diff --git a/bin/v2ray-plugin-linux-amd64-v1.2.0-2-g68e2207.tar.gz b/bin/v2ray-plugin-linux-amd64-v1.2.0-2-g68e2207.tar.gz deleted file mode 100644 index e073734..0000000 Binary files a/bin/v2ray-plugin-linux-amd64-v1.2.0-2-g68e2207.tar.gz and /dev/null differ diff --git a/config.json b/config.json index 968b3df..562fee3 100644 --- a/config.json +++ b/config.json @@ -5,7 +5,7 @@ "mode":"tcp_and_udp", "key":"MySecretKey", "timeout":600, - "method":"chacha20-ietf-poly1305", + "method":"chacha20", "verbose":0, "prefer_ipv6": false, "fast_open": true, diff --git a/debian-x86_64.sh b/debian-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian.sh b/debian.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index db2a6a9..0000000 --- a/debian/changelog +++ /dev/null @@ -1,23 +0,0 @@ -omr-server (0.1030) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Wed, 10 Apr 2024 19:35:34 +0200 - -omr-server (0.1028) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Fri, 14 Oct 2022 09:02:22 +0200 - -omr-server (0.1026) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Mon, 14 Jun 2021 07:43:42 +0200 - -omr-server (0.1025-test) unstable; urgency=medium - - * Wireguard support and fixed - - -- OpenMPTCProuter Thu, 04 Mar 2021 14:36:12 +0200 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 9a03714..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -10 \ No newline at end of file diff --git a/debian/control b/debian/control deleted file mode 100644 index 72af96a..0000000 --- a/debian/control +++ /dev/null @@ -1,37 +0,0 @@ -Source: omr-server -Section: net -Priority: optional -Maintainer: OpenMPTCProuter -Build-Depends: debhelper (>= 10) -X-Python-Version: >= 3.2 -Standards-Version: 0.0.1 -Homepage: https://github.com/ysurac/openmptcprouter-vps - -Package: omr-server -Architecture: all -Multi-Arch: foreign -Depends: - curl, - rename, - libcurl4, - unzip, - tracebox, - omr-iperf3, - omr-shadowsocks-libev (= 3.3.5-2), - omr-vps-admin (= 0.3+20210508), - omr-simple-obfs, - omr-mlvpn (= 3.0.0+20201216.git.2263bab), - omr-glorytun (= 0.3.4-4), - omr-glorytun-tcp (= 0.0.35-3), - omr-dsvpn (= 0.1.4-2), - shorewall, - shorewall6, - iptables, - v2ray-plugin (= 4.35.1), - v2ray (=4.35.1), - linux-image-5.4.100-mptcp (= 1.18+9d3f35b), - ${misc:Depends} -Provides: omr-server -Conflicts: omr-server -Replaces: omr-server -Description: OpenMPTCProuter Server script \ No newline at end of file diff --git a/debian/postinst b/debian/postinst deleted file mode 100644 index 57ee50d..0000000 --- a/debian/postinst +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -e - -test $DEBIAN_SCRIPT_DEBUG && set -v -x - -# use debconf -. /usr/share/debconf/confmodule - -sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -systemctl daemon-reload -systemctl restart omr-update - -db_stop - -#DEBHELPER# -exit 0 -# vim:set ai et sts=2 sw=2 tw=0: \ No newline at end of file diff --git a/debian/rules b/debian/rules deleted file mode 100755 index 9a69cc6..0000000 --- a/debian/rules +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/make -f -#export DH_VERBOSE = 1 - -# Security Hardening -export DEB_BUILD_MAINT_OPTIONS = hardening=+all - -%: - dh $@ - -override_dh_auto_install: - mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server - find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' - cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin - touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin - diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian11-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian12-x86_64.sh b/debian12-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian12-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian9-x86_64-mlvpn.sh b/debian9-x86_64-mlvpn.sh new file mode 100644 index 0000000..6801066 --- /dev/null +++ b/debian9-x86_64-mlvpn.sh @@ -0,0 +1,145 @@ +#!/bin/sh +MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} +INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | awk '{print $5}' | tr -d "\n")} +DEBIAN_VERSION=$(sed 's/\..*//' /etc/debian_version) + +set -e +umask 0022 +update="0" +if [ $DEBIAN_VERSION -ne 9 ]; then + echo "This script only work with Debian Stretch (9.x)" + exit 1 +fi + +if [ -f "/etc/mlvpn/mlvpn0.conf" ] ; then + update="1" +fi +if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then + echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf +fi + +# Install MLVPN +if systemctl -q is-active mlvpn@mlvpn0.service; then + systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 +fi +apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip +rm -rf /tmp/MLVPN-new-reorder +cd /tmp +#wget -O /tmp/mlvpn-2.3.2.tar.gz https://github.com/zehome/MLVPN/archive/2.3.2.tar.gz +wget -O /tmp/new-reorder.zip https://github.com/markfoodyburton/MLVPN/archive/new-reorder.zip +cd /tmp +#tar xzf mlvpn-2.3.2.tar.gz +#cd MLVPN-2.3.2 +unzip new-reorder.zip +cd MLVPN-new-reorder +./autogen.sh +./configure --sysconfdir=/etc +make +make install +wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/server/mlvpn.network +mkdir -p /etc/mlvpn +if [ "$update" = "0" ]; then + wget -O /etc/mlvpn/mlvpn0.conf https://www.openmptcprouter.com/server/mlvpn0.conf + sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf +fi +chmod 0600 /etc/mlvpn/mlvpn0.conf +adduser --quiet --system --home /var/opt/mlvpn --shell /usr/sbin/nologin mlvpn +mkdir -p /var/opt/mlvpn +usermod -d /var/opt/mlvpn mlvpn +chown mlvpn /var/opt/mlvpn +systemctl enable mlvpn@mlvpn0.service +systemctl enable systemd-networkd.service +cd /tmp +#rm -rf /tmp/MLVPN-2.3.2 +rm -rf /tmp/MLVPN-new-reorder + +# Add OMR support +wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/server/omr-service +chmod 755 /usr/local/bin/omr-service +wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/server/omr.service.in +if systemctl -q is-active omr-6in4.service; then + systemctl -q stop omr-6in4 > /dev/null 2>&1 + systemctl -q disable omr-6in4 > /dev/null 2>&1 +fi +systemctl enable omr.service + +# Change SSH port to 65222 +sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config +sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config + +# Remove Bind9 if available +#systemctl -q disable bind9 + +# Remove fail2ban if available +#systemctl -q disable fail2ban + +if [ "$update" = "0" ]; then + # Install and configure the firewall using shorewall + apt-get -y install shorewall shorewall6 + wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz https://www.openmptcprouter.com/server/openmptcprouter-shorewall.tar.gz + tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall + rm /etc/shorewall/openmptcprouter-shorewall.tar.gz + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* + systemctl enable shorewall + wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz https://www.openmptcprouter.com/server/openmptcprouter-shorewall6.tar.gz + tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 + rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + systemctl enable shorewall6 +else + # Update only needed firewall files + wget -O /etc/shorewall/interfaces https://www.openmptcprouter.com/server/shorewall4/interfaces + wget -O /etc/shorewall/snat https://www.openmptcprouter.com/server/shorewall4/snat + wget -O /etc/shorewall/stoppedrules https://www.openmptcprouter.com/server/shorewall4/stoppedrules + wget -O /etc/shorewall/params.vpn https://www.openmptcprouter.com/server/shorewall4/params.vpn + wget -O /etc/shorewall/params.net https://www.openmptcprouter.com/server/shorewall4/params.net + wget -O /etc/shorewall/params https://www.openmptcprouter.com/server/shorewall4/params + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* + sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules + wget -O /etc/shorewall6/params.net https://www.openmptcprouter.com/server/shorewall6/params.net + wget -O /etc/shorewall6/params https://www.openmptcprouter.com/server/shorewall6/params + wget -O /etc/shorewall6/interfaces https://www.openmptcprouter.com/server/shorewall6/interfaces + wget -O /etc/shorewall6/stoppedrules https://www.openmptcprouter.com/server/shorewall6/stoppedrules + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* +fi + +if [ "$update" = "0" ]; then + # Display important info + echo '==========================================================================================' + echo 'OpenMPTCProuter VPS MLVPN is now configured !' + echo 'SSH port: 65222 (instead of port 22)' + echo 'MLVPN first port: 65201' + echo 'Your MLVPN password: ' + echo $MLVPN_PASS + echo '==========================================================================================' + echo 'Keys are also saved in /root/openmptcprouter_mlvpn_config.txt, you are free to remove them' + echo '==========================================================================================' + + # Save info in file + cat > /root/openmptcprouter_mlvpn_config.txt <<-EOF + SSH port: 65222 (instead of port 22) + MLVPN first port: 65201 + Your MLVPN password: + ${MLVPN_PASS} + EOF + if [ -f "/root/openmptcprouter_config.txt" ]; then + cat >> /root/openmptcprouter_config.txt <<-EOF + MLVPN first port: 65201 + Your MLVPN password: + ${MLVPN_PASS} + EOF + fi +else + echo '====================================================================================' + echo 'OpenMPTCProuter VPS MLVPN is now updated !' + echo 'Keys are not changed, shorewall rules files preserved' + echo '====================================================================================' + echo 'Restarting mlvpn and omr...' + systemctl -q start mlvpn@mlvpn0 + systemctl -q restart omr + echo 'done' + echo 'Restarting shorewall...' + systemctl -q restart shorewall + systemctl -q restart shorewall6 + echo 'done' +fi diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh old mode 100755 new mode 100644 index 631e431..ba24012 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1,178 +1,55 @@ #!/bin/sh -# -# Copyright (C) 2018-2024 Ycarus (Yannick Chabanois) for OpenMPTCProuter -# -# This is free software, licensed under the GNU General Public License v3 or later. -# See /LICENSE for more information. -# - -KERNEL=${KERNEL:-6.6} -UPSTREAM=${UPSTREAM:-no} -[ "$UPSTREAM" = "yes" ] && KERNEL="6.1" -UPSTREAM6=${UPSTREAM6:-no} -[ "$UPSTREAM6" = "yes" ] && KERNEL="6.1" SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} -GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} -DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} +GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")} NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-yes} -V2RAY_PLUGIN=${V2RAY_PLUGIN:-no} V2RAY=${V2RAY:-yes} -V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -XRAY=${XRAY:-yes} -XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID} -SHADOWSOCKS=${SHADOWSOCKS:-yes} -SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes} -PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)} -UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)} -UPDATE_OS=${UPDATE_OS:-yes} -UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} -OMR_ADMIN_PASS_ADMIN=${OMR_ADMIN_PASS_ADMIN:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} MLVPN=${MLVPN:-yes} MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} -UBOND=${UBOND:-no} -UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} -OPENVPN_BONDING=${OPENVPN_BONDING:-yes} -DSVPN=${DSVPN:-yes} -WIREGUARD=${WIREGUARD:-yes} -FAIL2BAN=${FAIL2BAN:-yes} -SOURCES=${SOURCES:-no} -if [ "$KERNEL" != "5.4" ]; then - SOURCES="yes" -fi -NOINTERNET=${NOINTERNET:-no} -GRETUNNELS=${GRETUNNELS:-yes} -LANROUTES=${LANROUTES:-yes} -REINSTALL=${REINSTALL:-yes} -SPEEDTEST=${SPEEDTEST:-yes} -IPERF=${IPERF:-yes} -LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -[ -z "$INTERFACE6" ] && INTERFACE6="$INTERFACE" -KERNEL_VERSION="5.4.207" -KERNEL_PACKAGE_VERSION="1.22" -KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -#if [ "$KERNEL" = "5.15" ]; then -# KERNEL_VERSION="5.15.57" -# KERNEL_PACKAGE_VERSION="1.6" -# KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" -#fi -if [ "$KERNEL" = "6.1" ]; then - KERNEL_VERSION="6.1.0" - KERNEL_PACKAGE_VERSION="1.30" - KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -fi -GLORYTUN_UDP=${GLORYTUN_UDP:-yes} -GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" -GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" -GLORYTUN_TCP=${GLORYTUN_TCP:-yes} -# Old Glorytun TCP version if sources is not enabled... -GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" -#MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" -MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" -MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" -UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" -OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="7e98b32ebf549f87e9d20072acc80a87a562cb7d" -OMR_ADMIN_BINARY_VERSION="0.14+20250220" -#OMR_ADMIN_BINARY_VERSION="0.3+20220827" -DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" -DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="5.7.0" -V2RAY_PLUGIN_VERSION="4.43.0" -XRAY_VERSION="24.11.5" -EASYRSA_VERSION="3.0.6" -#SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b" -#fi -IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" -SHADOWSOCKS_BINARY_VERSION="3.3.5-3" -SHADOWSOCKS_GO_VERSION="1.13.0" -DEFAULT_USER="openmptcprouter" +KERNEL_VERSION="4.19.56" +#KERNEL_VERSION="4.14.110" +KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.1+a289cca" +#KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_1.0+4c83d3a" +GLORYTUN_UDP_VERSION="5e89ebc55003b4af395ec58dce301046f9a3e7b7" +MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" +OBFS_VERSION="5cbfdcc28cdc912852cc3c99e3c7f5603d337805" +OMR_ADMIN_VERSION="172a02677857b895539e1e5634dc4aeb6bb2ddfb" +V2RAY_VERSION="v1.1.0" +SHADOWSOCKS_VERSION="3.2.5" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server-test" -VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} -VPSURL="https://www.openmptcprouter.com/" -REPO="repo.openmptcprouter.com" -CHINA=${CHINA:-no} -OMR_VERSION="0.1032-test" +OMR_VERSION="0.999" -DIR=$( pwd ) -#" set -e umask 0022 export LC_ALL=C export PATH=$PATH:/sbin export DEBIAN_FRONTEND=noninteractive - -echo "Check user..." -if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi - -# Check Kernel -if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ] && [ "$KERNEL" != "6.12" ]; then - echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported" - exit 1 -fi +rm -f /var/lib/dpkg/lock # Check Linux version -echo "Check Linux version..." if test -f /etc/os-release ; then . /etc/os-release else . /usr/lib/os-release fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then - echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" +if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then + echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" exit 1 -elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then - echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04" - echo "Use debian when possible" +elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ]; then + echo "This script only work with Ubuntu 18.04" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" - echo "Use Debian when possible" + echo "This script only work with Ubuntu 18.04 or Debian Stretch (9.x)" exit 1 fi -echo "Check architecture..." -ARCH=$(dpkg --print-architecture | tr -d "\n") -if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then - echo "Only x86_64 (amd64) is supported on this OS" - exit 1 -fi - -if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then - echo "Check virtualized environment" - VIRT="$(systemd-detect-virt 2>/dev/null || true)" - if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then - echo "Container are not supported: kernel can't be modified." - exit 1 - fi -fi - -# Check if DPKG is locked and for broken packages -#dpkg -i /dev/zero 2>/dev/null -#if [ "$?" -eq 2 ]; then -# echo "E: dpkg database is locked. Check that an update is not running in background..." -# exit 1 -#fi -echo "Check about broken packages..." -if ! eval apt-get check >/dev/null 2>&1 ; then - if ! eval apt-get -f install -y 2>&1 ; then - echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." - exit 1 - fi -fi - # Fix old string... if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd @@ -182,1141 +59,237 @@ if [ -f /etc/motd.head ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd.head ; fi # Check if OpenMPTCProuter VPS is already installed -echo "Check if OpenMPTCProuter VPS is already installed..." update="0" -if [ "$UPDATE" = "yes" ]; then - if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then - update="1" - elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then - update="1" - elif [ -f /root/openmptcprouter_config.txt ]; then - update="1" - fi - echo "Update mode" -fi -# Force update key -#[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { -# echo "Update OpenMPTCProuter repo key" -# #wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - -# wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg -#} - -CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" -if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then - exit 1 -fi - -# Force update key -[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { - echo "Update ${REPO} key" - apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' >/dev/null 2>&1 - if [ "$CHINA" = "yes" ]; then - #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - - wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg - else - #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg - fi -} - -echo "Remove lock and update packages list..." -rm -f /etc/apt/sources.list.d/xanmod* -rm -f /etc/apt/trusted.gpg.d/xanmod* - -rm -f /var/lib/dpkg/lock -rm -f /var/lib/dpkg/lock-frontend -rm -f /var/cache/apt/archives/lock -rm -f /etc/apt/sources.list.d/buster-backports.list -rm -f /etc/apt/sources.list.d/stretch-backports.list -[ ! -f /etc/apt/sources.list ] && touch /etc/apt/sources.list -sed -i '/buster-backports/d' /etc/apt/sources.list -sed -i '/stretch-backports/d' /etc/apt/sources.list -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then - apt-get update -else - apt-get update --allow-releaseinfo-change -fi -rm -f /var/lib/dpkg/lock -rm -f /var/lib/dpkg/lock-frontend -rm -f /var/cache/apt/archives/lock -echo "Install apt-transport-https, gnupg and openssh-server..." -apt-get -y install apt-transport-https gnupg openssh-server libcrypt1 zstd - -#if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Debian 9 Stretch to Debian 10 Buster" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - sed -i 's:stretch:buster:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - VERSION_ID="10" -fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Debian 10 Buster to Debian 11 Bullseye" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - sed -i 's:buster:bullseye:g' /etc/apt/sources.list - sed -i 's:archive:deb:g' /etc/apt/sources.list - sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - VERSION_ID="11" -fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Debian 11 Bullseye to Debian 12 Bookworm" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - sed -i 's:archive:deb:g' /etc/apt/sources.list - sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - VERSION_ID="12" -fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Ubuntu 18.04 to Ubuntu 20.04" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade - sed -i 's:bionic:focal:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade - VERSION_ID="20.04" -fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Ubuntu 20.04 to Ubuntu 22.04" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade - sed -i 's:focal:jammy:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade - VERSION_ID="22.04" +if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then + update="1" +elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then + update="1" +elif [ -f /root/openmptcprouter_config.txt ]; then + update="1" fi +apt-get update +apt-get -y install apt-transport-https gnupg # Add OpenMPTCProuter repo -echo "Add OpenMPTCProuter repo..." -if [ "$CHINA" = "yes" ]; then - echo "Install git..." - apt-get -y install git - if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then - #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian - git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian - fi - cd /var/lib/openmptcprouter-vps-debian - git pull -# if [ "$VPSPATH" = "server-test" ]; then -# git checkout develop -# else -# git checkout main -# fi - echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list - cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - - if [ ! -d /usr/share/omr-server-git ]; then - #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git - git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git - fi - cd /usr/share/omr-server-git - git pull - if [ "$VPSPATH" = "server-test" ]; then - git checkout develop - else - git checkout master - fi - LOCALFILES="yes" - TLS="no" - DIR="/usr/share/omr-server-git" -else - echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list - cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref - Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones - Package: * - Pin: origin ${REPO} - Pin-Priority: 1001 - EOF - if [ -n "$(echo $OMR_VERSION | grep test)" ]; then - echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list -# cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref -# Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones -# Package: * -# Pin: origin ${REPO} -# Pin-Priority: 1002 -# EOF - else - rm -f /etc/apt/sources.list.d/openmptcprouter-test.list - fi - if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then - cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref - Explanation: Prefer libuv1 Debian native package - Package: libuv1 - Pin: version * - Pin-Priority: 1003 - EOF - fi - #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg -fi +echo 'deb https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list +cat <> /etc/apt/sources.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi - # Add buster-backports repo - echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list - if [ "$VERSION_ID" = "12" ]; then - echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list - fi elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list - [ "$VERSION_ID" = "22.04" ] && { - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 - echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list - } fi -# Install mptcp kernel and shadowsocks -echo "Install mptcp kernel and shadowsocks..." -apt-get update --allow-releaseinfo-change -sleep 2 -apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset +apt-get update +wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-image-${KERNEL_RELEASE}_amd64.deb +wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb https://www.openmptcprouter.com/kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb +# Rename bzImage to vmlinuz, needed when custom kernel was used +cd /boot +apt-get -y install rename curl +rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 +#apt-get -y install linux-mptcp +dpkg --force-all -E -i /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb +dpkg --force-all -E -i /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb -if [ -z "$(dpkg-query -l | grep grub)" ]; then - if [ -d /boot/grub2 ]; then - apt-get -y install grub2 - elif [ -d /boot/grub ]; then - apt-get -y install grub-legacy - fi - [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { - echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub - } -fi +# Check if mptcp kernel is grub default kernel +echo "Set MPTCP kernel as grub default..." +wget -O /tmp/update-grub.sh https://www.openmptcprouter.com/server/update-grub.sh +cd /tmp +bash update-grub.sh ${KERNEL_VERSION}-mptcp +bash update-grub.sh ${KERNEL_RELEASE} +echo "Install tracebox and iperf3 OpenMPTCProuter edition" +apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox omr-iperf3 -if [ -z "$(dpkg-query -l | grep grub)" ]; then - if [ -d /boot/grub2 ]; then - apt-get -y install grub2 - elif [ -d /boot/grub ]; then - apt-get -y install grub-legacy - fi - [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { - echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub - } -fi -if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then - if [ "$SOURCES" = "yes" ]; then - wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb - # Rename bzImage to vmlinuz, needed when custom kernel was used - cd /boot - apt-get -y install git - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - #apt-get -y install linux-mptcp - #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp - #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE} source release" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb - fi - else - cd /boot - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE}" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} - fi - fi - - - # Check if mptcp kernel is grub default kernel - echo "Set MPTCP kernel as grub default..." - if [ "$LOCALFILES" = "no" ]; then - wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh - cd /tmp - else - cd ${DIR} - fi - [ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg - rm -f /etc/grub.d/30_os-prober - bash update-grub.sh ${KERNEL_VERSION}-mptcp - bash update-grub.sh ${KERNEL_RELEASE} - [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg >/dev/null 2>&1 -elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - KERNEL_VERSION="6.6.36" - KERNEL_REV="0~20240628.g36640c1" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v1" ]; then - echo "psABI x86-64-v1 not supported by Xanmod kernel 6.10, use an older kernel" - exit 0 - fi - KERNEL_VERSION="6.10.2" - KERNEL_REV="0~20240728.gae7b555" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v1" ]; then - echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel" - exit 0 - fi - KERNEL_VERSION="6.11.0" - KERNEL_REV="0~20240916.g9c60408" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v4" ]; then - PSABI="x64v3" - fi - KERNEL_VERSION="6.12.15" - KERNEL_REV="0~20250219.g6e42b4c" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then - echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list - apt-get update - latestkernel=$(apt-cache search linux-image-6.6 | grep -v headers | grep -v dbg | grep -v rt | tail -n 1 | cut -d" " -f1) - latestkernelheaders=$(echo $latestkernel | sed 's/image/headers/g') - apt-get -y install $latestkernel $latestkernelheaders - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -else - if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then - apt-get -y install $(apt-cache search linux-image-unsigned-6.1 | tail -n 1 | cut -d" " -f1) - fi - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -fi - -if [ "$ARCH" = "amd64" ]; then - echo "Install tracebox OpenMPTCProuter edition" - apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox -fi -if [ "$IPERF" = "yes" ]; then - #echo "Install iperf3 OpenMPTCProuter edition" - #apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 - #chmod 644 /lib/systemd/system/iperf3.service - echo "Install iperf3" - [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1 - if [ "$SOURCES" = "yes" ]; then - apt-get -y remove iperf3 libiperf0 - apt-get -y install xz-utils devscripts - cd /tmp - rm -rf iperf-3.18 - wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz - tar xzf iperf-3.18.tar.gz - cd iperf-3.18 - wget --waitretry=1 --read-timeout=20 --timeout=15 -t 5 --continue --no-dns-cache http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz - tar xJf iperf3_3.18-1.debian.tar.xz - sleep 1 - echo "Install iperf3 dependencies..." - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - echo "Build iperf3 package...." - dpkg-buildpackage -b -us -uc >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - cd /tmp - echo "Install iperf3 package..." - dpkg -i iperf3_3.18-1_amd64.deb libiperf0_3.18-1_amd64.deb >/dev/null 2>&1 - rm -rf iperf-3.18 - rm -f iperf* libiperf* - else - apt-get -y install iperf3 libiperf0 - fi - if [ ! -f "/etc/iperf3/private.pem" ]; then - mkdir -p /etc/iperf3 - openssl genrsa -out /etc/iperf3/private.pem 2048 - openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem - IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }') - echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv - fi - chown -Rf iperf3 /etc/iperf3 || true - systemctl enable iperf3.service || true - mkdir -p /etc/systemd/system/iperf3.service.d - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf - else - cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf - fi - echo "iperf3 installed" -fi - +#apt -t stretch-backports -y install shadowsocks-libev +## Compile Shadowsocks +rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} +wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz +cd /tmp +tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz +cd shadowsocks-libev-${SHADOWSOCKS_VERSION} +wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch +patch -p1 < 020-NOCRYPTO.patch +# Shadowsocks eBPF support +#wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch +#patch -p1 < 030-eBPF.patch +#rm -f /var/lib/dpkg/lock +#apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev +#cd /tmp +#rm -rf libbpf +#git clone https://github.com/libbpf/libbpf.git +#cd libbpf +#if [ "$ID" = "debian" ]; then +# rm -f /var/lib/dpkg/lock +# apt -y -t stretch-backports install linux-libc-dev +#elif [ "$ID" = "ubuntu" ]; then +# rm -f /var/lib/dpkg/lock +# apt-get -y install linux-libc-dev +#fi +#BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" +#cp /tmp/libbpf/src/libbpf.so /usr/lib +#cp /tmp/libbpf/src/*.h /usr/include/bpf +#cd /tmp +#rm -rf /tmp/libbpf rm -f /var/lib/dpkg/lock -rm -f /var/lib/dpkg/lock-frontend +apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged +rm -f /var/lib/dpkg/lock +systemctl enable haveged -if [ "$KERNEL" != "5.4" ]; then - echo "Compile and install mptcpize..." - apt-get -y install --no-install-recommends build-essential - cd /tmp - apt-get -y install git - git clone https://github.com/Ysurac/mptcpize.git - cd mptcpize - make - make install - cd /tmp - rm -rf /tmp/mptcpize - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then - apt-get -y install iproute2 +if [ "$ID" = "debian" ]; then + rm -f /var/lib/dpkg/lock + if [ "$VERSION_ID" = "9" ]; then + apt -y -t stretch-backports install libsodium-dev else - echo "Compile and install iproute2..." - apt-get -y install --no-install-recommends bison libbison-dev flex - #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz - #tar xzf iproute2-5.16.0.tar.gz - #cd iproute2-5.16.0 - git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git - cd iproute2 - git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 - make - make install - cd /tmp + apt -y install libsodium-dev fi - rm -rf iproute2 - - if [ "$ID" = "debian" ]; then - echo "MPTCPize iperf3..." - mptcpize enable iperf3 >/dev/null 2>&1 || true - fi - - #if [ "$UPSTREAM6" = "yes" ]; then - # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg - # apt-get -y install systemtap - # mkdir -p /usr/share/systemtap-mptcp - # wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap - #fi +elif [ "$ID" = "ubuntu" ]; then + rm -f /var/lib/dpkg/lock + apt-get -y install libsodium-dev + systemctl enable haveged fi +cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} +rm -f /var/lib/dpkg/lock +mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" +rm -f /var/lib/dpkg/lock +dpkg-buildpackage -b -us -uc +rm -f /var/lib/dpkg/lock +cd /tmp +dpkg -i shadowsocks-libev_${SHADOWSOCKS_VERSION}-1_amd64.deb +#mkdir -p /usr/lib/shadowsocks-libev +#cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev +rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} -echo "Remove Shadowsocks-libev..." -apt-get -y remove shadowsocks-libev >/dev/null 2>&1 || true -if [ "$SHADOWSOCKS" = "yes" ]; then - echo "Install Shadowsocks-libev..." - if [ "$SOURCES" = "yes" ]; then - #apt -t stretch-backports -y install shadowsocks-libev - ## Compile Shadowsocks - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - cd /tmp - rm -rf shadowsocks-libev - git clone https://github.com/Ysurac/shadowsocks-libev.git - cd shadowsocks-libev - git checkout ${SHADOWSOCKS_VERSION} - git submodule update --init --recursive - #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch - #patch -p1 < 020-NOCRYPTO.