2025-03-09 15:50:00 +00:00
104 changed files with 510 additions and 4395 deletions
--- a/bin/v2ray-plugin-linux-amd64-v1.2.0-2-g68e2207.tar.gz
+++ b/bin/v2ray-plugin-linux-amd64-v1.2.0-2-g68e2207.tar.gz
--- a/config.json
+++ b/config.json
@ -4,13 +4,11 @@
    "local_port":1081,
    "mode":"tcp_and_udp",
    "key":"MySecretKey",
-    "timeout":600,
+    "timeout":400,
-    "method":"chacha20-ietf-poly1305",
+    "method":"aes-256-cfb",
    "verbose":0,
    "prefer_ipv6": false,
    "fast_open": true,
    "no_delay": true,
    "reuse_port": true,
    "ipv6_first": true,
    "mptcp": true
 }
--- a/debian-x86_64.sh
+++ b/debian-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/debian.sh
+++ b/debian.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/debian/changelog
+++ b/debian/changelog
@ -1,23 +0,0 @@
 omr-server (0.1030) unstable; urgency=medium
    * Many changes
 -- OpenMPTCProuter <contact@openmptcprouter.com>  Wed, 10 Apr 2024 19:35:34 +0200
 omr-server (0.1028) unstable; urgency=medium
    * Many changes
 -- OpenMPTCProuter <contact@openmptcprouter.com>  Fri, 14 Oct 2022 09:02:22 +0200
 omr-server (0.1026) unstable; urgency=medium
    * Many changes
 -- OpenMPTCProuter <contact@openmptcprouter.com>  Mon, 14 Jun 2021 07:43:42 +0200
 omr-server (0.1025-test) unstable; urgency=medium
    * Wireguard support and fixed
 -- OpenMPTCProuter <contact@openmptcprouter.com>  Thu, 04 Mar 2021 14:36:12 +0200
--- a/debian/compat
+++ b/debian/compat
@ -1 +0,0 @@
 10
--- a/debian/control
+++ b/debian/control
@ -1,37 +0,0 @@
 Source: omr-server
 Section: net
 Priority: optional
 Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
 Build-Depends: debhelper (>= 10)
 X-Python-Version: >= 3.2
 Standards-Version: 0.0.1
 Homepage: https://github.com/ysurac/openmptcprouter-vps
 Package: omr-server
 Architecture: all
 Multi-Arch: foreign
 Depends:
 curl,
 rename,
 libcurl4,
 unzip,
 tracebox,
 omr-iperf3,
 omr-shadowsocks-libev (= 3.3.5-2),
 omr-vps-admin (= 0.3+20210508),
 omr-simple-obfs,
 omr-mlvpn (= 3.0.0+20201216.git.2263bab),
 omr-glorytun (= 0.3.4-4),
 omr-glorytun-tcp (= 0.0.35-3),
 omr-dsvpn (= 0.1.4-2),
 shorewall,
 shorewall6,
 iptables,
 v2ray-plugin (= 4.35.1),
 v2ray (=4.35.1),
 linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
 ${misc:Depends}
 Provides: omr-server
 Conflicts: omr-server
 Replaces: omr-server
 Description: OpenMPTCProuter Server script
--- a/debian/postinst
+++ b/debian/postinst
@ -1,16 +0,0 @@
 #!/bin/sh -e
 test $DEBIAN_SCRIPT_DEBUG && set -v -x
 # use debconf
 . /usr/share/debconf/confmodule
 sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
 systemctl daemon-reload
 systemctl restart omr-update
 db_stop
 #DEBHELPER#
 exit 0
 # vim:set ai et sts=2 sw=2 tw=0:
--- a/debian/rules
+++ b/debian/rules
@ -1,18 +0,0 @@
 #!/usr/bin/make -f
 #export DH_VERBOSE = 1
 # Security Hardening
 export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 %:
 	dh $@
 override_dh_auto_install:
 	mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
 	find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
 	cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
 	mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
 	touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin
--- a/debian10-x86_64.sh
+++ b/debian10-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/debian11-x86_64.sh
+++ b/debian11-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/debian12-x86_64.sh
+++ b/debian12-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/debian9-x86_64-bin.sh
+++ b/debian9-x86_64-bin.sh
@ -1,55 +0,0 @@
 #!/bin/sh
 set -e
 umask 0022
 export LC_ALL=C
 #rm -f /var/lib/dpkg/lock
 #rm -f /var/cache/apt/archives/lock
 # Check Linux version
 if test -f /etc/os-release ; then
 	. /etc/os-release
 else
 	. /usr/lib/os-release
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ]; then
 	echo "This script only work with Debian Stretch (9.x)"
 	exit 1
 elif [ "$ID" != "debian" ]; then
 	echo "This script only work with Debian Stretch (9.x)"
 	exit 1
 fi
 apt-get update
 apt-get -y install apt-transport-https
 echo 'deb https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
 cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
 Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
 Package: *
 Pin: origin repo.openmptcprouter.com
 Pin-Priority: 1001
 EOF
 echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
 wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
 apt-get update
 apt-get -y install dirmngr patch rename curl
 # Rename bzImage to vmlinuz, needed when custom kernel was used
 cd /boot
 rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
 #rm -f /var/lib/dpkg/lock
 #rm -f /var/cache/apt/archives/lock
 rm -f /etc/kernel-img.conf
 echo "Install all"
 DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-overwrite" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install omr-vps
 systemctl -q enable shorewall
 systemctl -q enable shorewall6
 # Change SSH port to 65222
 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
 sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
 echo "OpenMPTCProuter VPS is now installed !"
 cat /root/openmptcprouter_config.txt
--- a/debian9-x86_64-mlvpn.sh
+++ b/debian9-x86_64-mlvpn.sh
@ -0,0 +1,137 @@
 #!/bin/sh
 MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
 INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | awk '{print $5}' | tr -d "\n")}
 DEBIAN_VERSION=$(sed 's/\..*//' /etc/debian_version)
 set -e
 umask 0022
 update="0"
 if [ $DEBIAN_VERSION -ne 9 ]; then
 	echo "This script only work with Debian Stretch (9.x)"
 	exit 1
 fi
 if [ -f "/etc/mlvpn/mlvpn0.conf" ] ; then
 	update="1"
 fi
 if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
 	echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
 fi
 # Install MLVPN
 if systemctl -q is-active mlvpn@mlvpn0.service; then
 	systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
 fi
 apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip
 rm -rf /tmp/MLVPN-new-reorder
 cd /tmp
 #wget -O /tmp/mlvpn-2.3.2.tar.gz https://github.com/zehome/MLVPN/archive/2.3.2.tar.gz
 wget -O /tmp/new-reorder.zip https://github.com/markfoodyburton/MLVPN/archive/new-reorder.zip
 cd /tmp
 #tar xzf mlvpn-2.3.2.tar.gz
 #cd MLVPN-2.3.2
 unzip new-reorder.zip
 cd MLVPN-new-reorder
 ./autogen.sh
 ./configure --sysconfdir=/etc
 make
 make install
 wget -O /lib/systemd/network/mlvpn.network http://www.openmptcprouter.com/server/mlvpn.network
 mkdir -p /etc/mlvpn
 if [ "$update" = "0" ]; then
 	wget -O /etc/mlvpn/mlvpn0.conf http://www.openmptcprouter.com/server/mlvpn0.conf
 	sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
 fi
 chmod 0600 /etc/mlvpn/mlvpn0.conf
 adduser --quiet --system --home /var/run/mlvpn --shell /usr/sbin/nologin mlvpn
 systemctl enable mlvpn@mlvpn0.service
 systemctl enable systemd-networkd.service
 cd /tmp
 #rm -rf /tmp/MLVPN-2.3.2
 rm -rf /tmp/MLVPN-new-reorder
 # Add 6in4 support
 wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
 chmod 755 /usr/local/bin/omr-6in4
 wget -O /usr/local/bin/omr-6in4-service http://www.openmptcprouter.com/server/omr-6in4-service
 chmod 755 /usr/local/bin/omr-6in4-service
 wget -O /lib/systemd/system/omr-6in4.service http://www.openmptcprouter.com/server/omr-6in4.service.in
 systemctl enable omr-6in4.service
 # Change SSH port to 65222
 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
 sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
 # Remove Bind9 if available
 #systemctl -q disable bind9
 # Remove fail2ban if available
 #systemctl -q disable fail2ban
 if [ "$update" = "0" ]; then
 	# Install and configure the firewall using shorewall
 	apt-get -y install shorewall shorewall6
 	wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall.tar.gz
 	tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
 	rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	systemctl enable shorewall
 	wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall6.tar.gz
 	tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
 	rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
 	systemctl enable shorewall6
 else
 	# Update only needed firewall files
 	wget -O /etc/shorewall/interfaces http://www.openmptcprouter.com/server/shorewall4/interfaces
 	wget -O /etc/shorewall/snat http://www.openmptcprouter.com/server/shorewall4/snat
 	wget -O /etc/shorewall/stoppedrules http://www.openmptcprouter.com/server/shorewall4/stoppedrules
 	wget -O /etc/shorewall/params.vpn http://www.openmptcprouter.com/server/shorewall4/params.vpn
 	wget -O /etc/shorewall/params http://www.openmptcprouter.com/server/shorewall4/params
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
 	sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
 	wget -O /etc/shorewall6/interfaces http://www.openmptcprouter.com/server/shorewall6/interfaces
 	wget -O /etc/shorewall6/stoppedrules http://www.openmptcprouter.com/server/shorewall6/stoppedrules
 	sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
 fi
 if [ "$update" = "0" ]; then
 	# Display important info
 	echo '=========================================================================================='
 	echo 'OpenMPTCProuter VPS MLVPN is now configured !'
