfJytsP-y+I_$ zdpC#)e=QL{1KyMcoBBq|Ih&vTDtPpZBtE#v+!*u1FS@2NMOHFw9RItfi(*@l#LAK$I|%ZH*-rKdeZoEi$`s>t!83!l3*` z+;T+%+)bAvz>GqSNpDpgD)2aT5${xf0`1$hiHMSZ(n0%d^2S(}%nYd+R^l=!YRE$z zKuj3n48hASZ-_Q+9e$n-BGRq}2Q*T_)KArGRl9{wGi2(Xa7h_@07O}!_;}E#v@gzN zRgqN*I9b9trNmy$1~Dq=Mp6yXheR~iAI+~+t|dvg4a>GRBF=D=lasclO~NQrI1Qe* z)hxqW3JI{(5%lKvqG`fI|A_Qu0TqE;Y{R%`{eZQA=726vbycUMc1AnVHmAd({8RrI zOaR7FCWj9Q`P7nrvhjm|ZEE$qO>oXraF7P1B-f>E>5ly1l{LG^x>LoM=$uPpp=+kZG}z;hA`Xg9K$ zPGE{Nrm6U;nQLV-129e>-@)AH6&vPAjug~tgP>tPsHkL`u!>7M0;?zJhQRBPZ)P+2 zRx_@7=n++m=zO}D9}OPhRNvhQWH#Mu={7c+bCua?-XUv~30E13NaIC5X^ z8N>;Bc65!G#yq-%0h}W1_+s^{*6;pt4;No&I)U0zIh^E%DN%1rOe4a0vph#=xT zwTwgie_Jf~j%_!)Y`4X=TV1^Wr`;}}|GxyY5$R|LK-H zfBwWff3OXyW(`T+tsHuoz%@N>)9%%q4X%Ch&kB=6e!mCVY3@U^`;go| zWNRO?y${*RBfFQB3~+2W!S!GgbSa8UP?s3>eL}|MzN3Lv1uP7Gd5>S_!{me+K{SE9 zHq74dN0l>7`TjgTsPuthnsxHmXadXZOi~$I{4R*%V6}4RC*1~o$p5!ny~6n)j%$_Y zf8GRM+yC3i#R54M`Q32<%atL(pE(4`>BtF=0e$6W-0gB-wJA2g88%7p?4V1&_mrh; zI~277=cL3wPU)wizMNB9Vuv>UjMQN+lyZkG{T|d|29$D#jDD)>aPhs>C*QIHpoiu6M2mEEBzQ#VxP&dh8}YyK`9HSPF3$gEw~YVa2EO3@ z-_KY@%H#iK^#5w~PmIV3!v5sjtf@0fK8A;iAgep5)J1)9tp6JC^aFh9LH_J0OL|Pk zTYYS2-wa3-vqhTt^GA>+lu$wmC6rJ?2_=+JLJ1|5P(leMlu$wmCHxWLU!*femH>DF E0Q3 Date: Tue, 4 Feb 2025 13:56:39 +0000 Subject: [PATCH 159/164] Update iperf3 to 3.18 using source and update kernel to 6.12.12 --- debian9-x86_64.sh | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 719a1bf..37dd3d3 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -515,8 +515,8 @@ elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then if [ "$PSABI" = "x64v4" ]; then PSABI="x64v3" fi - KERNEL_VERSION="6.12.10" - KERNEL_REV="0~20250117.g773b57f" + KERNEL_VERSION="6.12.12" + KERNEL_REV="0~20250202.ga815caa" wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" @@ -561,7 +561,33 @@ if [ "$IPERF" = "yes" ]; then #chmod 644 /lib/systemd/system/iperf3.service echo "Install iperf3" [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1 - apt-get -y install iperf3 + if [ "$SOURCES" = "yes" ]; then + apt-get -y remove iperf3 libiperf0 + cd /tmp + rm -rf iperf-3.18 + wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz + tar xzf iperf-3.18.tar.gz + cd iperf-3.18 + wget http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz + tar xJf iperf3_3.18-1.debian.tar.xz + echo "Install iperf3 dependencies..." + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1 + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + echo "Build iperf3 package...." + dpkg-buildpackage -b -us -uc >/dev/null 2>&1 + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + cd /tmp + echo "Install iperf3 package..." + dpkg -i iperf3_3.18-1_amd64.deb libiperf0_3.18-1_amd64.deb >/dev/null 2>&1 + rm -rf iperf-3.18 + rm -f iperf* libiperf* + else + apt-get -y install iperf3 libiperf0 + fi if [ ! -f "/etc/iperf3/private.pem" ]; then mkdir -p /etc/iperf3 openssl genrsa -out /etc/iperf3/private.pem 2048 @@ -577,12 +603,12 @@ if [ "$IPERF" = "yes" ]; then else cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf fi + echo "iperf3 installed" fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - if [ "$KERNEL" != "5.4" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential @@ -712,6 +738,7 @@ if [ "$SHADOWSOCKS" = "yes" ]; then fi fi +echo "Add modules on server start..." # Load BBR Congestion module at boot time if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules @@ -759,12 +786,14 @@ if [ "$KERNEL" = "5.4" ]; then echo mptcp_blest >> /etc/modules fi fi + +echo "Stop OpenMPTCProuter VPS admin" if systemctl -q is-active omr-admin.service 2>/dev/null; then - systemctl -q stop omr-admin > /dev/null 2>&1 + systemctl -q stop omr-admin > /dev/null 2>&1 || true fi if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then - systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 - systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 + systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 || true + systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 || true fi if [ "$OMR_ADMIN" = "yes" ]; then From 0091388ff29571ac0a54693641e3566e4623200c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 26 Feb 2025 09:25:39 +0000 Subject: [PATCH 160/164] Fix XRay API listening --- xray-server.json | 1 + 1 file changed, 1 insertion(+) diff --git a/xray-server.json b/xray-server.json index 3c0d0f4..14c62ee 100644 --- a/xray-server.json +++ b/xray-server.json @@ -206,6 +206,7 @@ "stats": {}, "api": { "tag": "api", + "listen": "127.0.0.1:65080", "services": [ "HandlerService", "LoggerService", From efd7ffd1db749d513a50918bcad28ebf7ef90ec4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 26 Feb 2025 09:26:03 +0000 Subject: [PATCH 161/164] Add tcp-nodelay option for OpenVPN TCP --- openvpn-tun0.6.1.