1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Compare commits

..

No commits in common. "develop" and "v0.1015" have entirely different histories.

81 changed files with 549 additions and 3512 deletions

View file

@ -1 +0,0 @@
debian9-x86_64.sh

View file

@ -1 +0,0 @@
debian9-x86_64.sh

23
debian/changelog vendored
View file

@ -1,23 +0,0 @@
omr-server (0.1030) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Wed, 10 Apr 2024 19:35:34 +0200
omr-server (0.1028) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Fri, 14 Oct 2022 09:02:22 +0200
omr-server (0.1026) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 14 Jun 2021 07:43:42 +0200
omr-server (0.1025-test) unstable; urgency=medium
* Wireguard support and fixed
-- OpenMPTCProuter <contact@openmptcprouter.com> Thu, 04 Mar 2021 14:36:12 +0200

1
debian/compat vendored
View file

@ -1 +0,0 @@
10

37
debian/control vendored
View file

@ -1,37 +0,0 @@
Source: omr-server
Section: net
Priority: optional
Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
Build-Depends: debhelper (>= 10)
X-Python-Version: >= 3.2
Standards-Version: 0.0.1
Homepage: https://github.com/ysurac/openmptcprouter-vps
Package: omr-server
Architecture: all
Multi-Arch: foreign
Depends:
curl,
rename,
libcurl4,
unzip,
tracebox,
omr-iperf3,
omr-shadowsocks-libev (= 3.3.5-2),
omr-vps-admin (= 0.3+20210508),
omr-simple-obfs,
omr-mlvpn (= 3.0.0+20201216.git.2263bab),
omr-glorytun (= 0.3.4-4),
omr-glorytun-tcp (= 0.0.35-3),
omr-dsvpn (= 0.1.4-2),
shorewall,
shorewall6,
iptables,
v2ray-plugin (= 4.35.1),
v2ray (=4.35.1),
linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
${misc:Depends}
Provides: omr-server
Conflicts: omr-server
Replaces: omr-server
Description: OpenMPTCProuter Server script

16
debian/postinst vendored
View file

@ -1,16 +0,0 @@
#!/bin/sh -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x
# use debconf
. /usr/share/debconf/confmodule
sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
systemctl daemon-reload
systemctl restart omr-update
db_stop
#DEBHELPER#
exit 0
# vim:set ai et sts=2 sw=2 tw=0:

18
debian/rules vendored
View file

@ -1,18 +0,0 @@
#!/usr/bin/make -f
#export DH_VERBOSE = 1
# Security Hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@
override_dh_auto_install:
mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin

View file

@ -1 +0,0 @@
debian9-x86_64.sh

View file

@ -1 +0,0 @@
debian9-x86_64.sh

2186
debian9-x86_64.sh Executable file → Normal file

File diff suppressed because it is too large Load diff

View file

@ -12,7 +12,7 @@ fi
exec dsvpn \ exec dsvpn \
${MODE} \ ${MODE} \
"$1".key \ "$1".key \
${HOST:-auto} \ auto \
${PORT} \ ${PORT} \
${DEV} \ ${DEV} \
${LOCALTUNIP} \ ${LOCALTUNIP} \

View file

@ -1,6 +1,5 @@
[Unit] [Unit]
Description=Dead Simple VPN - Server Description=Dead Simple VPN - Server
After=network.target network-online.target
[Service] [Service]
ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2 ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2

View file

@ -1,6 +1,5 @@
[Unit] [Unit]
Description=Dead Simple VPN - Server on %I Description=Dead Simple VPN - Server on %I
After=network.target network-online.target
[Service] [Service]
ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i

View file

@ -1,5 +1,4 @@
PORT=65401 PORT=65401
HOST=0.0.0.0
DEV=dsvpn0 DEV=dsvpn0
MODE=server MODE=server
LOCALTUNIP=10.255.251.1 LOCALTUNIP=10.255.251.1

View file

@ -1,10 +0,0 @@
[INCLUDES]
before = common.conf
[Definition]
_daemon = ovpn-server
failregex =%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Auth Error:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} VERIFY ERROR:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
%(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}
maxlines = 1

View file

@ -1,21 +0,0 @@
[DEFAULT]
backend = systemd
banaction = shorewall
[sshd]
enabled = true
[openvpn_tcp]
enabled = true
port = 65301
protocol = tcp
filter = openvpn
maxretry = 5
[openvpn_udp]
enabled = true
port = 65301
protocol = udp
filter = openvpn
maxretry = 5