 	echo 'SSH port: 65222 (instead of port 22)'
 	echo 'MLVPN first port: 65201'
 	echo 'Your MLVPN password: '
 	echo $MLVPN_PASS
 	echo '=========================================================================================='
 	echo 'Keys are also saved in /root/openmptcprouter_mlvpn_config.txt, you are free to remove them'
 	echo '=========================================================================================='
 	# Save info in file
 	cat > /root/openmptcprouter_mlvpn_config.txt <<-EOF
 	SSH port: 65222 (instead of port 22)
 	MLVPN first port: 65201
 	Your MLVPN password:
 	${MLVPN_PASS}
 	EOF
 	if [ -f "/root/openmptcprouter_config.txt" ]; then
 		cat >> /root/openmptcprouter_config.txt <<-EOF
 		MLVPN first port: 65201
 		Your MLVPN password:
 		${MLVPN_PASS}
 		EOF
 	fi
 else
 	echo '===================================================================================='
 	echo 'OpenMPTCProuter VPS MLVPN is now updated !'
 	echo 'Keys are not changed, shorewall rules files preserved'
 	echo '===================================================================================='
 	echo 'Restarting mlvpn and omr-6in4...'
 	systemctl -q start mlvpn@mlvpn0
 	systemctl -q restart omr-6in4
 	echo 'done'
 	echo 'Restarting shorewall...'
 	systemctl -q restart shorewall
 	systemctl -q restart shorewall6
 	echo 'done'
 fi
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
--- a/19
+++ b/19
@ -1,19 +0,0 @@
 #!/bin/sh
 set -e
 if [ ! -f "$1" ]; then
        echo "usage: $(basename "$0") FILE"
        exit 1
 fi
 . "$(readlink -f "$1")"
 exec dsvpn \
 	${MODE} \
 	"$1".key \
 	${HOST:-auto} \
 	${PORT} \
 	${DEV} \
 	${LOCALTUNIP} \
 	${REMOTETUNIP}
--- a/dsvpn-server.service.in
+++ b/dsvpn-server.service.in
@ -1,11 +0,0 @@
 [Unit]
 Description=Dead Simple VPN - Server
 After=network.target network-online.target
 [Service]
 ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2
 Restart=always
 RestartSec=15
 [Install]
 WantedBy=network.target
--- a/dsvpn-server@.service.in
+++ b/dsvpn-server@.service.in
@ -1,11 +0,0 @@
 [Unit]
 Description=Dead Simple VPN - Server on %I
 After=network.target network-online.target
 [Service]
 ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i
 Restart=always
 RestartSec=15
 [Install]
 WantedBy=network.target
--- a/6
+++ b/6
@ -1,6 +0,0 @@
 PORT=65401
 HOST=0.0.0.0
 DEV=dsvpn0
 MODE=server
 LOCALTUNIP=10.255.251.1
 REMOTETUNIP=10.255.251.2
--- a/fail2ban-filter-openvpn.conf
+++ b/fail2ban-filter-openvpn.conf
@ -1,10 +0,0 @@
 [INCLUDES]
 before = common.conf
 [Definition] 
 _daemon = ovpn-server
 failregex =%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Auth Error:.*
           %(__prefix_line)s<HOST>:[0-9]{4,5} VERIFY ERROR:.*
           %(__prefix_line)s<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
           %(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}
 maxlines = 1
--- a/fail2ban-jail-openmptcprouter.conf
+++ b/fail2ban-jail-openmptcprouter.conf
@ -1,21 +0,0 @@
 [DEFAULT]
 backend = systemd
 banaction = shorewall
 [sshd]
 enabled = true
 [openvpn_tcp]
 enabled = true
 port = 65301
 protocol = tcp
 filter = openvpn
 maxretry = 5
 [openvpn_udp]
 enabled = true
 port = 65301
 protocol = udp
 filter = openvpn
 maxretry = 5
--- a/glorytun-tcp-post.sh
+++ b/glorytun-tcp-post.sh
@ -1,14 +0,0 @@
 #!/bin/sh
 [ ! -f $(readlink -f "$1") ] && exit 1
 . "$(readlink -f "$1")"
 INTF=gt-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
 while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
 	ip link set dev ${INTF} up 2>&1 >/dev/null
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
--- a/2
+++ b/2
@ -9,7 +9,7 @@ fi
 . "$(readlink -f "$1")"
-DEV="gt-$(basename "$1")"
+DEV="gt${HOST:+c}-$(basename "$1")"
 exec glorytun-tcp \
 	${SERVER:+listener} \
--- a/glorytun-tcp@.service.in
+++ b/glorytun-tcp@.service.in
@ -6,7 +6,6 @@ After=network.target network-online.target
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
 ExecStartPost=-/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/%i
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 [Install]
--- a/glorytun-udp-post.sh
+++ b/glorytun-udp-post.sh
@ -1,17 +0,0 @@
 #!/bin/sh
 [ ! -f $(readlink -f "$1") ] && exit 1
 . "$(readlink -f "$1")"
 INTF=gt-udp-${DEV}
 [ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
 [ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
 while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
 	sleep 2
 done
 [ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
 	ip link set dev ${INTF} up 2>&1 >/dev/null
 	ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
 }
 tc qdisc replace dev $INTF root cake
 ip link set $INTF txqlen 100
 glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null
--- a/5
+++ b/5
@ -9,10 +9,11 @@ fi
 . "$(readlink -f "$1")"
-DEV="gt-udp-$(basename "$1")"
+DEV="gt${HOST:+c}-udp-$(basename "$1")"
 exec glorytun \
-	bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
+	bind $BIND $BIND_PORT \
 	keyfile "$1".key \
 	${DEV:+dev "$DEV"} \
 	${HOST:+to "$HOST" "$PORT"} \
 	${OPTIONS:+$OPTIONS}
--- a/glorytun-udp.network
+++ b/glorytun-udp.network
@ -1,5 +1,5 @@
 [Match]
-Name=gt-udp-tun*
+Name=gt-udp-*
 [Network]
 Description=Glorytun server device
@ -9,9 +9,9 @@ IPMasquerade=yes
 [DHCPServer]
 PoolOffset=2
-PoolSize=50
+PoolSize=1
 EmitDNS=no
 EmitNTP=no
 DNS=9.9.9.9
-DefaultLeaseTimeSec=2h
+DefaultLeaseTimeSec=12h
-MaxLeaseTimeSec=4h
+MaxLeaseTimeSec=24h
--- a/glorytun-udp@.service.in
+++ b/glorytun-udp@.service.in
@ -7,7 +7,6 @@ Type=simple
 Restart=always
 EnvironmentFile=/etc/glorytun-udp/%i
 ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i
 ExecStartPost=-/etc/glorytun-udp/post.sh /etc/glorytun-udp/%i
 CapabilityBoundingSet=CAP_NET_ADMIN
 [Install]
--- a/glorytun.network
+++ b/glorytun.network
@ -1,8 +1,8 @@
 [Match]
-Name=gt-tun*
+Name=gt-*
 [Link]
-MTUBytes=1500
+MTUBytes=1400
 [Network]
 Description=Glorytun server device
@ -12,9 +12,9 @@ IPMasquerade=yes
 [DHCPServer]
 PoolOffset=1
-PoolSize=50
+PoolSize=2
 EmitDNS=no
 EmitNTP=no
 DNS=9.9.9.9
-DefaultLeaseTimeSec=2h
+DefaultLeaseTimeSec=12h
-MaxLeaseTimeSec=4h
+MaxLeaseTimeSec=24h
--- a/iperf3.override.conf
+++ b/iperf3.override.conf
@ -1,3 +0,0 @@
 [Service]
 ExecStart=
 ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
--- a/iperf3.service.in
+++ b/iperf3.service.in
@ -1,10 +0,0 @@
 [Unit]
 Description=iperf3
 Requires=network.target
 [Service]
 ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
 Restart=on-failure
 [Install]
 WantedBy=multi-user.target
--- a/manager.json
+++ b/manager.json
@ -1,22 +0,0 @@
 {
    "mptcp": true,
    "ipv6_first": true,
    "no_delay": true,
    "ebpf": false,
    "server": [
        "[::0]",
        "0.0.0.0"
    ],
    "method": "chacha20-ietf-poly1305",
    "fast_open": true,
    "timeout": 1000,
    "port_key": {
        "65101": "MySecretKey",
    },
    "local_port": 1081,
    "verbose": 0,
    "acl": "/etc/shadowsocks-libev/local.acl",
    "mode": "tcp_and_udp",
    "reuse_port": true,
    "prefer_ipv6": false
 }
--- a/mlvpn.network
+++ b/mlvpn.network
@ -9,7 +9,7 @@ IPMasquerade=yes
 [DHCPServer]
 PoolOffset=2
-PoolSize=50
+PoolSize=1
 EmitDNS=no
 EmitNTP=no
 DNS=9.9.9.9
--- a/mlvpn0.conf
+++ b/mlvpn0.conf
@ -5,7 +5,7 @@ interface_name = "mlvpn0"
 timeout = 30
 password = "MLVPN_PASS"
 reorder_buffer = yes
-reorder_buffer_size = 128
+reorder_buffer_size = 64
 loss_tolerence = 50
 [wan1]
--- a/mlvpn@.service.in
+++ b/mlvpn@.service.in
@ -1,18 +0,0 @@
 [Unit]
 Description=MLVPN connection to %i
 PartOf=mlvpn.service
 ReloadPropagatedFrom=mlvpn.service
 After=network.target network-online.target
 [Service]
 Type=notify
 NotifyAccess=main
 ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/mlvpn
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/177
+++ b/177
@ -1,177 +0,0 @@
 #!/bin/sh
 #
 # Update the MP-TCP flags without the pached iproute2
 #
 # Author: Mario Krueger <openwrt at xedp3x.de>
 # Released under GPL 3 or later
 if [ -d "/proc/sys/net/mptcp" ]; then
        if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
                echo "MPTCP is disabled!"