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch - #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch - # Shadowsocks eBPF support - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch - #patch -p1 < 030-eBPF.patch - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev - #cd /tmp - #rm -rf libbpf - #git clone https://github.com/libbpf/libbpf.git - #cd libbpf - #if [ "$ID" = "debian" ]; then - # rm -f /var/lib/dpkg/lock - # apt -y -t stretch-backports install linux-libc-dev - #elif [ "$ID" = "ubuntu" ]; then - # rm -f /var/lib/dpkg/lock - # apt-get -y install linux-libc-dev - #fi - #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" - #cp /tmp/libbpf/src/libbpf.so /usr/lib - #cp /tmp/libbpf/src/*.h /usr/include/bpf - #cd /tmp - #rm -rf /tmp/libbpf - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev - apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc - sleep 1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - systemctl enable haveged - if [ "$ID" = "debian" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - if [ "$VERSION_ID" = "9" ]; then - apt -y -t stretch-backports install libsodium-dev - else - apt -y install libsodium-dev - fi - elif [ "$ID" = "ubuntu" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install libsodium-dev - fi - #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg-buildpackage -b -us -uc >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - cd /tmp - #dpkg -i shadowsocks-libev_*.deb - dpkg -i omr-shadowsocks-libev_*.deb >/dev/null 2>&1 - #mkdir -p /usr/lib/shadowsocks-libev - #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - rm -rf /tmp/shadowsocks-libev - else - apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} - fi +# Load OLIA Congestion module at boot time +if ! grep -q olia /etc/modules ; then + echo mptcp_olia >> /etc/modules +fi +# Load WVEGAS Congestion module at boot time +if ! grep -q wvegas /etc/modules ; then + echo mptcp_wvegas >> /etc/modules +fi +# Load BALIA Congestion module at boot time +if ! grep -q balia /etc/modules ; then + echo mptcp_balia >> /etc/modules fi - -echo "Add modules on server start..." # Load BBR Congestion module at boot time if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi -if [ "$KERNEL" = "5.4" ]; then - # Load OLIA Congestion module at boot time - if ! grep -q olia /etc/modules ; then - echo mptcp_olia >> /etc/modules - fi - # Load WVEGAS Congestion module at boot time - if ! grep -q wvegas /etc/modules ; then - echo mptcp_wvegas >> /etc/modules - fi - # Load BALIA Congestion module at boot time - if ! grep -q balia /etc/modules ; then - echo mptcp_balia >> /etc/modules - fi - # Load BBRv2 Congestion module at boot time - if ! grep -q bbr2 /etc/modules ; then - echo tcp_bbr2 >> /etc/modules - fi - # Load mctcpdesync Congestion module at boot time - if ! grep -q mctcp_desync /etc/modules ; then - echo mctcp_desync >> /etc/modules - fi - # Load ndiffports module at boot time - if ! grep -q mptcp_ndiffports /etc/modules ; then - echo mptcp_ndiffports >> /etc/modules - fi - # Load redundant module at boot time - if ! grep -q mptcp_redundant /etc/modules ; then - echo mptcp_redundant >> /etc/modules - fi - # Load rr module at boot time - if ! grep -q mptcp_rr /etc/modules ; then - echo mptcp_rr >> /etc/modules - fi - # Load mctcp ECF scheduler at boot time - if ! grep -q mptcp_ecf /etc/modules ; then - echo mptcp_ecf >> /etc/modules - fi - # Load mctcp BLEST scheduler at boot time - if ! grep -q mptcp_blest /etc/modules ; then - echo mptcp_blest >> /etc/modules - fi -fi - -echo "Stop OpenMPTCProuter VPS admin" -if systemctl -q is-active omr-admin.service 2>/dev/null; then - systemctl -q stop omr-admin > /dev/null 2>&1 || true -fi -if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then - systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 || true - systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 || true +if systemctl -q is-active omr-admin.service; then + systemctl -q stop omr-admin > /dev/null 2>&1 fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Install OpenMPTCProuter VPS Admin' - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then - #echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list - #echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local - #apt-get update - #apt-get -y -t buster install python3.7-dev - #apt-get -y -t buster install python3-pip python3-setuptools python3-wheel - if [ "$(whereis python3 | grep python3.7)" = "" ]; then - apt-get -y install libffi-dev build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev wget - wget -O /tmp/Python-3.7.2.tgz https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz - cd /tmp - tar xzf Python-3.7.2.tgz - cd Python-3.7.2 - ./configure --enable-optimizations - make - make altinstall - cd /tmp - rm -rf /tmp/Python-3.7.2 - update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.7 1 - update-alternatives --install /usr/bin/pip3 pip3 /usr/local/bin/pip3.7 1 - sed -i 's:/usr/bin/python3 :/usr/bin/python3\.7 :g' /usr/bin/lsb_release - fi - pip3 -q install setuptools wheel - pip3 -q install pyopenssl - else - apt-get -y install python3-openssl python3-pip python3-setuptools python3-wheel python3-dev - fi - #apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel - #apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel - if [ "$ID" = "ubuntu" ]; then - apt-get -y install python3-passlib python3-netaddr - apt-get -y remove python3-jwt - pip3 -q install pyjwt - else - if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then - if [ "$VERSION_ID" = "12" ]; then - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 - pip3 -q install uvloop --break-system-packages - else - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 - pip3 -q install uvloop - fi - else - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop - fi - fi - apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen - echo '-- pip3 install needed python modules' - echo "If you see any error here, I really don't care: it's about a module not used for home users" - #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr - #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then - #pip3 -q install netjsonconfig --break-system-packages - pip3 -q install fastapi -U --break-system-packages - pip3 -q install jsonschema -U --break-system-packages - pip3 -q install python-multipart jinja2 -U --break-system-packages - pip3 -q install starlette --break-system-packages - pip3 -q install starlette --break-system-packages - else - #pip3 -q install netjsonconfig - if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then - pip3 -q install fastapi==0.99.1 -U - else - pip3 -q install fastapi -U - fi - pip3 -q install fastapi -U - pip3 -q install jsonschema -U - pip3 -q install python-multipart jinja2 -U - pip3 -q install starlette - pip3 -q install starlette - fi - mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 - mkdir -p /etc/openmptcprouter-vps-admin/intf - #[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn - [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn - mkdir -p /var/opt/openmptcprouter - if [ "$SOURCES" = "yes" ]; then - wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in - #wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in - wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip - cd /tmp - unzip -q -o openmptcprouter-vps-admin.zip + apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel + pip3 -q install flask-jwt-simple + mkdir -p /etc/openmptcprouter-vps-admin + wget -O /lib/systemd/system/omr-admin.service https://www.openmptcprouter.com/server/omr-admin.service.in + wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip + cd /tmp + unzip -q -o openmptcprouter-vps-admin.zip + if [ -f /usr/local/bin/omr-admin.py ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then - OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") - [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 - OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 - else - cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - cd /etc/openmptcprouter-vps-admin - fi - if [ "$(grep user_password /etc/openmptcprouter-vps-admin/omr-admin-config.json)" = "" ]; then - cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ - cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - cd /etc/openmptcprouter-vps-admin - fi - rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} - chmod u+x /usr/local/bin/omr-admin.py + OMR_ADMIN_PASS=$(grep -Po '"pass":.*?[^\\]"' /etc/openmptcprouter-vps-admin/omr-admin-config.json | awk -F':' '{print $2}' | sed 's/"//g') else - if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then - OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") - [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 - OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 - fi - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} - if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then - cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ - fi - #OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - fi - if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then + sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json + cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ + cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin - openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" fi - sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - [ "$NOINTERNET" = "yes" ] && { - jq '. + {internet: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - #sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - [ "$GRETUNNELS" = "no" ] && { - jq '. + {gre_tunnels: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - #sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - [ "$LANROUTES" = "no" ] && { - jq '. + {lan_routes: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - chmod 644 /lib/systemd/system/omr-admin.service - #chmod 644 /lib/systemd/system/omr-admin-ipv6.service - #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py - #[ "$(ip -6 a)" != "" ] && { - # systemctl enable omr-admin-ipv6.service - #} + chmod u+x /usr/local/bin/omr-admin.py systemctl enable omr-admin.service - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable omr-admin.service >/dev/null 2>&1 - #[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 - fi - if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then - systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1 - systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1 - fi + rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} fi # Get shadowsocks optimization -if [ "$LOCALFILES" = "no" ]; then - if [ "$KERNEL" != "5.4" ]; then - wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf - else - wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf - fi -else - if [ "$KERNEL" != "5.4" ]; then - cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf - else - cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf - fi -fi +wget -O /etc/sysctl.d/90-shadowsocks.conf https://www.openmptcprouter.com/server/shadowsocks.conf -if [ "$SHADOWSOCKS" = "yes" ]; then - if [ "$update" != 0 ]; then - if [ ! -f /etc/shadowsocks-libev/manager.json ]; then - SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') - elif [ -f /etc/shadowsocks-libev/manager.json ]; then - SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') - fi - fi - # Install shadowsocks config and add a shadowsocks by CPU - if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json - else - cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json - fi - SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') - if [ "$NBCPU" -gt "1" ]; then - for i in $(seq 2 NBCPU); do - sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json - done - fi - #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json - sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json - [ "$(ip -6 a 2>/dev/null)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json - elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then - for i in $(seq 2 $NBCPU); do - sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json - done - sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json - fi - [ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl - #sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json - #sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in - else - cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service - fi - if systemctl -q is-enabled shadowsocks-libev 2>/dev/null; then - systemctl -q disable shadowsocks-libev - fi - [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service - systemctl enable shadowsocks-libev-manager@manager.service - if [ $NBCPU -gt 1 ]; then - for i in $(seq 1 $NBCPU); do - [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service - done - fi - if systemctl -q is-active shadowsocks-libev-manager@manager 2>/dev/null; then - systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 - fi +# Install shadowsocks config and add a shadowsocks by CPU +if [ "$update" = "0" ]; then + wget -O /etc/shadowsocks-libev/config.json https://www.openmptcprouter.com/server/config.json + SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') + sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json +fi +sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json +sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service +systemctl disable shadowsocks-libev +systemctl enable shadowsocks-libev-server@config.service +if [ $NBCPU -gt 1 ]; then + for i in $NBCPU; do + ln -fs /etc/shadowsocks-libev/config.json /etc/shadowsocks-libev/config$i.json + systemctl enable shadowsocks-libev-server@config$i.service + done fi if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf fi - -if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in - wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update - chmod 755 /usr/bin/omr-update -else - cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service - cp ${DIR}/omr-update /usr/bin/omr-update - chmod 755 /usr/bin/omr-update -fi -chmod 644 /lib/systemd/system/omr-update.service - # Install simple-obfs if [ "$OBFS" = "yes" ]; then echo "Install OBFS" - if [ "$SOURCES" = "yes" ]; then - rm -rf /tmp/simple-obfs - cd /tmp - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then - #apt-get install -y --no-install-recommends -t buster libssl-dev - apt-get install -y --no-install-recommends libssl-dev - apt-get install -y --no-install-recommends build-essential autoconf libtool libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates - else - apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates - fi - git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs - cd /tmp/simple-obfs - git checkout ${OBFS_VERSION} - git submodule update --init --recursive - ./autogen.sh - ./configure && make - make install - cd /tmp - rm -rf /tmp/simple-obfs - else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} - fi + rm -rf /tmp/simple-obfs + cd /tmp + rm -f /var/lib/dpkg/lock + apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates + git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs + cd /tmp/simple-obfs + git checkout ${OBFS_VERSION} + git submodule update --init --recursive + ./autogen.sh + ./configure && make + make install + cd /tmp + rm -rf /tmp/simple-obfs #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json fi # Install v2ray-plugin -if [ "$V2RAY_PLUGIN" = "yes" ]; then +if [ "$V2RAY" = "yes" ]; then echo "Install v2ray plugin" - if [ "$SOURCES" = "yes" ]; then - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - cd /tmp - tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin - cd /tmp - rm -rf /tmp/v2ray-plugin_linux_amd64 - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz + cd /tmp + tar xzvf v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz + cp v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin + cd /tmp + rm -rf /tmp/v2ray-plugin_linux_amd64 + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_VERSION}.tar.gz - #rm -rf /tmp/v2ray-plugin - #cd /tmp - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin - #cd /tmp/v2ray-plugin - #git checkout ${V2RAY_PLUGIN_VERSION} - #git submodule update --init --recursive - #CGO_ENABLED=0 go build -o v2ray-plugin - #cp v2ray-plugin /usr/local/bin/v2ray-plugin - #cd /tmp - #rm -rf /tmp/simple-obfs - else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} - fi + #rm -rf /tmp/v2ray-plugin + #cd /tmp + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends git ca-certificates golang-go + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #cd /tmp/v2ray-plugin + #git checkout ${V2RAY_VERSION} + #git submodule update --init --recursive + #CGO_ENABLED=0 go build -o v2ray-plugin + #cp v2ray-plugin /usr/local/bin/v2ray-plugin + #cd /tmp + #rm -rf /tmp/simple-obfs fi -if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then +if [ "$OBFS" = "no" ] && [ "$V2RAYPLUGIN" = "no" ]; then sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi -if systemctl -q is-active shadowsocks-go.service 2>/dev/null; then - systemctl -q stop shadowsocks-go > /dev/null 2>&1 - systemctl -q disable shadowsocks-go > /dev/null 2>&1 -fi - -if [ "$SHADOWSOCKS_GO" = "yes" ]; then - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION} - fi - if [ -f /etc/shadowsocks-go/server.json ]; then - PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n") - [ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2" - UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n") - [ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2" - fi - wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json - sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json - sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json - jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - - chmod 644 /lib/systemd/system/shadowsocks-go.service - systemctl daemon-reload - systemctl enable shadowsocks-go.service -fi - - -if systemctl -q is-active v2ray.service 2>/dev/null; then - systemctl -q stop v2ray > /dev/null 2>&1 - systemctl -q disable v2ray > /dev/null 2>&1 -fi - -if [ "$V2RAY" = "yes" ]; then - #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb - fi -# else -# [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" -# [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" -# [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" -# [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" -# [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" -# [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" -# [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" -# [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" -# wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} -# cd /tmp -# rm -rf v2ray -# mkdir -p v2ray -# cd v2ray -# unzip /tmp/v2ray-${V2RAY_VERSION}.zip -# cp v2ray /usr/bin/ -# cp geoip.dat /usr/bin/ -# cp geosite.dat /usr/bin/ -# wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service -# fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} - fi - if [ -f /etc/v2ray/v2ray-server.json ]; then - V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n") - [ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2" - fi - #if [ ! -f /etc/v2ray/v2ray-server.json ]; then - wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json - sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json - #fi - if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then - sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json - fi - rm -f /etc/v2ray/config.json - ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json - #if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then - # mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service - #fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service - else - cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service - fi - chmod 644 /lib/systemd/system/v2ray.service - systemctl daemon-reload - systemctl enable v2ray.service - #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - # mptcpize enable v2ray - #fi -fi - -if systemctl -q is-active xray.service 2>/dev/null; then - systemctl -q stop xray > /dev/null 2>&1 - systemctl -q disable xray > /dev/null 2>&1 -fi - -if [ "$XRAY" = "yes" ]; then - #apt-get -y -o Dpkg::Options::="--force-overwrite" install xray - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb - rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb - rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb - fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION} - fi - if [ -f /etc/xray/xray-server.json ]; then - XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2" - PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n") - [ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2" - UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n") - [ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2" - XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2" - XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2" - #jq -M 'del(.transport)' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - #mv -f /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - - fi - jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ] || [ -z "$(grep -i transport /etc/xray/xray-server.json)" ]; then - wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json - sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json - sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json - sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json - sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json - wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json - if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then - XRAY_X25519_KEYS=$(/usr/bin/xray x25519) - XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n") - XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n") - fi - sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json - sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json - sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json - for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do - if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then - xrayid="$(/usr/bin/xray uuid)" - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-vmess-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-socks-tunnel") | .settings.accounts) += [{"user": $xrayuser,"pass": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-trojan-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - [ -e /etc/shadowsocks-go/upsks.json ] && shadowsockspass="$(jq --arg xrayuser $xrayuser -r '.[$xrayuser]' /etc/shadowsocks-go/upsks.json)" - [ -z "$shadowsockspass" ] && shadowsockspass=$(head -c 32 /dev/urandom | base64 -w0) - jq --arg xrayuser "$xrayuser" --arg shadowsockspass "$shadowsockspass" '(.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients) += [{"email": $xrayuser,"password": $shadowsockspass}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - fi - done - fi - #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then - # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json - #fi - rm -f /etc/xray/config.json - ln -s /etc/xray/xray-server.json /etc/xray/config.json - #if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then - # mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service - #fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service - else - cp ${DIR}/xray.service /lib/systemd/system/xray.service - fi - chmod 644 /lib/systemd/system/xray.service - systemctl daemon-reload - systemctl enable xray.service -fi - -if systemctl -q is-active mlvpn@mlvpn0.service 2>/dev/null; then +if systemctl -q is-active mlvpn@mlvpn0.service; then systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1 fi @@ -1328,45 +301,22 @@ if [ "$MLVPN" = "yes" ]; then if [ -f /etc/mlvpn/mlvpn0.conf ]; then mlvpnupdate="1" fi + rm -f /var/lib/dpkg/lock + apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git + rm -rf /tmp/mlvpn + cd /tmp + git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn + #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn + cd /tmp/mlvpn + git checkout ${MLVPN_VERSION} + ./autogen.sh + ./configure --sysconfdir=/etc + make + make install + wget -O /lib/systemd/network/mlvpn.network https://www.openmptcprouter.com/server/mlvpn.network mkdir -p /etc/mlvpn - if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git - rm -rf /tmp/mlvpn - cd /tmp - #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn - #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn - git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn - #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn - cd /tmp/mlvpn - git checkout ${MLVPN_VERSION} - ./autogen.sh - ./configure --sysconfdir=/etc - make - make install - cd /tmp - rm -rf /tmp/mlvpn - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network - wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in - else - cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network - cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service - fi - if [ "$mlvpnupdate" = "0" ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf - else - cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf - fi - fi - else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} - fi if [ "$mlvpnupdate" = "0" ]; then + wget -O /etc/mlvpn/mlvpn0.conf https://www.openmptcprouter.com/server/mlvpn0.conf sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf fi chmod 0600 /etc/mlvpn/mlvpn0.conf @@ -1376,452 +326,98 @@ if [ "$MLVPN" = "yes" ]; then chown mlvpn /var/opt/mlvpn systemctl enable mlvpn@mlvpn0.service systemctl enable systemd-networkd.service - echo "install mlvpn done" + cd /tmp + rm -rf /tmp/mlvpn fi -if systemctl -q is-active ubond@ubond0.service 2>/dev/null; then - systemctl -q stop ubond@ubond0 > /dev/null 2>&1 - systemctl -q disable ubond@ubond0 > /dev/null 2>&1 -fi -echo "install ubond" -# Install UBOND -if [ "$UBOND" = "yes" ]; then - echo 'Install UBOND' - ubondupdate="0" - if [ -f /etc/ubond/ubond0.conf ]; then - ubondupdate="1" - fi -# if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git - rm -rf /tmp/ubond - cd /tmp - git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond - cd /tmp/ubond - git checkout ${UBOND_VERSION} - ./autogen.sh - ./configure --sysconfdir=/etc - make - make install - cd /tmp - rm -rf /tmp/ubond -# else -# apt-get -y -o Dpkg::Options::="--force-overwrite" install ubond -# fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/network/ubond.network ${VPSURL}${VPSPATH}/ubond.network - wget -O /lib/systemd/system/ubond@.service ${VPSURL}${VPSPATH}/ubond@.service.in - else - cp ${DIR}/ubond.network /lib/systemd/network/ubond.network - cp ${DIR}/ubond@.service.in /lib/systemd/system/ubond@.service - fi - mkdir -p /etc/ubond - if [ "$ubondupdate" = "0" ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/ubond/ubond0.conf ${VPSURL}${VPSPATH}/ubond0.conf - else - cp ${DIR}/ubond0.conf /etc/ubond/ubond0.conf - fi - sed -i "s:UBOND_PASS:$UBOND_PASS:" /etc/ubond/ubond0.conf - fi - chmod 0600 /etc/ubond/ubond0.conf - adduser --quiet --system --home /var/opt/ubond --shell /usr/sbin/nologin ubond - mkdir -p /var/opt/ubond - usermod -d /var/opt/ubond ubond - chown ubond /var/opt/ubond - systemctl enable ubond@ubond0.service - systemctl enable systemd-networkd.service - echo "install ubond done" -fi - -if systemctl -q is-active wg-quick@wg0.service 2>/dev/null; then - systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 - systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 -fi - -if [ "$WIREGUARD" = "yes" ]; then - echo "Install WireGuard" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install wireguard-tools --no-install-recommends - if [ ! -f /etc/wireguard/wg0.conf ]; then - cd /etc/wireguard - umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key - cat > /etc/wireguard/wg0.conf <<-EOF - [Interface] - PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") - ListenPort = 65311 - Address = 10.255.247.1/24 - SaveConfig = true - EOF - fi - systemctl enable wg-quick@wg0 - if [ ! -f /etc/wireguard/client-wg0.conf ]; then - cd /etc/wireguard - umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key - cat > /etc/wireguard/client-wg0.conf <<-EOF - [Interface] - PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") - ListenPort = 65312 - Address = 10.255.246.1/24 - SaveConfig = true - - [Peer] - PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n") - AllowedIPs = 10.255.246.2/32 - EOF - fi - if [ ! -f /root/wireguard-client.conf ]; then - cat > /root/wireguard-client.conf <<-EOF - [Interface] - Address = 10.255.246.2/24 - PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n") - - [Peer] - PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n") - Endpoint = ${VPS_PUBLIC_IP}:65312 - AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24 - EOF - fi - systemctl enable wg-quick@client-wg0 - echo "Install wireguard done" -fi - -if systemctl -q is-active fail2ban.service 2>/dev/null; then - systemctl -q stop fail2ban > /dev/null 2>&1 - systemctl -q disable fail2ban > /dev/null 2>&1 -fi -if [ "$FAIL2BAN" = "yes" ]; then - echo "Install Fail2ban" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install fail2ban python3-systemd - systemctl enable fail2ban - wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf - wget -O /etc/fail2ban/filter.d/openvpn.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf - echo "Install Fail2ban done" -fi - -if systemctl -q is-active openvpn-server@tun0.service 2>/dev/null; then +echo "install mlvpn done" +if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 fi if [ "$OPENVPN" = "yes" ]; then echo "Install OpenVPN" rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install openvpn easy-rsa - #wget -O /lib/systemd/network/openvpn.network ${VPSURL}${VPSPATH}/openvpn.network - rm -f /lib/systemd/network/openvpn.network - #if [ ! -f "/etc/openvpn/server/static.key" ]; then - # wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf - # cd /etc/openvpn/server - # openvpn --genkey --secret static.key - #fi - if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then - wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz - cd /tmp - tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz - cd /tmp/EasyRSA-v${EASYRSA_VERSION} - mkdir -p /etc/openvpn/ca - cp easyrsa /etc/openvpn/ca/ - cp openssl-easyrsa.cnf /etc/openvpn/ca/ - cp vars.example /etc/openvpn/ca/vars - cp -r x509-types /etc/openvpn/ca/ - - #mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued - #./easyrsa init-pki - #./easyrsa --batch build-ca nopass - #EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass - #EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass - #EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl - #mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt - #mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key - #mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt - #mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key - #mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem - #mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt - #mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key + apt-get -y install openvpn + wget -O /lib/systemd/network/openvpn.network https://www.openmptcprouter.com/server/openvpn.network + if [ ! -f "/etc/openvpn/server/static.key" ]; then + wget -O /etc/openvpn/tun0.conf https://www.openmptcprouter.com/server/openvpn-tun0.conf + cd /etc/openvpn/server + openvpn --genkey --secret static.key fi - - if [ -f "/etc/openvpn/server/server.crt" ]; then - if [ ! -d /etc/openvpn/ca ]; then - make-cadir /etc/openvpn/ca - fi - mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued - mv /etc/openvpn/server/ca.crt /etc/openvpn/ca/pki/ca.crt - mv /etc/openvpn/server/ca.key /etc/openvpn/ca/pki/private/ca.key - mv /etc/openvpn/server/server.crt /etc/openvpn/ca/pki/issued/server.crt - mv /etc/openvpn/server/server.key /etc/openvpn/ca/pki/private/server.key - mv /etc/openvpn/server/crl.pem /etc/openvpn/ca/pki/crl.pem - mv /etc/openvpn/client/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt - mv /etc/openvpn/client/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key - fi - if [ ! -f "/etc/openvpn/ca/pki/issued/server.crt" ]; then - if [ ! -d /etc/openvpn/ca ]; then - make-cadir /etc/openvpn/ca - fi - cd /etc/openvpn/ca - ./easyrsa --batch init-pki >/dev/null 2>&1 - ./easyrsa --batch build-ca nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass - EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl - fi - if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then - mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt - mv /etc/openvpn/ca/pki/private/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key - fi - if [ ! -f "/etc/openvpn/server/dh2048.pem" ]; then - openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048 - fi - if [ "$LOCALFILES" = "no" ]; then - if [ "$KERNEL" != "5.4" ]; then - wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf - wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf - else - wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf - wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf - wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf - wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf - wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf - wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf - wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf - wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf - wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf - fi - else - if [ "$KERNEL" != "5.4" ]; then - cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf - cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf - else - cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf - cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf - cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf - cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf - cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf - cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf - cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf - cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf - cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf - fi - fi - if [ "$(ip -6 a 2>/dev/null)" = "" ]; then - sed -i 's/proto tcp6-server//' /etc/openvpn/tun0.conf - sed -i 's/proto udp6//' /etc/openvpn/tun1.conf - if [ "$OPENVPN_BONDING" = "yes" ]; then - sed -i 's/proto udp6//' /etc/openvpn/bonding1.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding2.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding3.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding4.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding5.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding6.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding7.