View file

@ -1,14 +1,8 @@
#!/bin/sh #!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
INTF=gt-${DEV} INTF=gt-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1" [ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3" [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do ip link set dev ${INTF} up 2>&1 >/dev/null
sleep 2 ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}

View file

@ -9,7 +9,7 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt-$(basename "$1")" DEV="gt${HOST:+c}-$(basename "$1")"
exec glorytun-tcp \ exec glorytun-tcp \
${SERVER:+listener} \ ${SERVER:+listener} \

View file

@ -1,17 +1,8 @@
#!/bin/sh #!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
INTF=gt-udp-${DEV} INTF=gt-udp-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1" [ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3" [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do ip link set dev ${INTF} up 2>&1 >/dev/null
sleep 2 ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}
tc qdisc replace dev $INTF root cake
ip link set $INTF txqlen 100
glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null

View file

@ -9,10 +9,11 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt-udp-$(basename "$1")" DEV="gt${HOST:+c}-udp-$(basename "$1")"
exec glorytun \ exec glorytun \
bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \ bind $BIND $BIND_PORT \
keyfile "$1".key \ keyfile "$1".key \
${DEV:+dev "$DEV"} \ ${DEV:+dev "$DEV"} \
${HOST:+to "$HOST" "$PORT"} \
${OPTIONS:+$OPTIONS} ${OPTIONS:+$OPTIONS}

View file

@ -1,3 +0,0 @@
[Service]
ExecStart=
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem

View file

@ -3,7 +3,7 @@ Description=iperf3
Requires=network.target Requires=network.target
[Service] [Service]
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem
Restart=on-failure Restart=on-failure
[Install] [Install]

View file

@ -9,7 +9,7 @@
], ],
"method": "chacha20-ietf-poly1305", "method": "chacha20-ietf-poly1305",
"fast_open": true, "fast_open": true,
"timeout": 1000, "timeout": 600,
"port_key": { "port_key": {
"65101": "MySecretKey", "65101": "MySecretKey",
}, },

View file

@ -5,7 +5,7 @@ interface_name = "mlvpn0"
timeout = 30 timeout = 30
password = "MLVPN_PASS" password = "MLVPN_PASS"
reorder_buffer = yes reorder_buffer = yes
reorder_buffer_size = 128 reorder_buffer_size = 64
loss_tolerence = 50 loss_tolerence = 50
[wan1] [wan1]

View file

@ -2,7 +2,6 @@
Description=MLVPN connection to %i Description=MLVPN connection to %i
PartOf=mlvpn.service PartOf=mlvpn.service
ReloadPropagatedFrom=mlvpn.service ReloadPropagatedFrom=mlvpn.service
After=network.target network-online.target
[Service] [Service]
Type=notify Type=notify