                exit 1
        fi
 else
        echo "Your device don't support multipath-TCP."
        echo "You have to install the pached kernel to use MPTCP."
        echo "See http://multipath-tcp.org/ for details"
        exit 1
 fi
 case $1 in
   "-h")
        echo "          Multipath-TCP configuration tool"
        echo "show/update flags:"
        echo "  multipath [device]"
        echo "  multipath device {on | off | backup | handover}"
        echo
        echo "show established conections: -c"
        echo "show fullmesh info: -f"
        echo "show kernel config: -k"
        echo
        echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
        echo "will allow a subflow to be established across this interface, but only be used"
        echo "as backup. Handover-flag indicates that his interface is not used at all (even "
        echo "no subflow being established), as long as there are other interfaces available."
        echo "See http://multipath-tcp.org/ for details"
        echo
        exit 0 ;;
   "-c")
        cat /proc/net/mptcp_net/mptcp
        exit 0;;
   "-f")
        cat /proc/net/mptcp_fullmesh
        exit 0;;
   "-k")
        if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
            echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
        elif [ -f /proc/sys/net/mptcp/enabled ]; then
            echo Enabled: `cat /proc/sys/net/mptcp/enabled`
        fi
        if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
            echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
        fi
        if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
            echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
        else
            echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
        fi
        if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
            echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
        fi
        if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
            echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
        fi
        if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
            echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
        fi
        echo
        echo See http://multipath-tcp.org/ for details
        exit 0 ;;
   "")
        for ifpath in /sys/class/net/*; do
                $0 ${ifpath##*/}
        done
        exit 0;;
   *);;
 esac
 DEVICE="$1"
 TYPE="$2"
 #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
 [ -d "/sys/class/net/$DEVICE/" ] || {
        #echo "Device '$DEVICE' can't found!"
        #echo "Use the hardware name like in ifconfig"
        exit 1
 }
 if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
        FLAG_PATH="/sys/class/net/$DEVICE/flags"
        IFF=`cat $FLAG_PATH`
        IFF_OFF="0x80000"
        IFF_ON="0x00"
        IFF_BACKUP="0x100000"
        IFF_HANDOVER="0x200000"
        IFF_MASK="0x380000"
        case $TYPE in
                "off")          FLAG=$IFF_OFF;;
                "on")           FLAG=$IFF_ON;;
                "backup")       FLAG=$IFF_BACKUP;;
                "handover")     FLAG=$IFF_HANDOVER;;
                "")
                        IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
                        case "$IFF" in
                                $IFF_OFF)       echo $DEVICE is deactivated;;
                                $IFF_ON)        echo $DEVICE is in default mode;;
                                $IFF_BACKUP)    echo $DEVICE is in backup mode;;
                                $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
                                *) echo "Unkown state!" && exit 1;;
                        esac
                        exit 0;;
                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
        esac
        printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
 else
        ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
        IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
        #IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
 	[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
        [ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
 	RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
        [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
        case $TYPE in
                "off")
                        [ -n "$ID" ] && {
                            for i in $ID; do
                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
                            done
                        }
                        exit 0;;
                "on")
                        [ -n "$ID" ] && {
                            for i in $ID; do
                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
                            done
                        }
                        for i in $IP; do
                            ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
                        done
                        exit 0;;
                "signal")
                        [ -n "$ID" ] && {
                            for i in $ID; do
                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
                            done
                        }
                        for i in $IP; do
                            ip mptcp endpoint add $i dev $DEVICE signal
                        done
                        exit 0;;
                "backup")
                        [ -n "$ID" ] && {
                            for i in $ID; do
                                ip mptcp endpoint delete id $i 2>&1 >/dev/null
                            done
                        }
                        for i in $IP; do
                            ip mptcp endpoint add $i dev $DEVICE backup fullmesh
                        done
                        exit 0;;
                "")
                        case "$IFF" in
                                "")          echo $DEVICE is deactivated;;
                                "subflow")   echo $DEVICE is in default mode;;
                                "backup")    echo $DEVICE is in backup mode;;
                                "signal")    echo $DEVICE is in signal mode;;
                                "fullmesh")  echo $DEVICE is in fullmesh mode;;
                                *)           echo "$DEVICE Unkown state!" && exit 1;;
                        esac
                        exit 0;;
                *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
        esac
 fi
--- a/old-v2ray.service
+++ b/old-v2ray.service
@ -1,25 +0,0 @@
 [Unit]
 Description=V2Ray - A unified platform for anti-censorship
 Documentation=https://v2ray.com https://guide.v2fly.org
 After=network.target nss-lookup.target
 Wants=network-online.target
 [Service]
 # If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
 #Type=exec
 Type=simple
 # Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
 # This service runs as root. You may consider to run it as another user for security concerns.
 # By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
 # More discussion at https://github.com/v2ray/v2ray-core/issues/1011
 User=root
 #User=v2ray
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
 NoNewPrivileges=yes
 ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
 Restart=on-failure
 # Don't restart in the case of configuration error
 RestartPreventExitStatus=23
 [Install]
 WantedBy=multi-user.target
--- a/23
+++ b/23
@ -1,23 +0,0 @@
 #!/bin/sh
 set -e
 if [ ! -f "$2" ]; then
        echo "usage: $(basename "$0") start FILE"
        exit 1
 fi
 . "$(readlink -f "$2")"
 DEV="omr-6in4-$(basename "$2")"
 if [ "$1" = "start" ]; then
        [ -n "$(ip tunnel show ${DEV})" ] && ip tunnel del ${DEV} 2>&1 >/dev/null
        ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
        ip -6 addr add ${LOCALIP6} dev ${DEV}
        ip link set ${DEV} up
        [ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
 fi
 if [ "$1" = "stop" ]; then
        ip tunnel del ${DEV}
 fi
--- a/74
+++ b/74
@ -0,0 +1,74 @@
 #!/bin/bash
 # OpenMPTCProuter VPS 6in4 service script
 if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
 	ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
 	ip link set omr-6in4 down
 	ip tunnel del omr-6in4
 	exit 0
 fi
 # Add IPv6 tunnel
 if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
 	ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
 else
 	ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
 	ip addr add fe80::a00:1/64 dev omr-6in4 >/dev/null 2>&1
 fi
 ip link set omr-6in4 up
 ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
 _ping() {
 	local host=$1
 	ret=$(ping -4 "${host}" \
 		-W 5 \
 		-c 1 \
 		-q
 	) && echo "$ret" | grep -sq "0% packet loss" && {
 		return
 	}
 	false
 }
 while true; do
 	source /etc/shorewall/params.vpn
 	iface=""
 	currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
 	currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
 	if [ -n "$currentpeer" ]; then
 		_ping $currentpeer
 		status=$?
 		if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then
 			allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet)
 			allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
 			allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
 			allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
 			allip="$allip_tcp
 $allip_udp
 $allip_openvpn
 $allip_mlvpn"
 			while IFS= read -r inet; do
 				ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
 				ipd=$(echo $ip | sed 's/.1/.2/' | tr -d "\n")
 				if [ "$ipd" != "" ]; then
 					_ping $ipd
 					statusp=$?