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf index e473ee9..bc93c87 100644 --- a/openvpn-tun0.6.1.conf +++ b/openvpn-tun0.6.1.conf @@ -31,3 +31,4 @@ client-config-dir ccd ifconfig-pool-persist ccd/ipp_tcp.txt passtos management 127.0.0.1 65302 +tcp-nodelay From f8484dc7424c5ee7a43d0e6e1f2e1a8d57242348 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 26 Feb 2025 09:26:38 +0000 Subject: [PATCH 162/164] Fix gre tunnel configuration --- omr-service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/omr-service b/omr-service index 9021e59..e927ab6 100755 --- a/omr-service +++ b/omr-service @@ -38,7 +38,7 @@ _glorytun_tcp() { #if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then for intf in /etc/glorytun-tcp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} + [ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf} done if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" @@ -157,7 +157,7 @@ _gre_tunnels() { ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1 ip link set $iface up >/dev/null 2>&1 ip addr add $LOCALIP dev $iface >/dev/null 2>&1 - ip route add $NETWORK dev $iface onlink >/dev/null 2>&1 + ip route add $NETWORK dev $iface >/dev/null 2>&1 fi fi done From 7aac683f4f68aea3f95a6ec6f3ce0757f54e3d70 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 26 Feb 2025 09:27:33 +0000 Subject: [PATCH 163/164] Update omr-admin with XRay fixes, update kernel 6.12, various fix --- debian9-x86_64.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 37dd3d3..62adc75 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -80,8 +80,8 @@ MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="530d20c6b482d491accfa4ea5dd44afa5d1eccdc" -OMR_ADMIN_BINARY_VERSION="0.14+20241216" +OMR_ADMIN_VERSION="7e98b32ebf549f87e9d20072acc80a87a562cb7d" +OMR_ADMIN_BINARY_VERSION="0.14+20250220" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" @@ -166,10 +166,11 @@ fi # exit 1 #fi echo "Check about broken packages..." -apt-get check >/dev/null 2>&1 -if [ "$?" -ne 0 ]; then - echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." - exit 1 +if ! eval apt-get check >/dev/null 2>&1 ; then + if ! eval apt-get -f install -y 2>&1 ; then + echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." + exit 1 + fi fi # Fix old string... @@ -227,6 +228,9 @@ rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock rm -f /etc/apt/sources.list.d/buster-backports.list rm -f /etc/apt/sources.list.d/stretch-backports.list +[ ! -f /etc/apt/sources.list ] && touch /etc/apt/sources.list +sed -i '/buster-backports/d' /etc/apt/sources.list +sed -i '/stretch-backports/d' /etc/apt/sources.list if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then apt-get update else @@ -236,7 +240,7 @@ rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock echo "Install apt-transport-https, gnupg and openssh-server..." -apt-get -y install apt-transport-https gnupg openssh-server +apt-get -y install apt-transport-https gnupg openssh-server libcrypt1 zstd #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then @@ -515,8 +519,8 @@ elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then if [ "$PSABI" = "x64v4" ]; then PSABI="x64v3" fi - KERNEL_VERSION="6.12.12" - KERNEL_REV="0~20250202.ga815caa" + KERNEL_VERSION="6.12.15" + KERNEL_REV="0~20250219.g6e42b4c" wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" @@ -563,17 +567,19 @@ if [ "$IPERF" = "yes" ]; then [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1 if [ "$SOURCES" = "yes" ]; then apt-get -y remove iperf3 libiperf0 + apt-get -y install xz-utils devscripts cd /tmp rm -rf iperf-3.18 wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz tar xzf iperf-3.18.tar.gz cd iperf-3.18 - wget http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz + wget --waitretry=1 --read-timeout=20 --timeout=15 -t 5 --continue --no-dns-cache http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz tar xJf iperf3_3.18-1.debian.tar.xz + sleep 1 echo "Install iperf3 dependencies..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1 + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend echo "Build iperf3 package...." From fd55a16550f888054e51901528fc350928f207a5 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 7 Mar 2025 08:05:23 +0000 Subject: [PATCH 164/164] Update Shadowsocks to 1.13.0 --- debian9-x86_64.sh | 2 +- shadowsocks-go.server.json | 14 ++++++-------- 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh index 62adc75..631e431 100755 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -95,7 +95,7 @@ EASYRSA_VERSION="3.0.6" #fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" -SHADOWSOCKS_GO_VERSION="1.11.3" +SHADOWSOCKS_GO_VERSION="1.13.0" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json index 4055a2f..7d4704a 100644 --- a/shadowsocks-go.server.json +++ b/shadowsocks-go.server.json @@ -26,14 +26,12 @@ "api": { "enabled": true, "debugPprof": false, - "enableTrustedProxyCheck": false, "trustedProxies": [], - "proxyHeader": "X-Forwarded-For", - "listen": "127.0.0.1:65279", - "certFile": "", - "keyFile": "", - "clientCertFile": "", - "secretPath": "", - "fiberConfigPath": "" + "listeners": [ + { + "network": "tcp", + "address": "127.0.0.1:65279" + } + ] } } \ No newline at end of file