147
multipath Executable file → Normal file
View file

@ -6,8 +6,9 @@
# Released under GPL 3 or later # Released under GPL 3 or later
if [ -d "/proc/sys/net/mptcp" ]; then if [ -d "/proc/sys/net/mptcp" ]; then
if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then
echo "MPTCP is disabled!" echo "MPTCP is disabled!"
echo "Please set net.mptcp.mptcp_enabled = 1"
exit 1 exit 1
fi fi
else else
@ -25,7 +26,7 @@ case $1 in
echo " multipath device {on | off | backup | handover}" echo " multipath device {on | off | backup | handover}"
echo echo
echo "show established conections: -c" echo "show established conections: -c"
echo "show fullmesh info: -f" echo "show mullmesh info: -f"
echo "show kernel config: -k" echo "show kernel config: -k"
echo echo
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
@ -42,28 +43,12 @@ case $1 in
cat /proc/net/mptcp_fullmesh cat /proc/net/mptcp_fullmesh
exit 0;; exit 0;;
"-k") "-k")
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
elif [ -f /proc/sys/net/mptcp/enabled ]; then echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
echo Enabled: `cat /proc/sys/net/mptcp/enabled` echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
fi
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
else
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
fi
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo echo
echo See http://multipath-tcp.org/ for details echo See http://multipath-tcp.org/ for details
exit 0 ;; exit 0 ;;
@ -80,98 +65,38 @@ TYPE="$2"
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
[ -d "/sys/class/net/$DEVICE/" ] || { [ -d "/sys/class/net/$DEVICE/" ] || {
#echo "Device '$DEVICE' can't found!" echo "Device '$DEVICE' can't found!"
#echo "Use the hardware name like in ifconfig" echo "Use the hardware name like in ifconfig"
exit 1 exit 1
} }
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then FLAG_PATH="/sys/class/net/$DEVICE/flags"
FLAG_PATH="/sys/class/net/$DEVICE/flags" IFF=`cat $FLAG_PATH`
IFF=`cat $FLAG_PATH`
IFF_OFF="0x80000" IFF_OFF="0x80000"
IFF_ON="0x00" IFF_ON="0x00"
IFF_BACKUP="0x100000" IFF_BACKUP="0x100000"
IFF_HANDOVER="0x200000" IFF_HANDOVER="0x200000"
IFF_MASK="0x380000" IFF_MASK="0x380000"
case $TYPE in case $TYPE in
"off") FLAG=$IFF_OFF;; "off") FLAG=$IFF_OFF;;
"on") FLAG=$IFF_ON;; "on") FLAG=$IFF_ON;;
"backup") FLAG=$IFF_BACKUP;; "backup") FLAG=$IFF_BACKUP;;
"handover") FLAG=$IFF_HANDOVER;; "handover") FLAG=$IFF_HANDOVER;;
"") "")
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
case "$IFF" in case "$IFF" in
$IFF_OFF) echo $DEVICE is deactivated;; $IFF_OFF) echo $DEVICE is deactivated;;
$IFF_ON) echo $DEVICE is in default mode;; $IFF_ON) echo $DEVICE is in default mode;;
$IFF_BACKUP) echo $DEVICE is in backup mode;; $IFF_BACKUP) echo $DEVICE is in backup mode;;
$IFF_HANDOVER) echo $DEVICE is in handover mode;; $IFF_HANDOVER) echo $DEVICE is in handover mode;;
*) echo "Unkown state!" && exit 1;; *) echo "Unkown state!" && exit 1;;
esac esac
exit 0;; exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac esac
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
else
ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
#IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
[ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in
"off")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
exit 0;;
"on")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
done
exit 0;;
"signal")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE signal
done
exit 0;;
"backup")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE backup fullmesh
done
exit 0;;
"")
case "$IFF" in
"") echo $DEVICE is deactivated;;
"subflow") echo $DEVICE is in default mode;;
"backup") echo $DEVICE is in backup mode;;
"signal") echo $DEVICE is in signal mode;;
"fullmesh") echo $DEVICE is in fullmesh mode;;
*) echo "$DEVICE Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
fi

View file

@ -1,25 +0,0 @@
[Unit]
Description=V2Ray - A unified platform for anti-censorship
Documentation=https://v2ray.com https://guide.v2fly.org
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
#Type=exec
Type=simple
# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
User=root
#User=v2ray
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=yes
ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
Restart=on-failure
# Don't restart in the case of configuration error
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target

View file

@ -3,7 +3,7 @@
set -e set -e
if [ ! -f "$2" ]; then if [ ! -f "$2" ]; then
echo "usage: $(basename "$0") start FILE" echo "usage: $(basename "$0") FILE"
exit 1 exit 1
fi fi
@ -16,7 +16,6 @@ if [ "$1" = "start" ]; then
ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP} ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
ip -6 addr add ${LOCALIP6} dev ${DEV} ip -6 addr add ${LOCALIP6} dev ${DEV}
ip link set ${DEV} up ip link set ${DEV} up
[ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
fi fi
if [ "$1" = "stop" ]; then if [ "$1" = "stop" ]; then
ip tunnel del ${DEV} ip tunnel del ${DEV}

View file

@ -1,12 +0,0 @@
[Unit]
Description=OMR-Admin IPv6
After=network.target network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-admin.py --host="::"
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install]
WantedBy=multi-user.target

View file

@ -6,7 +6,7 @@ After=network.target network-online.target
Type=simple Type=simple
Restart=always Restart=always
ExecStart=/usr/local/bin/omr-admin.py ExecStart=/usr/local/bin/omr-admin.py
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1,82 +0,0 @@
#!/bin/sh
# Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Released under GPL 3. See LICENSE for the full terms.
[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
# Configuration
INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
TABLE="991337"
MARK="0x539"
CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
# Action
ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q --exist restore <<-EOF
create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
EOF
ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
for ip in $ipv4; do
ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
done
ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
for ip in $ipv6; do
ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
done
iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
if [ -n "$GATEWAY6" ]; then
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
fi