 					if $(exit $statusp); then
 						ip tunnel change omr-6in4 mode sit remote $ipd local $ip
 						echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
 						echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
 						iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n")
 						echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
 						systemctl reload shorewall
 						break
 					fi
 				fi
 			done < <(printf '%s\n' "$allip")
 			[ -z "$iface" ] && {
 				systemctl -q restart systemd-networkd
 				sleep 10
 			}
 		fi
 	fi
 	sleep 5
 done
--- a/omr-6in4.service.in
+++ b/omr-6in4.service.in
@ -1,12 +1,12 @@
 [Unit]
-Description=OMR
+Description=OMR-6in4
-After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service
+After=network.target network-online.target glorytun-tcp@.service
 [Service]
 Type=simple
 Restart=always
-ExecStart=/usr/local/bin/omr-service
+ExecStart=/usr/local/bin/omr-6in4-service
-KillSignal=9
+ExecStop=/usr/local/bin/omr-6in4-service stop
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 [Install]
--- a/omr-admin-ipv6.service.in
+++ b/omr-admin-ipv6.service.in
@ -1,12 +0,0 @@
 [Unit]
 Description=OMR-Admin IPv6
 After=network.target network-online.target
 [Service]
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-admin.py --host="::"
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
 [Install]
 WantedBy=multi-user.target
--- a/omr-admin.service.in
+++ b/omr-admin.service.in
@ -1,12 +0,0 @@
 [Unit]
 Description=OMR-Admin
 After=network.target network-online.target
 [Service]
 Type=simple
 Restart=always
 ExecStart=/usr/local/bin/omr-admin.py
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
 [Install]
 WantedBy=multi-user.target
--- a/82
+++ b/82
@ -1,82 +0,0 @@
 #!/bin/sh
 # Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
 # Released under GPL 3. See LICENSE for the full terms.
 [ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
 # Configuration
 INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
 [ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
 GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
 GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
 TABLE="991337"
 MARK="0x539"
 CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
 PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
 [ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
 jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
 mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
 # Action
 ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
 ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
 ipset -q --exist restore <<-EOF
 create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
 create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
 EOF
 ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
 for ip in $ipv4; do
 	ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
 done
 ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
 for ip in $ipv6; do
 	ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
 done
 iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
 iptables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 :omr-bypass -
 -A PREROUTING -j omr-bypass
 COMMIT
 EOF
 iptables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 :omr-bypass-local -
 -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
 COMMIT
 EOF
 iptables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 -A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
 -A omr-bypass -m mark --mark ${MARK} -j RETURN
 -A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
 -A omr-bypass-local -m mark --mark ${MARK} -j RETURN
 COMMIT
 EOF
 ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
 ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
 ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
 ip6tables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 :omr-bypass -
 -A PREROUTING -j omr-bypass
 COMMIT
 EOF
 ip6tables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 :omr-bypass-local -
 -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
 COMMIT
 EOF
 ip6tables-restore -w --wait=60 --noflush <<-EOF
 *mangle
 -A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
 -A omr-bypass -m mark --mark ${MARK} -j RETURN
 -A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
 -A omr-bypass-local -m mark --mark ${MARK} -j RETURN
 COMMIT
 EOF
 if [ -n "$GATEWAY6" ]; then
 	ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
 	ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
 fi
--- a/omr-bypass.service.in
+++ b/omr-bypass.service.in
@ -1,12 +0,0 @@
 [Unit]
 Description=OMR-ByPass
 After=network.target network-online.target shorewall.service
 [Service]
 Type=simple
 ExecStart=/usr/local/bin/omr-bypass
 KillSignal=9
 CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
 [Install]
 WantedBy=multi-user.target
--- a/omr-bypass.timer.in
+++ b/omr-bypass.timer.in
@ -1,8 +0,0 @@
 [Unit]
 Description=Timer for omr-bypass
 [Timer]
 OnUnitActiveSec=300
 [Install]
 WantedBy=timers.target
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@ -1,59 +0,0 @@
 #!/bin/sh
 if [ -f /etc/os-release ]; then
 	. /etc/os-release
 else
 	. /usr/lib/os-release
 fi
 if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
        echo "This script doesn't work with Debian Stretch (9.x)"
        exit 1
 fi
 if [ "$(id -u)" -ne 0 ]; then
 	echo "You must run the script as root"
 	exit 1
 fi
 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
 echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
 echo "Don't apply Pi-hole firewall rules."
 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
 [ "`tty`" != "not a tty" ] && read -n 1 -s -r -p "Press any key to continue" || sleep 5
 echo "Run Pi-hole install script..."
 curl -sSL https://install.pi-hole.net | bash
 echo "Done"
 echo "-------------------------------------------------------------------------------------------------------------------------------"
 echo "OMR Pi-hole configuration..."
 cat > /etc/lighttpd/external.conf << 'EOF'
 server.bind="10.255.255.1"
 $SERVER["socket"] == "10.255.254.1:80" { }
 $SERVER["socket"] == "10.255.252.1:80" { }
 $SERVER["socket"] == "10.255.251.1:80" { }
 $SERVER["socket"] == "10.255.253.1:80" { }
 EOF
 systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd
 grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
 mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
 cat >> /etc/pihole/setupVars.conf <<-EOF
 PIHOLE_INTERFACE=gt-tun0
 IPV4_ADDRESS=10.255.0.0/16
 IPV6_ADDRESS=fd00::a00:/106
 RATE_LIMIT=0/0
 EOF
 grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf
 mv /etc/dnsmasq.d/01-pihole.new.conf /etc/dnsmasq.d/01-pihole.conf
 cat > /etc/dnsmasq.d/99-omr.conf <<-EOF
 interface=gt-tun0
 interface=gt-udp-tun0
 interface=tun0
 interface=mlvpn0
 interface=dsvpn0
 EOF
 systemctl -q restart pihole-FTL
 echo "Done"
 echo "======================================================================================================================================"
 echo "To use Pi-hole in OpenMPTCProuter, you need to 'Save & Apply' the wizard again in System->OpenMPTCProuter then reboot OpenMPTCProuter."
 echo "Web interface will be available on 10.255.255.1 if you use Glorytun TCP, 10.255.254.1 if you use Glorytun UDP."
 echo "======================================================================================================================================"
 exit 0
--- a/232
+++ b/232
@ -1,232 +0,0 @@
 #!/bin/bash
 # OpenMPTCProuter VPS service script
 _multipath() {
 	# Force multipath status
 	source /etc/shorewall/params.net
 	for intf in `ls -1 /sys/class/net`; do
 		if [ "$intf" != "bonding_masters" ]; then
 			if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
 				[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1
 				[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
 					multipath $intf signal >/dev/null 2>&1
 					ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
 				}
 			else
 				[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
 			fi
 		fi
 	done
 }
 _glorytun_udp() {
 	#if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
 	if systemctl list-unit-files glorytun-udp@.service >/dev/null; then
 		[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
 			logger -t "OMR-Service" "Restart Glorytun-UDP"
 			systemctl -q restart 'glorytun-udp@*'
 			sleep 10
 		}
 		for intf in /etc/glorytun-udp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
 		done
 		#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
 	fi
 }
 _glorytun_tcp() {
 	#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
 	if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
 		for intf in /etc/glorytun-tcp/tun*; do
 			[ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
 		done
 		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
 			localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.255.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
 			if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
 				logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
 				systemctl restart glorytun-tcp@tun0
 				sleep 10
 			fi
 		fi
 		#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
 	fi
 }
 _dsvpn() {
 	#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
 	if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
 		[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
 		if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
 			localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
 			[ -z "$localip" ] && localip="10.255.251.1"
 			remoteip="$(echo $localip | sed 's/\.1/\.2/')"
 			if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
 				logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
 				systemctl restart dsvpn-server@dsvpn0
 			fi
 			#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
 		fi
 	fi
 }
 _shadowsocks() {
 	if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
 		[ -z "$(pgrep ss-server)" ] && {
 			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
 			systemctl restart shadowsocks-libev-manager@manager
 		}
 	fi
 }
 _shadowsocks_go() {
 	if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
 		[ -z "$(pgrep shadowsocks-go)" ] && {
 			logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
 			systemctl restart shadowsocks-go
 		}
 	fi
 }
 _xray() {
 	if systemctl list-unit-files xray.service >/dev/null; then
 		[ -z "$(pgrep xray)" ] && {
 			logger -t "OMR-Service" "ss-server not detected, restart XRay"
 			systemctl restart xray
 		}
 	fi
 }
 _v2ray() {
 	if systemctl list-unit-files v2ray.service >/dev/null; then
 		[ -z "$(pgrep v2ray)" ] && {
 			logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
 			systemctl restart v2ray
 		}
 	fi
 }
 _wireguard() {
 	#if [ -n "$(systemctl -a | grep 'wg')" ]; then
 	if systemctl list-unit-files wg-quick@.service >/dev/null; then
 		[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
 		[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
 	fi
 }
 _omr_api() {
 	[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
 		logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
 		systemctl -q restart omr-admin
 	}
 }
 _lan_route() {
 	jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
 	while IFS=$"\n" read -r c; do
 		if [ -n "$c" ]; then
 			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 			username=$(echo "$c" | jq -r '.username')
 			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
 				echo "$c" | jq -c -r '.lanips[]? //empty' | 
 				while IFS=$"\n" read -r d; do
 					if [ "$d" != "" ]; then
 						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
 						networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
 						netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
 						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
 						[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
 					fi
 				done
 			fi
 		fi
 	done
 }
 _gre_tunnels() {
 	. "$(readlink -f "/etc/shorewall/params.vpn")"
 	if [ -n "$OMR_ADDR" ]; then
 		for intf in /etc/openmptcprouter-vps-admin/intf/*; do
 			if [ -f "$intf" ]; then
 				. "$(readlink -f "$intf")"
 				iface="$(basename $intf)"
 				if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
 					[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
 					ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
 					ip link set $iface up >/dev/null 2>&1
 					ip addr add $LOCALIP dev $iface >/dev/null 2>&1
 					ip route add $NETWORK dev $iface >/dev/null 2>&1
 				fi
 			fi
 		done
 	fi
 }
 _openvpn_bonding() {
 	if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
 		echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
 		ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding1 up >/dev/null 2>&1
 		ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding2 up >/dev/null 2>&1
 		ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding3 up >/dev/null 2>&1
 		ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding4 up >/dev/null 2>&1
 		ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding5 up >/dev/null 2>&1
 		ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding6 up >/dev/null 2>&1
 		ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding7 up >/dev/null 2>&1
 		ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
 		ip link set ovpnbonding8 up >/dev/null 2>&1
 		ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
 		ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
 		ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
 		ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
 	fi
 }
 _vpn1() {
 	vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
 	[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
 	if [ -n "$vpn1route" ]; then
 		ip r del $vpn1route
 		vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
 		ip r a default via $vpngw dev vpn1 table 991337
 		for route in $(ip r show dev vpn1); do
 			ip r a $route table 991337
 		done
 	fi
 }
 sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
 modprobe bonding >/dev/null 2>&1
 ip link add omr-bonding type bond >/dev/null 2>&1
 #[ -n "$(uname -r | grep '6.1')" ] && {
 #	stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
 #}
 gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
 lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
 while true; do
 	_glorytun_udp
 	_glorytun_tcp
 	_shadowsocks
 	_shadowsocks_go
 	_xray
 	_v2ray
 	_dsvpn
 	_wireguard
 	_multipath
 	_omr_api
 	[ "$lan_routes" != "false" ] && _lan_route
 	[ "$gre_tunnels" != "false" ] && _gre_tunnels
 	_openvpn_bonding
 	_vpn1
 	sleep 10
 done
--- a/55
+++ b/55
@ -1,55 +0,0 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
 HETZNER=false
 if [ "$1" = "hetzner" ]; then
 	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
 fi
 [ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
 	echo "You must use a real interface. You wan find them using 'ip a' for example"
 	exit 0
 }
 if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
 	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
 		if [ -z "$INTERFACE" ]; then
 			ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
 		else
 			ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
 		fi
 		echo "host: $domain - ping: $ping"
 		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
 			bestping=$ping
 			HOST=$pinghost
 		fi
 	done
 fi
 [ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
 if [ -z "$INTERFACE" ]; then
 	curl -4 -o /dev/null $HOST || echo
 else
 	domain=$(echo $HOST | awk -F/ '{print $3}')
 	hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
 		for ip in $hostip; do
 			ipset add ss_rules_dst_bypass_all $ip
 		done
 	fi
 	curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
 		for ip in $hostip; do
 			ipset del ss_rules_dst_bypass_all $ip
 		done
 	fi
 fi
--- a/56
+++ b/56
@ -1,56 +0,0 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
 HETZNER=false
 if [ "$1" = "hetzner" ]; then
 	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
 fi
 [ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
 	echo "You must use a real interface. You wan find them using 'ip a' for example"
 	exit 0
 }
 if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
 	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
 		if [ -z "$INTERFACE" ]; then
 			ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
 		else
 			ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
 		fi
 		echo "host: $domain - ping: $ping"
 		if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
 			bestping=$ping
 			HOST=$pinghost
 		fi
 	done
 fi
 [ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
 if [ -z "$INTERFACE" ]; then
 	curl -6 $HOST >/dev/null || echo
 else
 	domain=$(echo $HOST | awk -F/ '{print $3}')
 	hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
 		for ip in $hostip; do
 			ipset add ss_rules6_dst_bypass_all $ip
 		done
 	fi
 	curl -6 --interface $INTERFACE $HOST >/dev/null || echo
 	if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
 		for ip in $hostip; do
 			ipset del ss_rules6_dst_bypass_all $ip
 		done
 	fi
 fi
--- a/11
+++ b/11
@ -1,11 +0,0 @@
 #!/bin/sh
 if [ -f /etc/openmptcprouter-vps-admin/update ]; then
        wget -O - http://www.openmptcprouter.com/server/debian.sh | sh
        rm -f /etc/openmptcprouter-vps-admin/update
        reboot
 fi
 if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
        LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
        rm -f /etc/openmptcprouter-vps-admin/update-bin
        #reboot
 fi
--- a/omr-update.service.in
+++ b/omr-update.service.in
@ -1,15 +0,0 @@
 [Unit]
 Description=OMR Update
 After=network.target network-online.target
 [Service]
 Type=simple
 Restart=no
 ExecStart=/usr/bin/omr-update
 #ExecStart=/usr/share/omr-server/debian9-x86_64.sh
 AmbientCapabilities=
 StandardOutput=file:/var/log/omr-update.log
 StandardError=file:/var/log/omr-update.log