View file

@ -1,12 +0,0 @@
[Unit]
Description=OMR-ByPass
After=network.target network-online.target shorewall.service
[Service]
Type=simple
ExecStart=/usr/local/bin/omr-bypass
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target

View file

@ -1,8 +0,0 @@
[Unit]
Description=Timer for omr-bypass
[Timer]
OnUnitActiveSec=300
[Install]
WantedBy=timers.target

View file

@ -8,11 +8,6 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
echo "This script doesn't work with Debian Stretch (9.x)" echo "This script doesn't work with Debian Stretch (9.x)"
exit 1 exit 1
fi fi
if [ "$(id -u)" -ne 0 ]; then
echo "You must run the script as root"
exit 1
fi
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
echo "Don't apply Pi-hole firewall rules." echo "Don't apply Pi-hole firewall rules."
@ -31,14 +26,13 @@ $SERVER["socket"] == "10.255.252.1:80" { }
$SERVER["socket"] == "10.255.251.1:80" { } $SERVER["socket"] == "10.255.251.1:80" { }
$SERVER["socket"] == "10.255.253.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { }
EOF EOF
systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd systemctl -q restart lighttpd
grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
cat >> /etc/pihole/setupVars.conf <<-EOF cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0 PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16 IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fd00::a00:/106 IPV6_ADDRESS=fe80::aff:ff01/64
RATE_LIMIT=0/0
EOF EOF
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf

View file

@ -5,228 +5,31 @@ _multipath() {
# Force multipath status # Force multipath status
source /etc/shorewall/params.net source /etc/shorewall/params.net
for intf in `ls -1 /sys/class/net`; do for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then if [ "$intf" = "$NET_IFACE" ]; then
if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then multipath $intf on
[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1 else
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { multipath $intf off
multipath $intf signal >/dev/null 2>&1
ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
}
else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
fi
fi fi
done done
} }
_glorytun_udp() { _glorytun_udp() {
#if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep server)" ] && {
if systemctl list-unit-files glorytun-udp@.service >/dev/null; then logger -t "OMR-Service" "Restart Glorytun-UDP"
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { systemctl -q restart glorytun-udp@*
logger -t "OMR-Service" "Restart Glorytun-UDP" }
systemctl -q restart 'glorytun-udp@*'
sleep 10
}
for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
fi
} }
_glorytun_tcp() {
#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
for intf in /etc/glorytun-tcp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
done
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.255.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
sleep 10
fi
fi
#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
fi
}
_dsvpn() {
#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.251.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
systemctl restart dsvpn-server@dsvpn0
fi
#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
fi
fi
}
_shadowsocks() {
if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
[ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
systemctl restart shadowsocks-libev-manager@manager
}
fi
}
_shadowsocks_go() {
if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
[ -z "$(pgrep shadowsocks-go)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
systemctl restart shadowsocks-go
}
fi
}
_xray() {
if systemctl list-unit-files xray.service >/dev/null; then
[ -z "$(pgrep xray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart XRay"
systemctl restart xray
}
fi
}
_v2ray() {
if systemctl list-unit-files v2ray.service >/dev/null; then
[ -z "$(pgrep v2ray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
systemctl restart v2ray
}
fi
}
_wireguard() {
#if [ -n "$(systemctl -a | grep 'wg')" ]; then
if systemctl list-unit-files wg-quick@.service >/dev/null; then
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
fi
}
_omr_api() { _omr_api() {
[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { [ -z "$(curl -s -k -m 1 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Can't contact API, restart OMR-Admin" logger -t "OMR-Service" "Restart OMR-Admin"
systemctl -q restart omr-admin systemctl -q restart omr-admin
} }
} }
_lan_route() {
jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
while IFS=$"\n" read -r c; do
if [ -n "$c" ]; then
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
username=$(echo "$c" | jq -r '.username')
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
echo "$c" | jq -c -r '.lanips[]? //empty' |
while IFS=$"\n" read -r d; do
if [ "$d" != "" ]; then
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
fi
done
fi
fi
done
}
_gre_tunnels() {
. "$(readlink -f "/etc/shorewall/params.vpn")"
if [ -n "$OMR_ADDR" ]; then
for intf in /etc/openmptcprouter-vps-admin/intf/*; do
if [ -f "$intf" ]; then
. "$(readlink -f "$intf")"
iface="$(basename $intf)"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
ip link set $iface up >/dev/null 2>&1
ip addr add $LOCALIP dev $iface >/dev/null 2>&1
ip route add $NETWORK dev $iface >/dev/null 2>&1
fi
fi
done
fi
}
_openvpn_bonding() {
if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding1 up >/dev/null 2>&1
ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding2 up >/dev/null 2>&1
ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding3 up >/dev/null 2>&1
ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding4 up >/dev/null 2>&1
ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding5 up >/dev/null 2>&1
ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding6 up >/dev/null 2>&1
ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding7 up >/dev/null 2>&1
ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding8 up >/dev/null 2>&1
ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
fi
}
_vpn1() {
vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
if [ -n "$vpn1route" ]; then
ip r del $vpn1route
vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
ip r a default via $vpngw dev vpn1 table 991337
for route in $(ip r show dev vpn1); do
ip r a $route table 991337
done
fi
}
sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
modprobe bonding >/dev/null 2>&1
ip link add omr-bonding type bond >/dev/null 2>&1
#[ -n "$(uname -r | grep '6.1')" ] && {
# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
#}
gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
while true; do while true; do
_glorytun_udp _glorytun_udp
_glorytun_tcp
_shadowsocks
_shadowsocks_go
_xray
_v2ray
_dsvpn
_wireguard
_multipath _multipath
_omr_api _omr_api
[ "$lan_routes" != "false" ] && _lan_route
[ "$gre_tunnels" != "false" ] && _gre_tunnels
_openvpn_bonding
_vpn1
sleep 10 sleep 10
done done

View file

@ -1,55 +0,0 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -4 -o /dev/null $HOST || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
fi
curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
fi
fi

View file

@ -1,56 +0,0 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -6 $HOST >/dev/null || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

View file

@ -1,11 +0,0 @@
#!/bin/sh
if [ -f /etc/openmptcprouter-vps-admin/update ]; then
wget -O - http://www.openmptcprouter.com/server/debian.sh | sh
rm -f /etc/openmptcprouter-vps-admin/update
reboot
fi
if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
rm -f /etc/openmptcprouter-vps-admin/update-bin
#reboot
fi

View file

@ -1,15 +0,0 @@
[Unit]
Description=OMR Update
After=network.target network-online.target
[Service]
Type=simple
Restart=no
ExecStart=/usr/bin/omr-update
#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
AmbientCapabilities=
StandardOutput=file:/var/log/omr-update.log
StandardError=file:/var/log/omr-update.log
[Install]
WantedBy=multi-user.target

View file

@ -1,12 +1,12 @@
[Unit] [Unit]
Description=OMR Description=OMR
After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service
[Service] [Service]
Type=simple Type=simple
Restart=always Restart=always
ExecStart=/usr/local/bin/omr-service ExecStart=/usr/local/bin/omr-service
KillSignal=9 ExecStop=/usr/local/bin/omr-service stop
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install] [Install]

Binary file not shown.

Binary file not shown.

View file

@ -1,18 +0,0 @@
dev ovpnbonding1
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65351
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding2
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65352
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding3
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65353
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding4
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65354
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding5
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65355
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding6
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65356
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding7
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65357
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,18 +0,0 @@
dev ovpnbonding8
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65358
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

View file

@ -1,34 +0,0 @@
topology subnet
dev tun0
user nobody
group nogroup
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
disable-dco
proto tcp-server
proto tcp6-server
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
#push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
ifconfig-pool-persist ccd/ipp_tcp.txt
passtos
management 127.0.0.1 65302
tcp-nodelay

View file

@ -18,12 +18,8 @@ crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240 keepalive 10 240
sndbuf 0 sndbuf 0
rcvbuf 0 rcvbuf 0
txqueuelen 2000
tun-mtu 1400
mssfix 1360
tls-server tls-server
tls-version-min 1.2 tls-version-min 1.2
#compress lzo #compress lzo
#push "route 10.255.252.1 255.255.255.255" push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd client-config-dir ccd
management localhost 65302

View file

@ -1,30 +0,0 @@
topology subnet
dev tun1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
proto udp
proto udp6
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.250.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
push "route 10.255.250.1 255.255.255.255"
#client-config-dir ccd
#ifconfig-pool-persist ccd/ipp_udp.txt
#fast-io
passtos