 [Install]
 WantedBy=multi-user.target
--- a/omr6in4@.service.in
+++ b/omr6in4@.service.in
@ -1,12 +0,0 @@
 [Unit]
 Description=OMR6IN4 on %I
 After=network.target network-online.target
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
 RemainAfterExit=true
 ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i
 [Install]
 WantedBy=multi-user.target
--- a/openmptcprouter-shorewall.tar.gz
+++ b/openmptcprouter-shorewall.tar.gz
--- a/openmptcprouter-shorewall6.tar.gz
+++ b/openmptcprouter-shorewall6.tar.gz
--- a/openvpn-bonding1.conf
+++ b/openvpn-bonding1.conf
@ -1,18 +0,0 @@
 dev ovpnbonding1
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65351
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding2.conf
+++ b/openvpn-bonding2.conf
@ -1,18 +0,0 @@
 dev ovpnbonding2
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65352
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding3.conf
+++ b/openvpn-bonding3.conf
@ -1,18 +0,0 @@
 dev ovpnbonding3
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65353
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding4.conf
+++ b/openvpn-bonding4.conf
@ -1,18 +0,0 @@
 dev ovpnbonding4
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65354
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding5.conf
+++ b/openvpn-bonding5.conf
@ -1,18 +0,0 @@
 dev ovpnbonding5
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65355
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding6.conf
+++ b/openvpn-bonding6.conf
@ -1,18 +0,0 @@
 dev ovpnbonding6
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65356
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding7.conf
+++ b/openvpn-bonding7.conf
@ -1,18 +0,0 @@
 dev ovpnbonding7
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65357
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-bonding8.conf
+++ b/openvpn-bonding8.conf
@ -1,18 +0,0 @@
 dev ovpnbonding8
 dev-type tap
 cipher AES-256-CBC
 proto udp
 proto udp6
 port 65358
 persist-tun
 persist-key
 reneg-sec 0
 verb 3
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 100 2400
 mode server
 tls-server
--- a/openvpn-tun0.6.1.conf
+++ b/openvpn-tun0.6.1.conf
@ -1,34 +0,0 @@
 topology subnet
 dev tun0
 user nobody
 group nogroup
 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
 disable-dco
 proto tcp-server
 proto tcp6-server
 port 65301
 persist-tun
 persist-key
 duplicate-cn
 verb 3
 server 10.255.252.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 10 240
 txqueuelen 1000
 sndbuf 262144
 push "sndbuf 262144"
 rcvbuf 262144
 push "rcvbuf 262144"
 tun-mtu 1420
 tls-server
 tls-version-min 1.2
 #push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
 ifconfig-pool-persist ccd/ipp_tcp.txt
 passtos
 management 127.0.0.1 65302
 tcp-nodelay
--- a/openvpn-tun0.conf
+++ b/openvpn-tun0.conf
@ -1,29 +1,9 @@
-dev tun0
+dev tun
-user nobody
+secret /etc/openvpn/server/static.key
 group nogroup
 cipher AES-256-CBC
-proto tcp
+compress lz4
 proto tcp-server
 port 65301
 persist-tun
 persist-key
-reneg-sec 0
+
 duplicate-cn
 verb 3
 server 10.255.252.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 10 240
 sndbuf 0
 rcvbuf 0
 txqueuelen 2000
 tun-mtu 1400
 mssfix 1360
 tls-server
 tls-version-min 1.2
 #compress lzo
 #push "route 10.255.252.1 255.255.255.255"
 client-config-dir ccd
 management localhost 65302
--- a/openvpn-tun1.6.1.conf
+++ b/openvpn-tun1.6.1.conf
@ -1,30 +0,0 @@
 topology subnet
 dev tun1
 data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
 proto udp
 proto udp6
 port 65301
 persist-tun
 persist-key
 duplicate-cn
 verb 3
 server 10.255.250.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 10 240
 txqueuelen 1000
 sndbuf 262144
 push "sndbuf 262144"
 rcvbuf 262144
 push "rcvbuf 262144"
 tun-mtu 1420
 tls-server
 tls-version-min 1.2
 push "route 10.255.250.1 255.255.255.255"
 #client-config-dir ccd
 #ifconfig-pool-persist ccd/ipp_udp.txt
 #fast-io
 passtos
--- a/openvpn-tun1.conf
+++ b/openvpn-tun1.conf
@ -1,18 +0,0 @@
 dev tun1
 cipher AES-256-CBC
 proto udp
 port 65301
 persist-tun
 persist-key
 reneg-sec 0
 duplicate-cn
 #ncp-disable
 #mssfix 1300
 verb 3
 server 10.255.250.0 255.255.255.0
 ca /etc/openvpn/ca/pki/ca.crt
 cert /etc/openvpn/ca/pki/issued/server.crt
 key /etc/openvpn/ca/pki/private/server.key
 dh /etc/openvpn/server/dh2048.pem
 crl-verify /etc/openvpn/ca/pki/crl.pem
 keepalive 10 240
--- a/openvpn.network
+++ b/openvpn.network
@ -1,5 +1,5 @@
 [Match]
-Name=tun0
+Name=tun*
 [Network]
 Description=OpenVPN tunnel
@ -9,7 +9,7 @@ IPMasquerade=yes
 [DHCPServer]
 PoolOffset=2
-PoolSize=50
+PoolSize=1
 EmitDNS=no
 EmitNTP=no
 DNS=9.9.9.9
--- a/shadowsocks-go.server.json
+++ b/shadowsocks-go.server.json
@ -1,37 +0,0 @@
 {
    "servers": [
        {
            "name": "ss-2022",
            "protocol": "2022-blake3-aes-256-gcm",
            "tcpListeners": [
            {
                "network": "tcp",
                "address": ":65280",
                "fastOpen": false,
                "reusePort": false,
                "multipath": true
            }
            ],
            "enableTCP": true,
            "listenerTFO": true,
            "enableUDP": true,
            "mtu": 1500,
            "psk": "PSK",
            "uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
        }
    ],
    "stats": {
        "enabled": true
    },
    "api": {
        "enabled": true,
        "debugPprof": false,
        "trustedProxies": [],
        "listeners": [
        {
                "network": "tcp",
                "address": "127.0.0.1:65279"
        }
        ]
    }
 }
--- a/shadowsocks-libev-manager@.service.in
+++ b/shadowsocks-libev-manager@.service.in
@ -1,15 +0,0 @@
 [Unit]
 Description=Shadowsocks-Libev Custom Manager Service for %I
 After=network-online.target
 [Service]
 Type=simple
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 LimitNOFILE=99999
 LimitNPROC=99999
 ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/shadowsocks.6.1.conf
+++ b/shadowsocks.6.1.conf
@ -1,77 +0,0 @@
 # local sysctl settings can be stored in this directory
 # max open files
 fs.file-max = 512000
 # max read buffer
 net.core.rmem_max = 7500000
 # max write buffer
 net.core.wmem_max = 7500000
 #net.core.optmem_max = 33554432
 # default read buffer
 #net.core.rmem_default = 16777216
 # default write buffer
 #net.core.wmem_default = 16777216
 # max processor input queue
 net.core.netdev_max_backlog = 10000
 # max backlog
 net.core.somaxconn = 16384
 # resist SYN flood attacks
 net.ipv4.tcp_syncookies = 1
 # reuse timewait sockets when safe
 net.ipv4.tcp_tw_reuse = 1
 # turn off fast timewait sockets recycling
 #net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
 net.ipv4.tcp_fin_timeout = 30
 # Increase max orphans
 net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
 net.ipv4.tcp_keepalive_time = 7200
 # outbound port range
 net.ipv4.ip_local_port_range = 9999 65000
 # max SYN backlog
 net.ipv4.tcp_max_syn_backlog = 4096
 # max timewait sockets held by system simultaneously
 net.ipv4.tcp_max_tw_buckets = 16384
 # turn on TCP Fast Open on both client and server side
 net.ipv4.tcp_fastopen = 3
 # TCP buffer
 net.ipv4.tcp_mem = 409600 819200 1638400
 # UDP buffer
 net.ipv4.udp_mem = 4096 87380 16777216
 # TCP receive buffer
 net.ipv4.tcp_rmem = 4096 87380 16777216
 # TCP write buffer
 net.ipv4.tcp_wmem = 4096 87380 16777216
 # turn on path MTU discovery
 net.ipv4.tcp_mtu_probing = 0
 # 1/8 * available memory in receive buffer
 net.ipv4.tcp_adv_win_scale=-3
 # limits the size of unsent bytes in the write queue
 net.ipv4.tcp_notsent_lowat = 131072
 # for low-latency network, use cubic instead
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 524288
 net.netfilter.nf_conntrack_buckets=131072
 net.netfilter.nf_conntrack_tcp_timeout_established = 86400
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.default.log_martians = 0
 # MPTCP settings
 net.ipv4.tcp_ecn = 2
 net.mptcp.checksum_enabled = 0
 net.mptcp.add_addr_timeout = 120
 net.mptcp.allow_join_initial_addr_port = 1
 net.mptcp.enabled = 1
 net.mptcp.pm_type = 0
 net.mptcp.stale_loss_cnt = 4
 net.mptcp.mptcp_checksum=0
 net.mptcp.mptcp_path_manager=fullmesh
 net.mptcp.mptcp_scheduler=mptcp_burst
 net.mptcp.mptcp_syn_retries=4
 net.mptcp.mptcp_version=1
 net.mptcp.checksum_enabled=0
 net.ipv4.tcp_congestion_control=bbr
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@ -2,14 +2,13 @@
 # max open files
 fs.file-max = 512000
 # max read buffer
-net.core.rmem_max = 67108864
+net.core.rmem_max = 134217728
 # max write buffer
-net.core.wmem_max = 67108864
+net.core.wmem_max = 134217728
 net.core.optmem_max = 33554432
 # default read buffer
-net.core.rmem_default = 131072
+net.core.rmem_default = 65536
 # default write buffer
-net.core.wmem_default = 131072
+net.core.wmem_default = 65536
 # max processor input queue
 net.core.netdev_max_backlog = 4096
 # max backlog
@ -20,45 +19,34 @@ net.ipv4.tcp_syncookies = 1
 # reuse timewait sockets when safe
 net.ipv4.tcp_tw_reuse = 1
 # turn off fast timewait sockets recycling
-#net.ipv4.tcp_tw_recycle = 0
+net.ipv4.tcp_tw_recycle = 0
 # short FIN timeout
-net.ipv4.tcp_fin_timeout = 30
+net.ipv4.tcp_fin_timeout = 20
 # Increase max orphans
 net.ipv4.tcp_max_orphans = 16384
 # short keepalive time
-net.ipv4.tcp_keepalive_time = 7200
+net.ipv4.tcp_keepalive_time = 1200
 # outbound port range
-net.ipv4.ip_local_port_range = 9999 65000
+net.ipv4.ip_local_port_range = 10000 65000
 # max SYN backlog
-net.ipv4.tcp_max_syn_backlog = 10240
+net.ipv4.tcp_max_syn_backlog = 4096
 # max timewait sockets held by system simultaneously
 net.ipv4.tcp_max_tw_buckets = 10000
 # turn on TCP Fast Open on both client and server side
 net.ipv4.tcp_fastopen = 3
 # TCP buffer
-net.ipv4.tcp_mem = 8092 131072 67108864
+net.ipv4.tcp_mem = 134217728 134277728 134217728
 # UDP buffer
 net.ipv4.udp_mem = 8092 131072 67108864
 # TCP receive buffer
-net.ipv4.tcp_rmem = 4096 87380 33554432
+net.ipv4.tcp_rmem = 4096 87380 134217728
 # TCP write buffer
-net.ipv4.tcp_wmem = 4096 65536 33554432
+net.ipv4.tcp_wmem = 4096 87380 134217728
 # turn on path MTU discovery
 net.ipv4.tcp_mtu_probing = 0
 # for low-latency network, use cubic instead
-net.ipv4.tcp_congestion_control = bbr
+net.ipv4.tcp_congestion_control = olia
 net.core.default_qdisc = fq
 # Default conntrack is too small
 net.netfilter.nf_conntrack_max = 524288
 net.netfilter.nf_conntrack_buckets=131072
 net.netfilter.nf_conntrack_tcp_timeout_established = 86400
-net.ipv4.conf.all.log_martians = 0
+# Default conntrack is too small
-net.ipv4.conf.default.log_martians = 0
+net.netfilter.nf_conntrack_max = 131072
 # MPTCP settings
 net.mptcp.mptcp_checksum = 0
-net.mptcp.mptcp_syn_retries = 4
+net.mptcp.mptcp_syn_retries = 20
 net.mptcp.mptcp_scheduler = blest
 net.ipv4.tcp_ecn = 2
--- a/shorewall4/interfaces
+++ b/shorewall4/interfaces
@ -14,13 +14,9 @@
 ?FORMAT 2
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
-net	$NET_IFACE	dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
+net	eth0		dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
-vpn	gt-tun+		nosmurfs,tcpflags
+vpn	gt-tun0		nosmurfs,routefilter,logmartians,tcpflags
-vpn	gt-udp-tun+	nosmurfs,tcpflags
+vpn	gt-udp-tun0	nosmurfs,routefilter,logmartians,tcpflags
-vpn	mlvpn+		nosmurfs,tcpflags
+vpn	mlvpn0		nosmurfs,routefilter,logmartians,tcpflags
-vpn	tun+		nosmurfs,tcpflags
+vpn	tun0		nosmurfs,routefilter,logmartians,tcpflags
-vpn	wg+		nosmurfs,tcpflags
+
 vpncl	client-wg+	nosmurfs,tcpflags
 vpn	dsvpn+		nosmurfs,tcpflags
 vpn	gre-user+	nosmurfs,tcpflags
 vpn	omr-bonding	nosmurfs,tcpflags
--- a/shorewall4/params
+++ b/shorewall4/params
@ -22,5 +22,4 @@
 #	net	eth0		130.252.100.255	routefilter,norfc1918
 #
 ###############################################################################
 INCLUDE params.net
 INCLUDE params.vpn
--- a/shorewall4/params.net
+++ b/shorewall4/params.net
@ -1 +0,0 @@
 NET_IFACE=eth0
--- a/shorewall4/params.vpn
+++ b/shorewall4/params.vpn
@ -1,3 +1,3 @@
-VPS_ADDR=10.255.252.1
+VPS_ADDR=10.255.255.1
-OMR_ADDR=10.255.252.2
+OMR_ADDR=10.255.255.2
-VPS_IFACE=tun0
+VPS_IFACE=gt-tun0
--- a/shorewall4/policy
+++ b/shorewall4/policy
@ -17,10 +17,7 @@ vpn             net             ACCEPT
 vpn             fw             ACCEPT
 fw              vpn             ACCEPT
 fw              net             ACCEPT
-net             all             DROP
+net             all             DROP            info
 vpn		vpn		DROP
 vpncl		vpn		ACCEPT
 vpn		vpncl		ACCEPT
 # THE FOLLOWING POLICY MUST BE LAST
-all		all		REJECT
+all             all             REJECT          info
--- a/shorewall4/shorewall.conf
+++ b/shorewall4/shorewall.conf
@ -39,7 +39,7 @@ INVALID_LOG_LEVEL=
 LOG_BACKEND=
-LOG_MARTIANS=No
+LOG_MARTIANS=Yes
 LOG_VERBOSITY=2
@ -108,11 +108,10 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT=Drop
 DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
-REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
+REJECT_DEFAULT=Reject
 ###############################################################################
 #			 R S H / R C P	C O M M A N D S
@ -145,17 +144,17 @@ BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
-#CHAIN_SCRIPTS=Yes
+CHAIN_SCRIPTS=Yes
 CLAMPMSS=No
-CLEAR_TC=No
+CLEAR_TC=Yes
 COMPLETE=No
 DEFER_DNS_RESOLUTION=Yes
-DELETE_THEN_ADD=No
+DELETE_THEN_ADD=Yes
 DETECT_DNAT_IPADDRS=No
@ -181,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
-#INLINE_MATCHES=No
+INLINE_MATCHES=No
 IPSET_WARNINGS=Yes
@ -189,7 +188,7 @@ IP_FORWARDING=On
 KEEP_RT_TABLES=No
-#LOAD_HELPERS_ONLY=Yes
+LOAD_HELPERS_ONLY=Yes
 MACLIST_TABLE=filter
@ -197,13 +196,13 @@ MACLIST_TTL=
 MANGLE_ENABLED=Yes
-#MAPOLDACTIONS=No
+MAPOLDACTIONS=No
 MARK_IN_FORWARD_CHAIN=No
 MINIUPNPD=No
-#MODULE_SUFFIX=ko
+MODULE_SUFFIX=ko
 MULTICAST=No
@ -233,7 +232,7 @@ SAVE_ARPTABLES=No
 SAVE_IPSETS=No
-TC_ENABLED=No
+TC_ENABLED=Internal
 TC_EXPERT=No
--- a/shorewall4/snat
+++ b/shorewall4/snat
@ -15,16 +15,9 @@
 ###########################################################################################################################################
 #ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
-MASQUERADE		10.255.247.0/24,\
+MASQUERADE		10.0.0.0/8,\
 			10.255.248.0/24,\
 			10.255.250.0/24,\
 			10.255.251.0/24,\
 			10.255.252.0/24,\
 			10.255.253.0/24,\
 			10.255.254.0/24,\
 			10.255.255.0/24,\
 			169.254.0.0/16,\
 			172.16.0.0/12,\
-			192.168.0.0/16		$NET_IFACE
+			192.168.0.0/16		eth0
 # SNAT from VPN server for all VPN clients
 #SNAT($VPS_ADDR)		0.0.0.0/0		$VPS_IFACE
--- a/shorewall4/stoppedrules
+++ b/shorewall4/stoppedrules
@ -13,18 +13,12 @@
 ###############################################################################
 #ACTION         SOURCE          DEST            PROTO   DEST            SOURCE
 #                                                       PORT(S)         PORT(S)
-ACCEPT          gt-tun+         -
+ACCEPT          gt-tun0         -
-ACCEPT          -               gt-tun+
+ACCEPT          -               gt-tun0
-ACCEPT          gt-udp-tun+     -
+ACCEPT          gt-udp-tun0     -
-ACCEPT          -               gt-udp-tun+
+ACCEPT          -               gt-udp-tun0
-ACCEPT          mlvpn+		-
+ACCEPT          mlvpn0		-
-ACCEPT          -               mlvpn+
+ACCEPT          -               mlvpn0
-ACCEPT          dsvpn+		-
+ACCEPT          tun0		-
-ACCEPT          -               dsvpn+
+ACCEPT          -               tun0
 ACCEPT          tun+		-
 ACCEPT          -               tun+
 ACCEPT          wg+		-
 ACCEPT          -               wg+
 ACCEPT          client-wg+	-
 ACCEPT          -               client-wg+
--- a/shorewall4/tcinterfaces
+++ b/shorewall4/tcinterfaces
@ -1,3 +0,0 @@
 #INTERFACE             TYPE          IN-BANDWIDTH        OUT-BANDWIDTH
 $NET_IFACE		External
 #$VPS_IFACE		Internal
--- a/shorewall4/zones
+++ b/shorewall4/zones
@ -16,5 +16,4 @@
 fw      firewall
 net     ipv4
 vpn     ipv4
 vpncl   ipv4
--- a/shorewall6/interfaces
+++ b/shorewall6/interfaces
@ -14,6 +14,6 @@
 ?FORMAT 2
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
-net	$NET_IFACE            dhcp,tcpflags,rpfilter,forward=1,routeback
+net	eth0            dhcp,tcpflags,rpfilter,forward=1
-vpn	omr-6in4-user+        tcpflags,forward=1,routeback
+vpn	omr-6in4        tcpflags,forward=1
--- a/shorewall6/params
+++ b/shorewall6/params
@ -21,5 +21,3 @@
 #	net	eth0		-	dhcp,nosmurfs
 #
 ###############################################################################
 INCLUDE params.net
 INCLUDE params.vpn
--- a/shorewall6/params.net
+++ b/shorewall6/params.net
@ -1 +0,0 @@
 NET_IFACE=eth0
--- a/shorewall6/params.vpn
+++ b/shorewall6/params.vpn
@ -1 +0,0 @@
 OMR_ADDR=fe80::a00:2
--- a/shorewall6/policy
+++ b/shorewall6/policy
@ -13,9 +13,9 @@
 ###############################################################################
 #SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
-vpn             all             ACCEPT
+vpn             all             ACCEPT		info
 fw              all             ACCEPT
-net             all             DROP
+net             all             DROP            info
 # THE FOLLOWING POLICY MUST BE LAST
-all             all             REJECT
+all             all             REJECT          info
--- a/shorewall6/rules
+++ b/shorewall6/rules
@ -30,18 +30,18 @@ DNS(ACCEPT)     $FW             net
 #
 #       Allow Ping from/to the VPN
 #
-ACCEPT		vpn		$FW		ipv6-icmp
+Ping(ACCEPT)    vpn             $FW
-ACCEPT		vpn		net		ipv6-icmp
+Ping(ACCEPT)    vpn             net
-ACCEPT		$FW		vpn		ipv6-icmp
+Ping(ACCEPT)    $FW             vpn
 #
 #       Allow Ping from the firewall to the network
 #
-ACCEPT		$FW		net		ipv6-icmp
+Ping(ACCEPT)    $FW             net
 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #
-#DROP		net             $FW		ipv6-icmp
+#Ping(DROP)     net             $FW
-ACCEPT		net		$FW		ipv6-icmp
+Ping(ACCEPT)    net             $FW