View file

@ -1,37 +0,0 @@
{
"servers": [
{
"name": "ss-2022",
"protocol": "2022-blake3-aes-256-gcm",
"tcpListeners": [
{
"network": "tcp",
"address": ":65280",
"fastOpen": false,
"reusePort": false,
"multipath": true
}
],
"enableTCP": true,
"listenerTFO": true,
"enableUDP": true,
"mtu": 1500,
"psk": "PSK",
"uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
}
],
"stats": {
"enabled": true
},
"api": {
"enabled": true,
"debugPprof": false,
"trustedProxies": [],
"listeners": [
{
"network": "tcp",
"address": "127.0.0.1:65279"
}
]
}
}

View file

@ -8,7 +8,7 @@ CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=99999 LimitNOFILE=99999
LimitNPROC=99999 LimitNPROC=99999
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json
Restart=always Restart=always
[Install] [Install]

View file

@ -1,77 +0,0 @@
# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 7500000
# max write buffer
net.core.wmem_max = 7500000
#net.core.optmem_max = 33554432
# default read buffer
#net.core.rmem_default = 16777216
# default write buffer
#net.core.wmem_default = 16777216
# max processor input queue
net.core.netdev_max_backlog = 10000
# max backlog
net.core.somaxconn = 16384
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 16384
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 409600 819200 1638400
# UDP buffer
net.ipv4.udp_mem = 4096 87380 16777216
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 16777216
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 16777216
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# 1/8 * available memory in receive buffer
net.ipv4.tcp_adv_win_scale=-3
# limits the size of unsent bytes in the write queue
net.ipv4.tcp_notsent_lowat = 131072
# for low-latency network, use cubic instead
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.ipv4.tcp_ecn = 2
net.mptcp.checksum_enabled = 0
net.mptcp.add_addr_timeout = 120
net.mptcp.allow_join_initial_addr_port = 1
net.mptcp.enabled = 1
net.mptcp.pm_type = 0
net.mptcp.stale_loss_cnt = 4
net.mptcp.mptcp_checksum=0
net.mptcp.mptcp_path_manager=fullmesh
net.mptcp.mptcp_scheduler=mptcp_burst
net.mptcp.mptcp_syn_retries=4
net.mptcp.mptcp_version=1
net.mptcp.checksum_enabled=0
net.ipv4.tcp_congestion_control=bbr

View file

@ -2,10 +2,10 @@
# max open files # max open files
fs.file-max = 512000 fs.file-max = 512000
# max read buffer # max read buffer
net.core.rmem_max = 67108864 net.core.rmem_max = 150000000
# max write buffer # max write buffer
net.core.wmem_max = 67108864 net.core.wmem_max = 75000000
net.core.optmem_max = 33554432 net.core.optmem_max = 75000000
# default read buffer # default read buffer
net.core.rmem_default = 131072 net.core.rmem_default = 131072
# default write buffer # default write buffer
@ -22,27 +22,25 @@ net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling # turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0 #net.ipv4.tcp_tw_recycle = 0
# short FIN timeout # short FIN timeout
net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_fin_timeout = 80
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time # short keepalive time
net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_time = 7200
# outbound port range # outbound port range
net.ipv4.ip_local_port_range = 9999 65000 net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog # max SYN backlog
net.ipv4.tcp_max_syn_backlog = 10240 net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously # max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000 net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side # turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_fastopen = 3
# TCP buffer # TCP buffer
net.ipv4.tcp_mem = 8092 131072 67108864 net.ipv4.tcp_mem = 768174 75000000 150000000
# UDP buffer # UDP buffer
net.ipv4.udp_mem = 8092 131072 67108864 net.ipv4.udp_mem = 768174 75000000 150000000
# TCP receive buffer # TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 33554432 net.ipv4.tcp_rmem = 4096 524288 75000000
# TCP write buffer # TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 33554432 net.ipv4.tcp_wmem = 4096 524288 75000000
# turn on path MTU discovery # turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_mtu_probing = 0
@ -50,15 +48,11 @@ net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_congestion_control = bbr net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq net.core.default_qdisc = fq
# Default conntrack is too small # Default conntrack is too small
net.netfilter.nf_conntrack_max = 524288 net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings # MPTCP settings
net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 4 net.mptcp.mptcp_syn_retries = 1
net.mptcp.mptcp_scheduler = blest net.ipv4.tcp_ecn=1
net.ipv4.tcp_ecn = 2

View file

@ -19,8 +19,5 @@ vpn gt-tun+ nosmurfs,tcpflags
vpn gt-udp-tun+ nosmurfs,tcpflags vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags
vpn wg+ nosmurfs,tcpflags
vpncl client-wg+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags
vpn omr-bonding nosmurfs,tcpflags