 #
 #	Accept connection from port > 65000 for shadowsocks and glorytun on the firewall
 #
@ -54,8 +54,7 @@ ACCEPT          net             $FW             tcp     65222
 #
 #	DHCP forward to the VPN from the firewall
 #
-ACCEPT		$FW		vpn		udp	53
+DHCPfwd(ACCEPT)	$FW		vpn
 ACCEPT		vpn		net		udp	53
 #
 #	Redirect all port from 1 to 64999 to the VPN client from the network
 #
--- a/shorewall6/shorewall6.conf
+++ b/shorewall6/shorewall6.conf
@ -105,11 +105,10 @@ TC=
 ###############################################################################
 ACCEPT_DEFAULT=none
-BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
+DROP_DEFAULT=Drop
 DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
 NFQUEUE_DEFAULT=none
 QUEUE_DEFAULT=none
-REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
+REJECT_DEFAULT=Reject
 ###############################################################################
 #			 R S H / R C P	C O M M A N D S
@ -138,7 +137,7 @@ BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
-#CHAIN_SCRIPTS=Yes
+CHAIN_SCRIPTS=Yes
 CLAMPMSS=No
@ -168,7 +167,7 @@ IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
-#INLINE_MATCHES=No
+INLINE_MATCHES=No
 IPSET_WARNINGS=Yes
@ -176,7 +175,7 @@ IP_FORWARDING=On
 KEEP_RT_TABLES=Yes
-#LOAD_HELPERS_ONLY=Yes
+LOAD_HELPERS_ONLY=Yes
 MACLIST_TABLE=filter
--- a/shorewall6/snat
+++ b/shorewall6/snat
@ -16,6 +16,6 @@
 #ACTION			SOURCE			DEST            PROTO	PORT	IPSEC	MARK	USER	SWITCH	ORIGDEST	PROBABILITY
 #
 MASQUERADE		fe80::/10,\
-			fd00::/8		$NET_IFACE
+			fd00::/8		eth0
 # SNAT from VPN server for all VPN clients
-#SNAT(fe80::a00:1)		::/0		omr-6in4-user+
+SNAT(fe80::a00:1)		::/0		omr-6in4
--- a/shorewall6/stoppedrules
+++ b/shorewall6/stoppedrules
@ -13,6 +13,6 @@
 ###############################################################################
 #ACTION         SOURCE          DEST            PROTO   DEST            SOURCE
 #                                                       PORT(S)         PORT(S)
-#ACCEPT		omr-6in4	-
+ACCEPT		omr-6in4	-
-#ACCEPT		-		omr-6in4
+ACCEPT		-		omr-6in4
--- a/tun0.glorytun
+++ b/tun0.glorytun
@ -1,7 +1,6 @@
 PORT=65001
 HOST=0.0.0.0
 DEV=tun0
 SERVER=true
 MPTCP=true
 IPV6=true
-OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue"
+OPTIONS="chacha20 multiqueue keepalive"
--- a/tun0.glorytun-udp
+++ b/tun0.glorytun-udp
@ -1,6 +1,4 @@
 BIND=0.0.0.0
 BIND_PORT=65001
 HOST=0.0.0.0
 PORT=5000
 DEV=tun0
 OPTIONS="chacha persist"
--- a/ubond.network
+++ b/ubond.network
@ -1,17 +0,0 @@
 [Match]
 Name=ubond*
 [Network]
 Description=UBOND tunnel
 Address=10.255.248.1/24
 DHCPServer=yes
 IPMasquerade=yes
 [DHCPServer]
 PoolOffset=2
 PoolSize=50
 EmitDNS=no
 EmitNTP=no
 DNS=9.9.9.9
 DefaultLeaseTimeSec=12h
 MaxLeaseTimeSec=24h
--- a/ubond0.conf
+++ b/ubond0.conf
@ -1,42 +0,0 @@
 [general]
 tuntap = "tun"
 mode = "server"
 interface_name = "ubond0"
 timeout = 30
 password = "UBOND_PASS"
 reorder_buffer = yes
 reorder_buffer_size = 64
 loss_tolerence = 50
 [wan1]
 bindport = 65251
 bindhost = "0.0.0.0"
 [wan2]
 bindport = 65252
 bindhost = "0.0.0.0"
 [wan3]
 bindport = 65253
 bindhost = "0.0.0.0"
 [wan4]
 bindport = 65254
 bindhost = "0.0.0.0"
 [wan5]
 bindport = 65255
 bindhost = "0.0.0.0"
 [wan6]
 bindport = 65256
 bindhost = "0.0.0.0"
 [wan7]
 bindport = 65257
 bindhost = "0.0.0.0"
 [wan8]
 bindport = 65258
 bindhost = "0.0.0.0"
--- a/ubond@.service.in
+++ b/ubond@.service.in
@ -1,16 +0,0 @@
 [Unit]
 Description=UBOND connection to %i
 PartOf=ubond.service
 ReloadPropagatedFrom=ubond.service
 After=network.target network-online.target
 [Service]
 Type=notify
 NotifyAccess=main
 ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
 ExecReload=/bin/kill -HUP $MAINPID
 WorkingDirectory=/etc/ubond
 Restart=always
 [Install]
 WantedBy=multi-user.target
--- a/ubuntu18.04-x86_64.sh
+++ b/ubuntu18.04-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/ubuntu19.04-x86_64.sh
+++ b/ubuntu19.04-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/ubuntu20.04-x86_64.sh
+++ b/ubuntu20.04-x86_64.sh
@ -1 +0,0 @@
 debian9-x86_64.sh
--- a/update-grub.sh
+++ b/update-grub.sh
@ -8,17 +8,15 @@ config_file="$(find /boot/grub* -maxdepth 1 -name grub.cfg 2>/dev/null)"
 deflt_file="$(find /etc/default \( -name grub -o -name grub2 \) 2>/dev/null)"
 [ $deflt_file ] || exit 0
-#if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
+if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
 	x=0
 	sed -n -e 's@\([^'\"\'']*\)['\"\'']\([^'\"\'']*\).*@\1\2@' -e '/\(menuentry\) /p' <$config_file | \
 		while IFS= read ln
 		do
 			if [ -n "$(echo $ln | grep $kernel)" ]; then
-				x=$(expr $x - 1)
+				sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"$x\"@" $deflt_file
 				sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"1>$x\"@" $deflt_file
 				[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
 				exit 0
 			fi
 			x=$(expr $x + 1)
 		done | sed 's@\(menuentry\) @@'
-#fi
+fi
--- a/v2ray-server.json
+++ b/v2ray-server.json
@ -1,220 +0,0 @@
 {
 	"log": {
 		"loglevel": "error",
 		"error": "/tmp/v2rayError.log"
 	},
 	"transport": {
 		"tcpSettings": {},
 		"wsSettings": {},
 		"kcpSettings": {
 			"mtu": 1460,
 			"tti": 10,
 			"uplinkCapacity": 100,
 			"downlinkCapacity": 100,
 			"congestion": false,
 			"readBufferSize": 8,
 			"writeBufferSize": 8
 		}
 	},
 	"inbounds": [
 		{
 			"tag": "omrin-tunnel",
 			"port": 65228,
 			"protocol": "vless",
 			"settings": {
 				"decryption": "none",
 				"clients": [
 					{
 						"id": "V2RAY_UUID",
 						"level": 0,
 						"alterId": 0,
 						"email": "openmptcprouter"
 					}
 				]
 			},
 			"streamSettings": {
 				"sockopt": {
 					"mptcp": true,
 					"mark": 0
 				},
 				"network": "tcp",
 				"security": "tls",
 				"tlsSettings": {
 					"certificates": [
 						{
 							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
 							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
 						}
 					]
 				}
 			}
 		},
 		{
 			"tag": "omrin-vmess-tunnel",
 			"port": 65230,
 			"protocol": "vmess",
 			"settings": {
 				"decryption": "none",
 				"clients": [
 					{
 						"id": "V2RAY_UUID",
 						"level": 0,
 						"alterId": 0,
 						"email": "openmptcprouter"
 					}
 				]
 			},
 			"streamSettings": {
 				"sockopt": {
 					"mptcp": true,
 					"mark": 0
 				},
 				"network": "tcp",
 				"security": "tls",
 				"tlsSettings": {
 					"certificates": [
 						{
 							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
 							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
 						}
 					]
 				}
 			}
 		},
 		{
 			"tag": "omrin-socks-tunnel",
 			"port": 65231,
 			"protocol": "socks",
 			"settings": {
 				"auth": "password",
 				"accounts": [
 					{
 						"pass": "V2RAY_UUID",
 						"user": "openmptcprouter"
 					}
 				]
 			},
 			"streamSettings": {
 				"sockopt": {
 					"mptcp": true,
 					"mark": 0
 				},
 				"network": "tcp",
 				"security": "tls",
 				"tlsSettings": {
 					"certificates": [
 						{
 							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
 							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
 						}
 					]
 				}
 			}
 		},
 		{
 			"tag": "omrin-trojan-tunnel",
 			"port": 65229,
 			"protocol": "trojan",
 			"settings": {
 				"clients": [
 					{
 						"password": "V2RAY_UUID",
 						"email": "openmptcprouter",
 						"level": 0
 					}
 				]
 			},
 			"streamSettings": {
 				"sockopt": {
 					"mptcp": true,
 					"mark": 0
 				},
 				"network": "tcp",
 				"security": "tls",
 				"tlsSettings": {
 				"certificates": [
 						{
 							"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
 							"keyFile": "/etc/openvpn/ca/pki/private/server.key"
 						}
 					]
 				}
 			}
 		},
 		{
 			"listen": "127.0.0.1",
 			"port": 10085,
 			"protocol": "dokodemo-door",
 			"settings": {
 				"address": "127.0.0.1"
 			},
 			"tag": "api"
 		}
 	],
 	"outbounds": [
 		{
 			"protocol": "freedom",
 			"settings": {
 				"userLevel": 0
 			},
 			"tag": "direct"
 		}
 	],
 	"routing": {
 		"rules": [
 			{
 				"type": "field",
 				"inboundTag": [
 					"omrin-tunnel",
 					"omrin-vmess-tunnel",
 					"omrin-socks-tunnel",
 					"omrin-trojan-tunnel"
 				],
 				"outboundTag": "OMRLan",
 				"domain": [
 					"full:omr.lan"
 				]
 			},
 			{
 				"inboundTag": [
 					"api"
 				],
 				"outboundTag": "api",
 				"type": "field"
 			}
 		]
 	},
 	"reverse": {
 		"portals": [
 			{
 				"tag": "OMRLan",
 				"domain": "omr.lan"
 			}
 		]
 	},
 	"stats": {},
 	"api": {
 		"tag": "api",
 		"services": [
 			"HandlerService",
 			"LoggerService",
 			"StatsService"
 		]
 	},
 	"policy": {
 		"levels": {
 			"0": {
 				"uplinkOnly": 0,
 				"downlinkOnly": 0,
 				"bufferSize": 512,
 				"connIdle": 2400,
 				"statsUserUplink": true,
 				"statsUserDownlink": true
 			}
 		},
 		"system": {
 			"statsInboundUplink": true,
 			"statsInboundDownlink": true
 		}
 	}
 }
--- a/Show more
+++ b/Show more