View file

@ -1,3 +1,3 @@
VPS_ADDR=10.255.252.1 VPS_ADDR=10.255.255.1
OMR_ADDR=10.255.252.2 OMR_ADDR=10.255.255.2
VPS_IFACE=tun0 VPS_IFACE=gt-tun0

View file

@ -17,10 +17,8 @@ vpn net ACCEPT
vpn fw ACCEPT vpn fw ACCEPT
fw vpn ACCEPT fw vpn ACCEPT
fw net ACCEPT fw net ACCEPT
net all DROP net all DROP info
vpn vpn DROP vpn vpn DROP
vpncl vpn ACCEPT
vpn vpncl ACCEPT
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT all all REJECT info

View file

@ -39,7 +39,7 @@ INVALID_LOG_LEVEL=
LOG_BACKEND= LOG_BACKEND=
LOG_MARTIANS=No LOG_MARTIANS=Yes
LOG_VERBOSITY=2 LOG_VERBOSITY=2
@ -108,11 +108,10 @@ TC=
############################################################################### ###############################################################################
ACCEPT_DEFAULT=none ACCEPT_DEFAULT=none
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" DROP_DEFAULT=Drop
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none QUEUE_DEFAULT=none
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" REJECT_DEFAULT=Reject
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
@ -149,13 +148,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No CLAMPMSS=No
CLEAR_TC=No CLEAR_TC=Yes
COMPLETE=No COMPLETE=No
DEFER_DNS_RESOLUTION=Yes DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=No DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No
@ -233,7 +232,7 @@ SAVE_ARPTABLES=No
SAVE_IPSETS=No SAVE_IPSETS=No
TC_ENABLED=No TC_ENABLED=Simple
TC_EXPERT=No TC_EXPERT=No

View file

@ -15,14 +15,7 @@
########################################################################################################################################### ###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
# #
MASQUERADE 10.255.247.0/24,\ MASQUERADE 10.255.0.0/16,\
10.255.248.0/24,\
10.255.250.0/24,\
10.255.251.0/24,\
10.255.252.0/24,\
10.255.253.0/24,\
10.255.254.0/24,\
10.255.255.0/24,\
169.254.0.0/16,\ 169.254.0.0/16,\
172.16.0.0/12,\ 172.16.0.0/12,\
192.168.0.0/16 $NET_IFACE 192.168.0.0/16 $NET_IFACE

View file

@ -23,8 +23,4 @@ ACCEPT dsvpn+ -
ACCEPT - dsvpn+ ACCEPT - dsvpn+
ACCEPT tun+ - ACCEPT tun+ -
ACCEPT - tun+ ACCEPT - tun+
ACCEPT wg+ -
ACCEPT - wg+
ACCEPT client-wg+ -
ACCEPT - client-wg+

View file

@ -1,3 +1,3 @@
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
$NET_IFACE External $NET_IFACE External
#$VPS_IFACE Internal $VPS_IFACE Internal

View file

@ -16,5 +16,4 @@
fw firewall fw firewall
net ipv4 net ipv4
vpn ipv4 vpn ipv4
vpncl ipv4

View file

@ -1 +0,0 @@
OMR_ADDR=fe80::a00:2

View file

@ -15,7 +15,7 @@
vpn all ACCEPT vpn all ACCEPT
fw all ACCEPT fw all ACCEPT
net all DROP net all DROP info
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT all all REJECT info

View file

@ -105,11 +105,10 @@ TC=
############################################################################### ###############################################################################
ACCEPT_DEFAULT=none ACCEPT_DEFAULT=none
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" DROP_DEFAULT=Drop
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none QUEUE_DEFAULT=none
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" REJECT_DEFAULT=Reject
############################################################################### ###############################################################################
# R S H / R C P C O M M A N D S # R S H / R C P C O M M A N D S
@ -138,7 +137,7 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED" BLACKLIST="NEW,INVALID,UNTRACKED"
#CHAIN_SCRIPTS=Yes CHAIN_SCRIPTS=Yes
CLAMPMSS=No CLAMPMSS=No
@ -168,7 +167,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No IMPLICIT_CONTINUE=No
#INLINE_MATCHES=No INLINE_MATCHES=No
IPSET_WARNINGS=Yes IPSET_WARNINGS=Yes
@ -176,7 +175,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=Yes KEEP_RT_TABLES=Yes
#LOAD_HELPERS_ONLY=Yes LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter MACLIST_TABLE=filter

View file

@ -18,4 +18,4 @@
MASQUERADE fe80::/10,\ MASQUERADE fe80::/10,\
fd00::/8 $NET_IFACE fd00::/8 $NET_IFACE
# SNAT from VPN server for all VPN clients # SNAT from VPN server for all VPN clients
#SNAT(fe80::a00:1) ::/0 omr-6in4-user+ SNAT(fe80::a00:1) ::/0 omr-6in4-user+

View file

@ -1,7 +1,6 @@
PORT=65001 PORT=65001
HOST=0.0.0.0
DEV=tun0 DEV=tun0
SERVER=true SERVER=true
MPTCP=true MPTCP=true
IPV6=true IPV6=true
OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue" OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue"

View file

@ -1,6 +1,4 @@
BIND=0.0.0.0 BIND=0.0.0.0
BIND_PORT=65001 BIND_PORT=65001
HOST=0.0.0.0
PORT=5000
DEV=tun0 DEV=tun0
OPTIONS="chacha persist" OPTIONS="chacha persist"

View file

@ -1,17 +0,0 @@
[Match]
Name=ubond*
[Network]
Description=UBOND tunnel
Address=10.255.248.1/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h

View file

@ -1,42 +0,0 @@
[general]
tuntap = "tun"
mode = "server"
interface_name = "ubond0"
timeout = 30
password = "UBOND_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
loss_tolerence = 50
[wan1]
bindport = 65251
bindhost = "0.0.0.0"
[wan2]
bindport = 65252
bindhost = "0.0.0.0"
[wan3]
bindport = 65253
bindhost = "0.0.0.0"
[wan4]
bindport = 65254
bindhost = "0.0.0.0"
[wan5]
bindport = 65255
bindhost = "0.0.0.0"
[wan6]
bindport = 65256
bindhost = "0.0.0.0"
[wan7]
bindport = 65257
bindhost = "0.0.0.0"
[wan8]
bindport = 65258
bindhost = "0.0.0.0"

View file

@ -1,16 +0,0 @@
[Unit]
Description=UBOND connection to %i
PartOf=ubond.service
ReloadPropagatedFrom=ubond.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/ubond
Restart=always
[Install]
WantedBy=multi-user.target

View file

@ -1 +0,0 @@
debian9-x86_64.sh

View file

@ -1 +0,0 @@
debian9-x86_64.sh

View file

@ -1,220 +0,0 @@
{
"log": {
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"transport": {
"tcpSettings": {},
"wsSettings": {},
"kcpSettings": {
"mtu": 1460,
"tti": 10,
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": false,
"readBufferSize": 8,
"writeBufferSize": 8
}
},
"inbounds": [
{
"tag": "omrin-tunnel",
"port": 65228,
"protocol": "vless",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65230,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65231,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65229,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"listen": "127.0.0.1",
"port": 10085,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-tunnel",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [
"full:omr.lan"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
"stats": {},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}

View file

@ -1,18 +0,0 @@
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target

View file

@ -1,232 +0,0 @@
{
"log": {
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"inbounds": [
{
"tag": "omrin-tunnel",
"port": 65248,
"protocol": "vless",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65250,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65251,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65249,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-shadowsocks-tunnel",
"port": 65252,
"protocol": "shadowsocks",
"settings": {
"password": "XRAY_PSK",
"method": "2022-blake3-aes-256-gcm",
"network": "tcp,udp",
"clients": [
{
"password": "XRAY_UPSK",
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp"
}
},
{
"listen": "127.0.0.1",
"port": 10086,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-tunnel",
"omrin-vless-reality",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [
"full:omr.lan"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
"stats": {},
"api": {
"tag": "api",
"listen": "127.0.0.1:65080",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}

View file

@ -1,47 +0,0 @@
{
"inbounds": [
{
"port": 443,
"tag": "omrin-vless-reality",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "XRAY_UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "1.1.1.1:443",
"serverNames": [
""
],
"privateKey": "XRAY_X25519_PRIVATE_KEY",
"publicKey": "XRAY_X25519_PUBLIC_KEY",
"shortIds": [
""
]
},
"sockopt": {
"tcpMptcp": true,
"mark": 0
}
}
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-vless-reality"
]
}
]
}
}

View file

@ -1,18 +0,0 @@
[Unit]
Description=XRay Service
Documentation=https://xtls.github.io/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target