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding8.conf - fi - fi - mkdir -p /etc/openvpn/ccd - if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then - echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt - fi - if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then - echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt - fi - chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service - systemctl enable openvpn@tun1.service - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable openvpn@tun0 >/dev/null 2>&1 - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - systemctl enable openvpn@bonding1.service - systemctl enable openvpn@bonding2.service - systemctl enable openvpn@bonding3.service - systemctl enable openvpn@bonding4.service - systemctl enable openvpn@bonding5.service - systemctl enable openvpn@bonding6.service - systemctl enable openvpn@bonding7.service - systemctl enable openvpn@bonding8.service - fi fi echo 'Glorytun UDP' # Install Glorytun UDP -if systemctl -q is-active glorytun-udp@tun0.service 2>/dev/null; then - systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1 +if systemctl -q is-active glorytun-udp@tun0.service; then + systemctl -q stop glorytun-udp@tun0 > /dev/null 2>&1 fi -if [ "$GLORYTUN_UDP" = "yes" ]; then - if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun - apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config - rm -rf /tmp/glorytun-udp - cd /tmp - git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp - cd /tmp/glorytun-udp - git checkout ${GLORYTUN_UDP_VERSION} - git submodule update --init --recursive - meson build - ninja -C build install - sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network - rm /lib/systemd/system/glorytun* - rm /lib/systemd/network/glorytun* - if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run - else - cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run - fi - chmod 755 /usr/local/bin/glorytun-udp-run - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in - else - cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service - fi - chmod 644 /lib/systemd/system/glorytun-udp@.service - #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network - rm -f /lib/systemd/network/glorytun-udp.network - mkdir -p /etc/glorytun-udp - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh - wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp - else - cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh - cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 - fi - chmod 755 /etc/glorytun-udp/post.sh - if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key - elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then - cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key - fi - systemctl enable glorytun-udp@tun0.service - systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-udp - else - rm -f /usr/local/bin/glorytun - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} - chmod 644 /lib/systemd/system/glorytun-udp@.service - GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" - fi - [ "$(ip -6 a 2>/dev/null)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 -fi - - -# Add chrony for time sync -apt-get install -y chrony -systemctl enable chrony - -if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN' - # Install A Dead Simple VPN - if systemctl -q is-active dsvpn-server.service 2>/dev/null; then - systemctl -q disable dsvpn-server > /dev/null 2>&1 - systemctl -q stop dsvpn-server > /dev/null 2>&1 - fi - if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get install -y --no-install-recommends build-essential git ca-certificates - rm -rf /tmp/dsvpn - cd /tmp - git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn - cd /tmp/dsvpn - git checkout ${DSVPN_VERSION} - make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' - make install - rm -f /lib/systemd/system/dsvpn/* - wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run - chmod 755 /usr/local/bin/dsvpn-run - wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in - chmod 644 /lib/systemd/system/dsvpn-server@.service - mkdir -p /etc/dsvpn - wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config - if [ -f /etc/dsvpn/dsvpn.key ]; then - mv /etc/dsvpn/dsvpn.key /etc/dsvpn/dsvpn0.key - fi - if [ "$update" = "0" ] || [ ! -f /etc/dsvpn/dsvpn0.key ]; then - echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn0.key - fi - systemctl enable dsvpn-server@dsvpn0.service - cd /tmp - rm -rf /tmp/dsvpn - else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} - chmod 644 /lib/systemd/system/dsvpn-server@.service - DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") - fi - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable dsvpn-server@dsvpn0 >/dev/null 2>&1 - fi +rm -f /var/lib/dpkg/lock +apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config +rm -rf /tmp/glorytun-udp +cd /tmp +git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp +cd /tmp/glorytun-udp +git checkout ${GLORYTUN_UDP_VERSION} +git submodule update --init --recursive +meson build +ninja -C build install +sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network +rm /lib/systemd/system/glorytun* +rm /lib/systemd/network/glorytun* +wget -O /usr/local/bin/glorytun-udp-run https://www.openmptcprouter.com/server/glorytun-udp-run +chmod 755 /usr/local/bin/glorytun-udp-run +wget -O /lib/systemd/system/glorytun-udp@.service https://www.openmptcprouter.com/server/glorytun-udp%40.service.in +wget -O /lib/systemd/network/glorytun-udp.network https://www.openmptcprouter.com/server/glorytun-udp.network +mkdir -p /etc/glorytun-udp +wget -O /etc/glorytun-udp/tun0 https://www.openmptcprouter.com/server/tun0.glorytun-udp +if [ "$update" = "0" ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key +elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then + cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key fi +systemctl enable glorytun-udp@tun0.service +systemctl enable systemd-networkd.service +cd /tmp +rm -rf /tmp/glorytun-udp # Install Glorytun TCP -if systemctl -q is-active glorytun-tcp@tun0.service 2>/dev/null; then - systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1 +if systemctl -q is-active glorytun-tcp@tun0.service; then + systemctl -q stop glorytun-tcp@tun0 > /dev/null 2>&1 fi -if [ "$GLORYTUN_TCP" = "yes" ]; then - if [ "$SOURCES" = "yes" ]; then - if [ "$ID" = "debian" ]; then - if [ "$VERSION_ID" = "9" ]; then - apt -t stretch-backports -y install libsodium-dev - else - apt -y install libsodium-dev - fi - elif [ "$ID" = "ubuntu" ]; then - apt-get -y install libsodium-dev - fi - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun-tcp - apt-get -y install build-essential pkg-config autoconf automake - rm -rf /tmp/glorytun-0.0.35 - cd /tmp - if [ "$KERNEL" != "5.4" ]; then - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz - else - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz - fi - tar xzf glorytun-0.0.35.tar.gz - if [ "$KERNEL" != "5.4" ]; then - mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 - fi - cd glorytun-0.0.35 - ./autogen.sh - ./configure - make - cp glorytun /usr/local/bin/glorytun-tcp - wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run - chmod 755 /usr/local/bin/glorytun-tcp-run - wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in - #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network - chmod 644 /lib/systemd/system/glorytun-tcp@.service - rm -f /lib/systemd/network/glorytun-tcp.network - mkdir -p /etc/glorytun-tcp - wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh - chmod 755 /etc/glorytun-tcp/post.sh - wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun - if [ "$update" = "0" ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key - fi - systemctl enable glorytun-tcp@tun0.service - #systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-0.0.35 +if [ "$ID" = "debian" ]; then + if [ "$VERSION_ID" = "9" ]; then + apt -t stretch-backports -y install libsodium-dev else - rm -f /usr/local/bin/glorytun-tcp - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} + apt -y install libsodium-dev fi - [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 +elif [ "$ID" = "ubuntu" ]; then + apt-get -y install libsodium-dev fi - +rm -f /var/lib/dpkg/lock +apt-get -y install build-essential pkg-config autoconf automake +rm -rf /tmp/glorytun-0.0.35 +cd /tmp +wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz +tar xzf glorytun-0.0.35.tar.gz +cd glorytun-0.0.35 +./autogen.sh +./configure +make +cp glorytun /usr/local/bin/glorytun-tcp +wget -O /usr/local/bin/glorytun-tcp-run https://www.openmptcprouter.com/server/glorytun-tcp-run +chmod 755 /usr/local/bin/glorytun-tcp-run +wget -O /lib/systemd/system/glorytun-tcp@.service https://www.openmptcprouter.com/server/glorytun-tcp%40.service.in +wget -O /lib/systemd/network/glorytun-tcp.network https://www.openmptcprouter.com/server/glorytun.network +mkdir -p /etc/glorytun-tcp +wget -O /etc/glorytun-tcp/tun0 https://www.openmptcprouter.com/server/tun0.glorytun +if [ "$update" = "0" ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key +fi +systemctl enable glorytun-tcp@tun0.service +systemctl enable systemd-networkd.service +cd /tmp +rm -rf /tmp/glorytun-0.0.35 # Load tun module at boot time if ! grep -q tun /etc/modules ; then @@ -1829,56 +425,18 @@ if ! grep -q tun /etc/modules ; then fi # Add multipath utility -if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/multipath ${VPSURL}${VPSPATH}/multipath -else - cp ${DIR}/multipath /usr/local/bin/multipath -fi +wget -O /usr/local/bin/multipath https://www.openmptcprouter.com/server/multipath chmod 755 /usr/local/bin/multipath -# Add omr-test-speed utility -if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed -else - cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed -fi -chmod 755 /usr/local/bin/omr-test-speed - # Add OpenMPTCProuter service -if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service - wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in - wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run - wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in - wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass - wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in - wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in -else - cp ${DIR}/omr-service /usr/local/bin/omr-service - cp ${DIR}/omr.service.in /lib/systemd/system/omr.service - cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run - cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service - cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass - cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service - cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer - -fi -chmod 644 /lib/systemd/system/omr.service -chmod 644 /lib/systemd/system/omr6in4@.service +wget -O /usr/local/bin/omr-service https://www.openmptcprouter.com/server/omr-service chmod 755 /usr/local/bin/omr-service -chmod 755 /usr/local/bin/omr-bypass -chmod 755 /usr/local/bin/omr-6in4-run -chmod 644 /lib/systemd/system/omr-bypass.service -chmod 644 /lib/systemd/system/omr-bypass.timer -systemctl daemon-reload -if systemctl -q is-active omr-6in4.service 2>/dev/null; then +wget -O /lib/systemd/system/omr.service https://www.openmptcprouter.com/server/omr.service.in +if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi -systemctl enable omr6in4@user0.service systemctl enable omr.service -systemctl enable omr-bypass.timer -systemctl enable omr-bypass.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config @@ -1893,103 +451,48 @@ sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config if [ "$update" = "0" ]; then # Install and configure the firewall using shorewall apt-get -y install shorewall shorewall6 - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz - else - cp ${DIR}/openmptcprouter-shorewall.tar.gz /etc/shorewall/openmptcprouter-shorewall.tar.gz - fi + wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz https://www.openmptcprouter.com/server/openmptcprouter-shorewall.tar.gz tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall rm /etc/shorewall/openmptcprouter-shorewall.tar.gz - if [ -n "$INTERFACE" ]; then - sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* - systemctl enable shorewall - fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz - else - cp ${DIR}/openmptcprouter-shorewall6.tar.gz /etc/shorewall6/openmptcprouter-shorewall6.tar.gz - fi + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* + systemctl enable shorewall + wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz https://www.openmptcprouter.com/server/openmptcprouter-shorewall6.tar.gz tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz - if [ -n "$INTERFACE6" ]; then - sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* - systemctl enable shorewall6 - fi + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + systemctl enable shorewall6 else # Update only needed firewall files - if [ "$LOCALFILES" = "no" ]; then - mkdir -p ${DIR} - wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz - wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz - mkdir -p ${DIR}/shorewall4 - tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4 - mkdir -p ${DIR}/shorewall6 - tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6 - fi - cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces - cp ${DIR}/shorewall4/snat /etc/shorewall/snat - cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules - cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces - cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf - cp ${DIR}/shorewall4/policy /etc/shorewall/policy - cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/zones /etc/shorewall/zones - #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net - cp ${DIR}/shorewall6/params /etc/shorewall6/params - #cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - #cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn - cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces - cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules - cp ${DIR}/shorewall6/snat /etc/shorewall6/snat + wget -O /etc/shorewall/interfaces https://www.openmptcprouter.com/server/shorewall4/interfaces + wget -O /etc/shorewall/snat https://www.openmptcprouter.com/server/shorewall4/snat + wget -O /etc/shorewall/stoppedrules https://www.openmptcprouter.com/server/shorewall4/stoppedrules + wget -O /etc/shorewall/tcinterfaces https://www.openmptcprouter.com/server/shorewall4/tcinterfaces + wget -O /etc/shorewall/shorewall.conf https://www.openmptcprouter.com/server/shorewall4/shorewall.conf + wget -O /etc/shorewall/params https://www.openmptcprouter.com/server/shorewall4/params + wget -O /etc/shorewall/params.vpn https://www.openmptcprouter.com/server/shorewall4/params.vpn + wget -O /etc/shorewall/params.net https://www.openmptcprouter.com/server/shorewall4/params.net sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules - sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* - if [ "$LOCALFILES" = "no" ]; then - rm -rf ${DIR}/shorewall4 - rm -rf ${DIR}/shorewall6 - rm -f ${DIR}/openmptcprouter-shorewall.tar.gz - rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz - fi + wget -O /etc/shorewall6/params https://www.openmptcprouter.com/server/shorewall6/params + wget -O /etc/shorewall6/params.net https://www.openmptcprouter.com/server/shorewall6/params.net + wget -O /etc/shorewall6/interfaces https://www.openmptcprouter.com/server/shorewall6/interfaces + wget -O /etc/shorewall6/stoppedrules https://www.openmptcprouter.com/server/shorewall6/stoppedrules + wget -O /etc/shorewall6/snat https://www.openmptcprouter.com/server/shorewall6/snat + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* fi -[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then - apt-get -y install iptables - update-alternatives --set iptables /usr/sbin/iptables-legacy - update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy -fi -if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "20.04" ]); then - sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf - sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf - sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf - sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf -fi -if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then - sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat -fi - -# Limit /var/log/journal size -sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf - if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install socat cron - if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + apt-get -y install dnsutils socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e #[ "$(shorewall status | grep stopped)" = "" ] && shorewall open all all tcp 443 curl https://get.acme.sh | sh systemctl -q restart shorewall - ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 >/dev/null 2>&1' --post-hook 'shorewall close all all tcp 443 >/dev/null 2>&1' >/dev/null 2>&1 + ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null set -e - if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then - rm -f /etc/openmptcprouter-vps-admin/cert.pem - ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem - rm -f /etc/openmptcprouter-vps-admin/key.pem - ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem - fi # mkdir -p /etc/ssl/v2ray # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer @@ -2001,26 +504,19 @@ if [ "$TLS" = "yes" ]; then fi fi -if [ "$SPEEDTEST" = "yes" ]; then - mkdir -p /usr/share/omr-server/speedtest - if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then - echo "Generate speedtest image..." - dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 - echo "Done" - fi -fi + # Add OpenMPTCProuter VPS script version to /etc/motd if [ -f /etc/motd.head ]; then if grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head; then - sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head + sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head else echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd.head fi elif [ -f /etc/motd ]; then if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then - sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd + sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd else echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd @@ -2029,23 +525,16 @@ else echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd fi -if [ "$SOURCES" != "yes" ]; then - apt-get -y install omr-server=${OMR_VERSION} >/dev/null 2>&1 || true - rm -f /etc/openmtpcprouter-vps-admin/update-bin -fi - if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' - echo "OpenMPTCProuter Server $OMR_VERSION is now installed !" - echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m' + echo "OpenMPTCProuter VPS $OMR_VERSION is now installed !" + echo 'SSH port: 65222 (instead of port 22)' if [ "$OMR_ADMIN" = "yes" ]; then echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' - echo 'OpenMPTCProuter Server key (you need OpenMPTCProuter >= 0.42):' + echo 'OpenMPTCProuter VPS admin key (you need OpenMPTCProuter >= 0.42):' echo $OMR_ADMIN_PASS - echo 'OpenMPTCProuter Server username (you need OpenMPTCProuter >= 0.42):' - echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' fi @@ -2053,35 +542,15 @@ if [ "$update" = "0" ]; then echo 'Shadowsocks encryption: chacha20' echo 'Your shadowsocks key: ' echo $SHADOWSOCKS_PASS - echo 'Your shadowsocks 2022 key: ' - echo "${PSK}:${UPSK}" echo 'Glorytun port: 65001' echo 'Glorytun encryption: chacha20' echo 'Your glorytun key: ' echo $GLORYTUN_PASS - if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN port: 65401' - echo 'A Dead Simple VPN key: ' - echo $DSVPN_PASS - fi if [ "$MLVPN" = "yes" ]; then echo 'MLVPN first port: 65201' echo 'Your MLVPN password: ' echo $MLVPN_PASS fi - if [ "$UBOND" = "yes" ]; then - echo 'UBOND first port: 65251' - echo 'Your UBOND password: ' - echo $UBOND_PASS - fi - if [ "$OMR_ADMIN" = "yes" ]; then - echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): " - echo $OMR_ADMIN_PASS_ADMIN - echo 'OpenMPTCProuter Server key: ' - echo "\033[1m${OMR_ADMIN_PASS}\033[0m" - echo 'OpenMPTCProuter Server username: ' - echo 'openmptcprouter' - fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' @@ -2089,176 +558,90 @@ if [ "$update" = "0" ]; then echo '====================================================================================' echo 'Keys are also saved in /root/openmptcprouter_config.txt, you are free to remove them' echo '====================================================================================' - echo '\033[1m /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m' + echo ' /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\' echo '------------------------------------------------------------------------------------' - echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.' - echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub' - echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.' + echo ' After reboot, check with uname -a that the kernel name contain mptcp.' + echo ' Else, you may have to modify GRUB_DEFAULT in /etc/defaut/grub' echo '====================================================================================' # Save info in file cat > /root/openmptcprouter_config.txt <<-EOF SSH port: 65222 (instead of port 22) + Shadowsocks port: 65101 + Shadowsocks encryption: chacha20 + Your shadowsocks key: ${SHADOWSOCKS_PASS} + Glorytun port: 65001 + Glorytun encryption: chacha20 + Your glorytun key: ${GLORYTUN_PASS} EOF - if [ "$SHADOWSOCKS" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - Shadowsocks port: 65101 - Shadowsocks encryption: chacha20 - Your shadowsocks key: ${SHADOWSOCKS_PASS} - EOF - fi - if [ "$SHADOWSOCKS_GO" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - Your shadowsocks 2022 key: ${PSK}:${UPSK} - EOF - fi - if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then - cat >> /root/openmptcprouter_config.txt <<-EOF - Glorytun port: 65001 - Glorytun encryption: chacha20 - Your glorytun key: ${GLORYTUN_PASS} - EOF - fi - if [ "$DSVPN" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - A Dead Simple VPN port: 65401 - A Dead Simple VPN key: ${DSVPN_PASS} - EOF - fi if [ "$MLVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - MLVPN first port: 65201 + MLVPN first port: 65201' Your MLVPN password: $MLVPN_PASS EOF fi - if [ "$UBOND" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - UBOND first port: 65251 - Your UBOND password: $UBOND_PASS - EOF - fi if [ "$OMR_ADMIN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN - Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS - Your OpenMPTCProuter Server username: openmptcprouter + Your OpenMPTCProuter VPS Admin key: $OMR_ADMIN_PASS EOF fi - #systemctl -q restart sshd else echo '====================================================================================' - echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" + echo "OpenMPTCProuter VPS is now updated to version $OMR_VERSION !" echo 'Keys are not changed, shorewall rules files preserved' echo 'You need OpenMPTCProuter >= 0.30' echo '====================================================================================' - echo 'Restarting systemd daemon...' - systemctl -q daemon-reload - echo 'done' echo 'Restarting systemd network...' systemctl -q restart systemd-networkd echo 'done' if [ "$MLVPN" = "yes" ]; then echo 'Restarting mlvpn...' - systemctl -q restart mlvpn@mlvpn0 + systemctl -q start mlvpn@mlvpn0 echo 'done' fi - if [ "$UBOND" = "yes" ]; then - echo 'Restarting ubond...' - systemctl -q restart ubond@ubond0 - echo 'done' - fi - if [ "$V2RAY" = "yes" ]; then - echo 'Restarting v2ray...' - systemctl -q restart v2ray - echo 'done' - fi - if [ "$XRAY" = "yes" ]; then - echo 'Restarting xray...' - systemctl -q restart xray - echo 'done' - fi - if [ "$DSVPN" = "yes" ]; then - echo 'Restarting dsvpn...' - systemctl -q start dsvpn-server@dsvpn0 || true - systemctl -q restart 'dsvpn-server@*' || true - echo 'done' - fi - if [ "$GLORYTUN_TCP" = "yes" ]; then - echo 'Restarting glorytun tcp...' - systemctl -q start glorytun-tcp@tun0 || true - systemctl -q restart 'glorytun-tcp@*' || true - fi - if [ "$GLORYTUN_UDP" = "yes" ]; then - systemctl -q start glorytun-udp@tun0 || true - systemctl -q restart 'glorytun-udp@*' || true - echo 'done' - fi - echo 'Restarting omr6in4...' - systemctl -q start omr6in4@user0 || true - systemctl -q restart omr6in4@* || true + echo 'Restarting glorytun and omr...' + systemctl -q start glorytun-tcp@tun0 + systemctl -q start glorytun-udp@tun0 + systemctl -q restart omr echo 'done' if [ "$OPENVPN" = "yes" ]; then echo 'Restarting OpenVPN' systemctl -q restart openvpn@tun0 - systemctl -q restart openvpn@tun1 - echo 'done' - fi - if [ "$WIREGUARD" = "yes" ]; then - echo 'Restarting WireGuard' - systemctl -q restart wg-quick@wg0 echo 'done' fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Restarting OpenMPTCProuter VPS admin' systemctl -q restart omr-admin echo 'done' - if ! grep -q 'Server key' /root/openmptcprouter_config.txt ; then + if ! grep -q 'VPS Admin key' /root/openmptcprouter_config.txt ; then cat >> /root/openmptcprouter_config.txt <<-EOF - Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS - Your OpenMPTCProuter Server username: openmptcprouter + Your OpenMPTCProuter VPS Admin key: $OMR_ADMIN_PASS EOF echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' - echo 'OpenMPTCProuter Server key:' + echo 'OpenMPTCProuter VPS admin key (you need OpenMPTCProuter >= 0.42):' echo $OMR_ADMIN_PASS - echo 'OpenMPTCProuter Server username:' - echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' - else - echo '!!! Keys are in /root/openmptcprouter_config.txt !!!' fi fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi - echo 'Apply latest sysctl...' - sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true - echo 'done' - echo 'Restarting omr...' - systemctl -q restart omr - echo 'done' - if [ "$SHADOWSOCKS" = "yes" ]; then - echo 'Restarting shadowsocks...' - systemctl -q restart shadowsocks-libev-manager@manager - fi - if [ "$SHADOWSOCKS_GO" = "yes" ]; then - echo 'Restarting shadowsocks-go...' - systemctl -q restart shadowsocks-go - fi -# if [ $NBCPU -gt 1 ]; then -# for i in $NBCPU; do -# systemctl restart shadowsocks-libev-server@config$i -# done -# fi - echo 'done' echo 'Restarting shorewall...' - [ -n "$INTERFACE" ] && systemctl -q restart shorewall >/dev/null 2>&1 || true - [ -n "$INTERFACE6" ] && systemctl -q restart shorewall6 >/dev/null 2>&1 || true + systemctl -q restart shorewall + systemctl -q restart shorewall6 + echo 'done' + echo 'Apply latest sysctl...' + sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 + echo 'done' + echo 'Restarting shadowsocks...' + systemctl -q restart shadowsocks-libev-server@config + if [ $NBCPU -gt 1 ]; then + for i in $NBCPU; do + systemctl restart shadowsocks-libev-server@config$i + done + fi echo 'done' - echo '====================================================================================' - echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' - echo '====================================================================================' fi -exit 0 \ No newline at end of file diff --git a/dsvpn-run b/dsvpn-run deleted file mode 100644 index f4a2a5d..0000000 --- a/dsvpn-run +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -set -e - -if [ ! -f "$1" ]; then - echo "usage: $(basename "$0") FILE" - exit 1 -fi - -. "$(readlink -f "$1")" - -exec dsvpn \ - ${MODE} \ - "$1".key \ - ${HOST:-auto} \ - ${PORT} \ - ${DEV} \ - ${LOCALTUNIP} \ - ${REMOTETUNIP} diff --git a/dsvpn-server.service.in b/dsvpn-server.service.in deleted file mode 100644 index 765f46a..0000000 --- a/dsvpn-server.service.in +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Dead Simple VPN - Server -After=network.target network-online.target - -[Service] -ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2 -Restart=always -RestartSec=15 - -[Install] -WantedBy=network.target \ No newline at end of file diff --git a/dsvpn-server@.service.in b/dsvpn-server@.service.in deleted file mode 100644 index 2365398..0000000 --- a/dsvpn-server@.service.in +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Dead Simple VPN - Server on %I -After=network.target network-online.target - -[Service] -ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i -Restart=always -RestartSec=15 - -[Install] -WantedBy=network.target \ No newline at end of file diff --git a/dsvpn0-config b/dsvpn0-config deleted file mode 100644 index 647f160..0000000 --- a/dsvpn0-config +++ /dev/null @@ -1,6 +0,0 @@ -PORT=65401 -HOST=0.0.0.0 -DEV=dsvpn0 -MODE=server -LOCALTUNIP=10.255.251.1 -REMOTETUNIP=10.255.251.2 diff --git a/fail2ban-filter-openvpn.conf b/fail2ban-filter-openvpn.conf deleted file mode 100644 index 1a53b2f..0000000 --- a/fail2ban-filter-openvpn.conf +++ /dev/null @@ -1,10 +0,0 @@ -[INCLUDES] -before = common.conf - -[Definition] -_daemon = ovpn-server -failregex =%(__prefix_line)s:[0-9]{4,5} TLS Auth Error:.* - %(__prefix_line)s:[0-9]{4,5} VERIFY ERROR:.* - %(__prefix_line)s:[0-9]{4,5} TLS Error: TLS handshake failed.* - %(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]:[0-9]{4,5} -maxlines = 1 diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf deleted file mode 100644 index 45cf34d..0000000 --- a/fail2ban-jail-openmptcprouter.conf +++ /dev/null @@ -1,21 +0,0 @@ -[DEFAULT] -backend = systemd -banaction = shorewall - -[sshd] -enabled = true - -[openvpn_tcp] -enabled = true -port = 65301 -protocol = tcp -filter = openvpn -maxretry = 5 - -[openvpn_udp] -enabled = true -port = 65301 -protocol = udp -filter = openvpn -maxretry = 5 - diff --git a/glorytun-tcp-post.sh b/glorytun-tcp-post.sh deleted file mode 100644 index e993b04..0000000 --- a/glorytun-tcp-post.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -[ ! -f $(readlink -f "$1") ] && exit 1 -. "$(readlink -f "$1")" - -INTF=gt-${DEV} -[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1" -[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3" -while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do - sleep 2 -done -[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && { - ip link set dev ${INTF} up 2>&1 >/dev/null - ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null -} diff --git a/glorytun-tcp-run b/glorytun-tcp-run index 0572861..9ccbee6 100644 --- a/glorytun-tcp-run +++ b/glorytun-tcp-run @@ -9,7 +9,7 @@ fi . "$(readlink -f "$1")" -DEV="gt-$(basename "$1")" +DEV="gt${HOST:+c}-$(basename "$1")" exec glorytun-tcp \ ${SERVER:+listener} \ diff --git a/glorytun-tcp@.service.in b/glorytun-tcp@.service.in index 5fdc62b..1d9eaa5 100644 --- a/glorytun-tcp@.service.in +++ b/glorytun-tcp@.service.in @@ -6,7 +6,6 @@ After=network.target network-online.target Type=simple Restart=always ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i -ExecStartPost=-/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/%i CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW [Install] diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh deleted file mode 100644 index 51a20f0..0000000 --- a/glorytun-udp-post.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -[ ! -f $(readlink -f "$1") ] && exit 1 -. "$(readlink -f "$1")" - -INTF=gt-udp-${DEV} -[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1" -[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3" -while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do - sleep 2 -done -[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && { - ip link set dev ${INTF} up 2>&1 >/dev/null - ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null -} -tc qdisc replace dev $INTF root cake -ip link set $INTF txqlen 100 -glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null \ No newline at end of file diff --git a/glorytun-udp-run b/glorytun-udp-run index fb66c92..d393056 100644 --- a/glorytun-udp-run +++ b/glorytun-udp-run @@ -9,10 +9,11 @@ fi . "$(readlink -f "$1")" -DEV="gt-udp-$(basename "$1")" +DEV="gt${HOST:+c}-udp-$(basename "$1")" exec glorytun \ - bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \ + bind $BIND $BIND_PORT \ keyfile "$1".key \ ${DEV:+dev "$DEV"} \ + ${HOST:+to "$HOST" "$PORT"} \ ${OPTIONS:+$OPTIONS} diff --git a/glorytun-udp@.service.in b/glorytun-udp@.service.in index 8d1314f..3a38fa2 100644 --- a/glorytun-udp@.service.in +++ b/glorytun-udp@.service.in @@ -7,7 +7,6 @@ Type=simple Restart=always EnvironmentFile=/etc/glorytun-udp/%i ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i -ExecStartPost=-/etc/glorytun-udp/post.sh /etc/glorytun-udp/%i CapabilityBoundingSet=CAP_NET_ADMIN [Install] diff --git a/iperf3.override.conf b/iperf3.override.conf deleted file mode 100644 index 94edfcc..0000000 --- a/iperf3.override.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem \ No newline at end of file diff --git a/iperf3.service.in b/iperf3.service.in index 03f7ff2..72d8094 100644 --- a/iperf3.service.in +++ b/iperf3.service.in @@ -3,7 +3,7 @@ Description=iperf3 Requires=network.target [Service] -ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem +ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem Restart=on-failure [Install] diff --git a/manager.json b/manager.json deleted file mode 100644 index 00923b9..0000000 --- a/manager.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "mptcp": true, - "ipv6_first": true, - "no_delay": true, - "ebpf": false, - "server": [ - "[::0]", - "0.0.0.0" - ], - "method": "chacha20-ietf-poly1305", - "fast_open": true, - "timeout": 1000, - "port_key": { - "65101": "MySecretKey", - }, - "local_port": 1081, - "verbose": 0, - "acl": "/etc/shadowsocks-libev/local.acl", - "mode": "tcp_and_udp", - "reuse_port": true, - "prefer_ipv6": false -} \ No newline at end of file diff --git a/mlvpn0.conf b/mlvpn0.conf index cc24e47..711c84d 100644 --- a/mlvpn0.conf +++ b/mlvpn0.conf @@ -5,7 +5,7 @@ interface_name = "mlvpn0" timeout = 30 password = "MLVPN_PASS" reorder_buffer = yes -reorder_buffer_size = 128 +reorder_buffer_size = 64 loss_tolerence = 50 [wan1] diff --git a/mlvpn@.service.in b/mlvpn@.service.in deleted file mode 100644 index 263a63b..0000000 --- a/mlvpn@.service.in +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=MLVPN connection to %i -PartOf=mlvpn.service -ReloadPropagatedFrom=mlvpn.service -After=network.target network-online.target - -[Service] -Type=notify -NotifyAccess=main -ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet -ExecReload=/bin/kill -HUP $MAINPID -WorkingDirectory=/etc/mlvpn -Restart=always - -[Install] -WantedBy=multi-user.target - - diff --git a/multipath b/multipath old mode 100755 new mode 100644 index bc90876..cee0743 --- a/multipath +++ b/multipath @@ -6,8 +6,9 @@ # Released under GPL 3 or later if [ -d "/proc/sys/net/mptcp" ]; then - if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then + if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then echo "MPTCP is disabled!" + echo "Please set net.mptcp.mptcp_enabled = 1" exit 1 fi else @@ -25,7 +26,7 @@ case $1 in echo " multipath device {on | off | backup | handover}" echo echo "show established conections: -c" - echo "show fullmesh info: -f" + echo "show mullmesh info: -f" echo "show kernel config: -k" echo echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" @@ -42,28 +43,12 @@ case $1 in cat /proc/net/mptcp_fullmesh exit 0;; "-k") - if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then - echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` - elif [ -f /proc/sys/net/mptcp/enabled ]; then - echo Enabled: `cat /proc/sys/net/mptcp/enabled` - fi - if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then - echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` - fi - if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then - echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` - else - echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled` - fi - if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then - echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` - fi - if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then - echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` - fi - if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then - echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` - fi + echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` + echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` + echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` + echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` + echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` + echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` echo echo See http://multipath-tcp.org/ for details exit 0 ;; @@ -80,98 +65,38 @@ TYPE="$2" #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` [ -d "/sys/class/net/$DEVICE/" ] || { - #echo "Device '$DEVICE' can't found!" - #echo "Use the hardware name like in ifconfig" + echo "Device '$DEVICE' can't found!" + echo "Use the hardware name like in ifconfig" exit 1 } -if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then - FLAG_PATH="/sys/class/net/$DEVICE/flags" - IFF=`cat $FLAG_PATH` +FLAG_PATH="/sys/class/net/$DEVICE/flags" +IFF=`cat $FLAG_PATH` - IFF_OFF="0x80000" - IFF_ON="0x00" - IFF_BACKUP="0x100000" - IFF_HANDOVER="0x200000" - IFF_MASK="0x380000" +IFF_OFF="0x80000" +IFF_ON="0x00" +IFF_BACKUP="0x100000" +IFF_HANDOVER="0x200000" +IFF_MASK="0x380000" - case $TYPE in - "off") FLAG=$IFF_OFF;; - "on") FLAG=$IFF_ON;; - "backup") FLAG=$IFF_BACKUP;; - "handover") FLAG=$IFF_HANDOVER;; - "") - IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` - case "$IFF" in - $IFF_OFF) echo $DEVICE is deactivated;; - $IFF_ON) echo $DEVICE is in default mode;; - $IFF_BACKUP) echo $DEVICE is in backup mode;; - $IFF_HANDOVER) echo $DEVICE is in handover mode;; - *) echo "Unkown state!" && exit 1;; - esac - exit 0;; - *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; - esac +case $TYPE in + "off") FLAG=$IFF_OFF;; + "on") FLAG=$IFF_ON;; + "backup") FLAG=$IFF_BACKUP;; + "handover") FLAG=$IFF_HANDOVER;; + "") + IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` + case "$IFF" in + $IFF_OFF) echo $DEVICE is deactivated;; + $IFF_ON) echo $DEVICE is in default mode;; + $IFF_BACKUP) echo $DEVICE is in backup mode;; + $IFF_HANDOVER) echo $DEVICE is in handover mode;; + *) echo "Unkown state!" && exit 1;; + esac + exit 0;; + *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; +esac - printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH -else - ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') - IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') - #IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') - [ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local') - [ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local') - RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') - [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null - case $TYPE in - "off") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - exit 0;; - "on") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE subflow fullmesh - done - exit 0;; - "signal") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE signal - done - exit 0;; - "backup") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE backup fullmesh - done - exit 0;; - "") - case "$IFF" in - "") echo $DEVICE is deactivated;; - "subflow") echo $DEVICE is in default mode;; - "backup") echo $DEVICE is in backup mode;; - "signal") echo $DEVICE is in signal mode;; - "fullmesh") echo $DEVICE is in fullmesh mode;; - *) echo "$DEVICE Unkown state!" && exit 1;; - esac - exit 0;; - *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; - esac +printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH -fi diff --git a/old-v2ray.service b/old-v2ray.service deleted file mode 100644 index 9ed715a..0000000 --- a/old-v2ray.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=V2Ray - A unified platform for anti-censorship -Documentation=https://v2ray.com https://guide.v2fly.org -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple -#Type=exec -Type=simple -# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. -# This service runs as root. You may consider to run it as another user for security concerns. -# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. -# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 -User=root -#User=v2ray -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=yes -ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json -Restart=on-failure -# Don't restart in the case of configuration error -RestartPreventExitStatus=23 - -[Install] -WantedBy=multi-user.target diff --git a/omr-6in4-run b/omr-6in4-run deleted file mode 100755 index ae91dce..0000000 --- a/omr-6in4-run +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh - -set -e - -if [ ! -f "$2" ]; then - echo "usage: $(basename "$0") start FILE" - exit 1 -fi - -. "$(readlink -f "$2")" - -DEV="omr-6in4-$(basename "$2")" - -if [ "$1" = "start" ]; then - [ -n "$(ip tunnel show ${DEV})" ] && ip tunnel del ${DEV} 2>&1 >/dev/null - ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP} - ip -6 addr add ${LOCALIP6} dev ${DEV} - ip link set ${DEV} up - [ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV} -fi -if [ "$1" = "stop" ]; then - ip tunnel del ${DEV} -fi diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in deleted file mode 100644 index 9af8b55..0000000 --- a/omr-admin-ipv6.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR-Admin IPv6 -After=network.target network-online.target - -[Service] -Type=simple -Restart=always -ExecStart=/usr/local/bin/omr-admin.py --host="::" -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP - -[Install] -WantedBy=multi-user.target diff --git a/omr-admin.service.in b/omr-admin.service.in deleted file mode 100644 index ba30724..0000000 --- a/omr-admin.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR-Admin -After=network.target network-online.target - -[Service] -Type=simple -Restart=always -ExecStart=/usr/local/bin/omr-admin.py -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP - -[Install] -WantedBy=multi-user.target diff --git a/omr-bypass b/omr-bypass deleted file mode 100755 index 5aa8e02..0000000 --- a/omr-bypass +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh -# Copyright (C) 2023 Ycarus (Yannick Chabanois) for OpenMPTCProuter -# Released under GPL 3. See LICENSE for the full terms. - -[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0 - -# Configuration -INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" -[ "$INTERFACE" = "null" ] && INTERFACE="vpn1" -GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" -GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" -TABLE="991337" -MARK="0x539" - -CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')" -PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" -[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0 -jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp -mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json -# Action -ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null -ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null -ipset -q --exist restore <<-EOF -create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64 -create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64 -EOF -ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[]) -for ip in $ipv4; do - ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip -done -ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[]) -for ip in $ipv6; do - ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip -done -iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass - --A PREROUTING -j omr-bypass -COMMIT -EOF -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass-local - --A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local -COMMIT -EOF -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle --A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass -m mark --mark ${MARK} -j RETURN --A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass-local -m mark --mark ${MARK} -j RETURN -COMMIT -EOF -ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 -ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE} -ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass - --A PREROUTING -j omr-bypass -COMMIT -EOF -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass-local - --A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local -COMMIT -EOF -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle --A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass -m mark --mark ${MARK} -j RETURN --A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass-local -m mark --mark ${MARK} -j RETURN -COMMIT -EOF -if [ -n "$GATEWAY6" ]; then - ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 - ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE} -fi \ No newline at end of file diff --git a/omr-bypass.service.in b/omr-bypass.service.in deleted file mode 100644 index 0d49437..0000000 --- a/omr-bypass.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR-ByPass -After=network.target network-online.target shorewall.service - -[Service] -Type=simple -ExecStart=/usr/local/bin/omr-bypass -KillSignal=9 -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW - -[Install] -WantedBy=multi-user.target diff --git a/omr-bypass.timer.in b/omr-bypass.timer.in deleted file mode 100644 index 85d7eb7..0000000 --- a/omr-bypass.timer.in +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Timer for omr-bypass - -[Timer] -OnUnitActiveSec=300 - -[Install] -WantedBy=timers.target diff --git a/omr-pihole.sh b/omr-pihole.sh index b8b0c27..460b060 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -1,18 +1,4 @@ #!/bin/sh -if [ -f /etc/os-release ]; then - . /etc/os-release -else - . /usr/lib/os-release -fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then - echo "This script doesn't work with Debian Stretch (9.x)" - exit 1 -fi -if [ "$(id -u)" -ne 0 ]; then - echo "You must run the script as root" - exit 1 -fi - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "Don't apply Pi-hole firewall rules." @@ -28,17 +14,15 @@ cat > /etc/lighttpd/external.conf << 'EOF' server.bind="10.255.255.1" $SERVER["socket"] == "10.255.254.1:80" { } $SERVER["socket"] == "10.255.252.1:80" { } -$SERVER["socket"] == "10.255.251.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { } EOF -systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd +systemctl -q restart lighttpd grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf cat >> /etc/pihole/setupVars.conf <<-EOF PIHOLE_INTERFACE=gt-tun0 IPV4_ADDRESS=10.255.0.0/16 -IPV6_ADDRESS=fd00::a00:/106 -RATE_LIMIT=0/0 +IPV6_ADDRESS=fe80::aff:ff01/64 EOF grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf @@ -48,7 +32,6 @@ interface=gt-tun0 interface=gt-udp-tun0 interface=tun0 interface=mlvpn0 -interface=dsvpn0 EOF systemctl -q restart pihole-FTL echo "Done" diff --git a/omr-service b/omr-service index e927ab6..1be3871 100755 --- a/omr-service +++ b/omr-service @@ -1,232 +1,116 @@ #!/bin/bash # OpenMPTCProuter VPS service script +# This script configure 6in4, multipath and firewall for current VPN + +if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then + ip route del fd00::/8 via fe80::a00:2 dev omr-6in4 + ip link set omr-6in4 down + ip tunnel del omr-6in4 + exit 0 +fi _multipath() { # Force multipath status source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do - if [ "$intf" != "bonding_masters" ]; then - if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then - [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1 - [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { - multipath $intf signal >/dev/null 2>&1 - ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1 - } - else - [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1 - fi + if [ "$intf" = "$NET_IFACE" ]; then + multipath $intf on + else + multipath $intf off fi done } -_glorytun_udp() { - #if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then - if systemctl list-unit-files glorytun-udp@.service >/dev/null; then - [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { - logger -t "OMR-Service" "Restart Glorytun-UDP" - systemctl -q restart 'glorytun-udp@*' - sleep 10 - } - for intf in /etc/glorytun-udp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} - done - #ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1 - fi -} +# Add IPv6 tunnel +if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then + ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1 +else + ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1 + ip addr add fe80::a00:1/64 dev omr-6in4 >/dev/null 2>&1 +fi +ip link set omr-6in4 up +ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4 -_glorytun_tcp() { - #if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then - if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then - for intf in /etc/glorytun-tcp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf} - done - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.255.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then - logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" - systemctl restart glorytun-tcp@tun0 - sleep 10 - fi - fi - #ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1 - fi -} - -_dsvpn() { - #if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then - if systemctl list-unit-files dsvpn-server@.service >/dev/null; then - [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1 - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then - localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.251.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then - logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" - systemctl restart dsvpn-server@dsvpn0 - fi - #ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1 - fi - fi -} - -_shadowsocks() { - if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then - [ -z "$(pgrep ss-server)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev" - systemctl restart shadowsocks-libev-manager@manager - } - fi -} - -_shadowsocks_go() { - if systemctl list-unit-files shadowsocks-go.service >/dev/null; then - [ -z "$(pgrep shadowsocks-go)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go" - systemctl restart shadowsocks-go - } - fi -} - -_xray() { - if systemctl list-unit-files xray.service >/dev/null; then - [ -z "$(pgrep xray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart XRay" - systemctl restart xray - } - fi -} - -_v2ray() { - if systemctl list-unit-files v2ray.service >/dev/null; then - [ -z "$(pgrep v2ray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart V2Ray" - systemctl restart v2ray - } - fi -} - -_wireguard() { - #if [ -n "$(systemctl -a | grep 'wg')" ]; then - if systemctl list-unit-files wg-quick@.service >/dev/null; then - [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1 - [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1 - fi -} - - -_omr_api() { - [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { - logger -t "OMR-Service" "Can't contact API, restart OMR-Admin" - systemctl -q restart omr-admin +_ping() { + local host=$1 + ret=$(ping -4 "${host}" \ + -W 5 \ + -c 1 \ + -q + ) + [ -n "$ret" ] && echo "$ret" | grep -s " 0% packet loss" > /dev/null && { + return } + false } -_lan_route() { - jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json | - while IFS=$"\n" read -r c; do - if [ -n "$c" ]; then - vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - username=$(echo "$c" | jq -r '.username') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c -r '.lanips[]? //empty' | - while IFS=$"\n" read -r d; do - if [ "$d" != "" ]; then - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1) - netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 - [ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username} - fi - done - fi +_ping_range() { + local network=$1 + for i in {2..50} ;do + _ping $network$i + pingr=$? + if $(exit $pingr); then + ipd=$network$i + return fi done + false } -_gre_tunnels() { - . "$(readlink -f "/etc/shorewall/params.vpn")" - if [ -n "$OMR_ADDR" ]; then - for intf in /etc/openmptcprouter-vps-admin/intf/*; do - if [ -f "$intf" ]; then - . "$(readlink -f "$intf")" - iface="$(basename $intf)" - if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then - [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1 - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1 - ip link set $iface up >/dev/null 2>&1 - ip addr add $LOCALIP dev $iface >/dev/null 2>&1 - ip route add $NETWORK dev $iface >/dev/null 2>&1 - fi - fi - done - fi -} - -_openvpn_bonding() { - if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then - echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1 - ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding1 up >/dev/null 2>&1 - ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding2 up >/dev/null 2>&1 - ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding3 up >/dev/null 2>&1 - ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding4 up >/dev/null 2>&1 - ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding5 up >/dev/null 2>&1 - ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding6 up >/dev/null 2>&1 - ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding7 up >/dev/null 2>&1 - ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding8 up >/dev/null 2>&1 - ip link set omr-bonding up mtu 1440 >/dev/null 2>&1 - ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1 - ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1 - ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1 - fi -} - -_vpn1() { - vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0') - [ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default') - if [ -n "$vpn1route" ]; then - ip r del $vpn1route - vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')" - ip r a default via $vpngw dev vpn1 table 991337 - for route in $(ip r show dev vpn1); do - ip r a $route table 991337 - done - fi -} - -sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1 -modprobe bonding >/dev/null 2>&1 -ip link add omr-bonding type bond >/dev/null 2>&1 -#[ -n "$(uname -r | grep '6.1')" ] && { -# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & -#} - -gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" -lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" - while true; do - _glorytun_udp - _glorytun_tcp - _shadowsocks - _shadowsocks_go - _xray - _v2ray - _dsvpn - _wireguard - _multipath - _omr_api - [ "$lan_routes" != "false" ] && _lan_route - [ "$gre_tunnels" != "false" ] && _gre_tunnels - _openvpn_bonding - _vpn1 + source /etc/shorewall/params.vpn + iface="" + currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n") + currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n") + if [ -n "$currentpeer" ]; then + _ping $currentpeer + status=$? + if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then + allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet) + allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet) + [ -d "/sys/class/net/mlvpn0" ] && allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet) + [ -d "/sys/class/net/tun0" ] && allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet) + allip="$allip_tcp +$allip_udp +$allip_openvpn +$allip_mlvpn" + while IFS= read -r inet; do + ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n") + if [ "$ip" != "" ]; then + _ping_range $(echo $ip | sed 's/.1/./' | tr -d "\n") + statusr=$? + if $(exit $statusr); then + _ping $ipd + statusp=$? + if $(exit $statusp); then + logger -t "OMR-Service" "Set new 6in4 tunnel IPs" + ip tunnel change omr-6in4 mode sit remote $ipd local $ip + echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn + echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn + iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n") + echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn + systemctl reload shorewall + _multipath + break + fi + fi + fi + done < <(printf '%s\n' "$allip") + [ -z "$iface" ] && { + logger -t "OMR-Service" "Restart Glorytun and networkd" + systemctl -q restart glorytun-tcp@tun0 + systemctl -q restart glorytun-udp@tun0 + systemctl -q restart systemd-networkd + _multipath + sleep 10 + } + fi + fi + result="$(curl -Isk -m 30 https://127.0.0.1:65500/status | head -n 1 | grep 401)" + if [ "$result" = "" ]; then + logger -t "OMR-Service" "Restart OMR Admin" + systemctl -q restart omr-admin + sleep 10 + fi sleep 10 done diff --git a/omr-test-speed b/omr-test-speed deleted file mode 100644 index 15666e1..0000000 --- a/omr-test-speed +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -HETZNER=false -if [ "$1" = "hetzner" ]; then - HETZNER=true - INTERFACE="$2" -else - INTERFACE="$1" -fi - -[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { - echo "You must use a real interface. You wan find them using 'ip a' for example" - exit 0 -} - -if [ "$HETZNER" = false ]; then - echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" - bestping="9999" - for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi - done -fi - -[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" - -echo "Best server is $HOST, running test:" -trap : HUP INT TERM -if [ -z "$INTERFACE" ]; then - curl -4 -o /dev/null $HOST || echo -else - domain=$(echo $HOST | awk -F/ '{print $3}') - hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then - for ip in $hostip; do - ipset add ss_rules_dst_bypass_all $ip - done - fi - curl -4 -o /dev/null --interface $INTERFACE $HOST || echo - if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then - for ip in $hostip; do - ipset del ss_rules_dst_bypass_all $ip - done - fi -fi diff --git a/omr-test-speedv6 b/omr-test-speedv6 deleted file mode 100644 index 3db10fe..0000000 --- a/omr-test-speedv6 +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -HETZNER=false -if [ "$1" = "hetzner" ]; then - HETZNER=true - INTERFACE="$2" -else - INTERFACE="$1" -fi - -[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { - echo "You must use a real interface. You wan find them using 'ip a' for example" - exit 0 -} - - -if [ "$HETZNER" = false ]; then - echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" - bestping="9999" - for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi - done -fi - -[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" - -echo "Best server is $HOST, running test:" -trap : HUP INT TERM -if [ -z "$INTERFACE" ]; then - curl -6 $HOST >/dev/null || echo -else - domain=$(echo $HOST | awk -F/ '{print $3}') - hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then - for ip in $hostip; do - ipset add ss_rules6_dst_bypass_all $ip - done - fi - curl -6 --interface $INTERFACE $HOST >/dev/null || echo - if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then - for ip in $hostip; do - ipset del ss_rules6_dst_bypass_all $ip - done - fi -fi diff --git a/omr-update b/omr-update deleted file mode 100755 index 6c3a094..0000000 --- a/omr-update +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server/debian.sh | sh - rm -f /etc/openmptcprouter-vps-admin/update - reboot -fi -if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then - LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh - rm -f /etc/openmptcprouter-vps-admin/update-bin - #reboot -fi diff --git a/omr-update.service.in b/omr-update.service.in deleted file mode 100644 index 99120f8..0000000 --- a/omr-update.service.in +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=OMR Update -After=network.target network-online.target - -[Service] -Type=simple -Restart=no -ExecStart=/usr/bin/omr-update -#ExecStart=/usr/share/omr-server/debian9-x86_64.sh -AmbientCapabilities= -StandardOutput=file:/var/log/omr-update.log -StandardError=file:/var/log/omr-update.log - -[Install] -WantedBy=multi-user.target diff --git a/omr.service.in b/omr.service.in index 0e9352b..9ce5fa5 100644 --- a/omr.service.in +++ b/omr.service.in @@ -1,12 +1,12 @@ [Unit] Description=OMR -After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service +After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service [Service] Type=simple Restart=always ExecStart=/usr/local/bin/omr-service -KillSignal=9 +ExecStop=/usr/local/bin/omr-service stop CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW [Install] diff --git a/omr6in4@.service.in b/omr6in4@.service.in deleted file mode 100644 index a2e9722..0000000 --- a/omr6in4@.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR6IN4 on %I -After=network.target network-online.target - -[Service] -Type=oneshot -ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i -RemainAfterExit=true -ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i - -[Install] -WantedBy=multi-user.target diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz deleted file mode 100644 index fcc04f3..0000000 Binary files a/openmptcprouter-shorewall.tar.gz and /dev/null differ diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz deleted file mode 100644 index e186946..0000000 Binary files a/openmptcprouter-shorewall6.tar.gz and /dev/null differ diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf deleted file mode 100644 index 45a07d7..0000000 --- a/openvpn-bonding1.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding1 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65351 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf deleted file mode 100644 index 71798b4..0000000 --- a/openvpn-bonding2.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding2 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65352 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf deleted file mode 100644 index 9614a96..0000000 --- a/openvpn-bonding3.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding3 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65353 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf deleted file mode 100644 index 846f5dc..0000000 --- a/openvpn-bonding4.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding4 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65354 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf deleted file mode 100644 index aafccd3..0000000 --- a/openvpn-bonding5.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding5 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65355 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf deleted file mode 100644 index 30b2067..0000000 --- a/openvpn-bonding6.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding6 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65356 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf deleted file mode 100644 index c5f1fe1..0000000 --- a/openvpn-bonding7.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding7 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65357 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf deleted file mode 100644 index dbdd11b..0000000 --- a/openvpn-bonding8.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding8 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65358 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf deleted file mode 100644 index bc93c87..0000000 --- a/openvpn-tun0.6.1.conf +++ /dev/null @@ -1,34 +0,0 @@ -topology subnet -dev tun0 -user nobody -group nogroup -data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 -disable-dco -proto tcp-server -proto tcp6-server -port 65301 -persist-tun -persist-key -duplicate-cn -verb 3 -server 10.255.252.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 -txqueuelen 1000 -sndbuf 262144 -push "sndbuf 262144" -rcvbuf 262144 -push "rcvbuf 262144" -tun-mtu 1420 -tls-server -tls-version-min 1.2 -#push "route 10.255.252.1 255.255.255.255" -client-config-dir ccd -ifconfig-pool-persist ccd/ipp_tcp.txt -passtos -management 127.0.0.1 65302 -tcp-nodelay diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index a6d1864..228e5c1 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -1,29 +1,8 @@ -dev tun0 -user nobody -group nogroup +dev tun +secret /etc/openvpn/server/static.key cipher AES-256-CBC -proto tcp +proto tcp-server port 65301 persist-tun persist-key -reneg-sec 0 -duplicate-cn -verb 3 -server 10.255.252.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 -sndbuf 0 -rcvbuf 0 -txqueuelen 2000 -tun-mtu 1400 -mssfix 1360 -tls-server -tls-version-min 1.2 -#compress lzo -#push "route 10.255.252.1 255.255.255.255" -client-config-dir ccd -management localhost 65302 + diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf deleted file mode 100644 index 6d91a8e..0000000 --- a/openvpn-tun1.6.1.conf +++ /dev/null @@ -1,30 +0,0 @@ -topology subnet -dev tun1 -data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 -proto udp -proto udp6 -port 65301 -persist-tun -persist-key -duplicate-cn -verb 3 -server 10.255.250.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 -txqueuelen 1000 -sndbuf 262144 -push "sndbuf 262144" -rcvbuf 262144 -push "rcvbuf 262144" -tun-mtu 1420 -tls-server -tls-version-min 1.2 -push "route 10.255.250.1 255.255.255.255" -#client-config-dir ccd -#ifconfig-pool-persist ccd/ipp_udp.txt -#fast-io -passtos diff --git a/openvpn-tun1.conf b/openvpn-tun1.conf deleted file mode 100644 index a5028f6..0000000 --- a/openvpn-tun1.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev tun1 -cipher AES-256-CBC -proto udp -port 65301 -persist-tun -persist-key -reneg-sec 0 -duplicate-cn -#ncp-disable -#mssfix 1300 -verb 3 -server 10.255.250.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 diff --git a/openvpn.network b/openvpn.network index fec6892..2d85ed5 100644 --- a/openvpn.network +++ b/openvpn.network @@ -1,5 +1,5 @@ [Match] -Name=tun0 +Name=tun* [Network] Description=OpenVPN tunnel diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json deleted file mode 100644 index 7d4704a..0000000 --- a/shadowsocks-go.server.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "servers": [ - { - "name": "ss-2022", - "protocol": "2022-blake3-aes-256-gcm", - "tcpListeners": [ - { - "network": "tcp", - "address": ":65280", - "fastOpen": false, - "reusePort": false, - "multipath": true - } - ], - "enableTCP": true, - "listenerTFO": true, - "enableUDP": true, - "mtu": 1500, - "psk": "PSK", - "uPSKStorePath": "/etc/shadowsocks-go/upsks.json" - } - ], - "stats": { - "enabled": true - }, - "api": { - "enabled": true, - "debugPprof": false, - "trustedProxies": [], - "listeners": [ - { - "network": "tcp", - "address": "127.0.0.1:65279" - } - ] - } -} \ No newline at end of file diff --git a/shadowsocks-libev-manager@.service.in b/shadowsocks-libev-manager@.service.in deleted file mode 100644 index e78d09c..0000000 --- a/shadowsocks-libev-manager@.service.in +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Shadowsocks-Libev Custom Manager Service for %I -After=network-online.target - -[Service] -Type=simple -CapabilityBoundingSet=CAP_NET_BIND_SERVICE -AmbientCapabilities=CAP_NET_BIND_SERVICE -LimitNOFILE=99999 -LimitNPROC=99999 -ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839 -Restart=always - -[Install] -WantedBy=multi-user.target \ No newline at end of file diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf deleted file mode 100644 index 7828850..0000000 --- a/shadowsocks.6.1.conf +++ /dev/null @@ -1,77 +0,0 @@ -# local sysctl settings can be stored in this directory -# max open files -fs.file-max = 512000 -# max read buffer -net.core.rmem_max = 7500000 -# max write buffer -net.core.wmem_max = 7500000 -#net.core.optmem_max = 33554432 -# default read buffer -#net.core.rmem_default = 16777216 -# default write buffer -#net.core.wmem_default = 16777216 -# max processor input queue -net.core.netdev_max_backlog = 10000 -# max backlog -net.core.somaxconn = 16384 - -# resist SYN flood attacks -net.ipv4.tcp_syncookies = 1 -# reuse timewait sockets when safe -net.ipv4.tcp_tw_reuse = 1 -# turn off fast timewait sockets recycling -#net.ipv4.tcp_tw_recycle = 0 -# short FIN timeout -net.ipv4.tcp_fin_timeout = 30 -# Increase max orphans -net.ipv4.tcp_max_orphans = 16384 -# short keepalive time -net.ipv4.tcp_keepalive_time = 7200 -# outbound port range -net.ipv4.ip_local_port_range = 9999 65000 -# max SYN backlog -net.ipv4.tcp_max_syn_backlog = 4096 -# max timewait sockets held by system simultaneously -net.ipv4.tcp_max_tw_buckets = 16384 -# turn on TCP Fast Open on both client and server side -net.ipv4.tcp_fastopen = 3 -# TCP buffer -net.ipv4.tcp_mem = 409600 819200 1638400 -# UDP buffer -net.ipv4.udp_mem = 4096 87380 16777216 -# TCP receive buffer -net.ipv4.tcp_rmem = 4096 87380 16777216 -# TCP write buffer -net.ipv4.tcp_wmem = 4096 87380 16777216 -# turn on path MTU discovery -net.ipv4.tcp_mtu_probing = 0 -# 1/8 * available memory in receive buffer -net.ipv4.tcp_adv_win_scale=-3 -# limits the size of unsent bytes in the write queue -net.ipv4.tcp_notsent_lowat = 131072 - -# for low-latency network, use cubic instead -net.core.default_qdisc = fq -# Default conntrack is too small -net.netfilter.nf_conntrack_max = 524288 -net.netfilter.nf_conntrack_buckets=131072 -net.netfilter.nf_conntrack_tcp_timeout_established = 86400 - -net.ipv4.conf.all.log_martians = 0 -net.ipv4.conf.default.log_martians = 0 - -# MPTCP settings -net.ipv4.tcp_ecn = 2 -net.mptcp.checksum_enabled = 0 -net.mptcp.add_addr_timeout = 120 -net.mptcp.allow_join_initial_addr_port = 1 -net.mptcp.enabled = 1 -net.mptcp.pm_type = 0 -net.mptcp.stale_loss_cnt = 4 -net.mptcp.mptcp_checksum=0 -net.mptcp.mptcp_path_manager=fullmesh -net.mptcp.mptcp_scheduler=mptcp_burst -net.mptcp.mptcp_syn_retries=4 -net.mptcp.mptcp_version=1 -net.mptcp.checksum_enabled=0 -net.ipv4.tcp_congestion_control=bbr \ No newline at end of file diff --git a/shadowsocks.conf b/shadowsocks.conf index aa9587f..ca80a5e 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -2,10 +2,10 @@ # max open files fs.file-max = 512000 # max read buffer -net.core.rmem_max = 67108864 +net.core.rmem_max = 150000000 # max write buffer -net.core.wmem_max = 67108864 -net.core.optmem_max = 33554432 +net.core.wmem_max = 75000000 +net.core.optmem_max = 75000000 # default read buffer net.core.rmem_default = 131072 # default write buffer @@ -22,27 +22,25 @@ net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout -net.ipv4.tcp_fin_timeout = 30 -# Increase max orphans -net.ipv4.tcp_max_orphans = 16384 +net.ipv4.tcp_fin_timeout = 80 # short keepalive time net.ipv4.tcp_keepalive_time = 7200 # outbound port range net.ipv4.ip_local_port_range = 9999 65000 # max SYN backlog -net.ipv4.tcp_max_syn_backlog = 10240 +net.ipv4.tcp_max_syn_backlog = 4096 # max timewait sockets held by system simultaneously net.ipv4.tcp_max_tw_buckets = 10000 # turn on TCP Fast Open on both client and server side net.ipv4.tcp_fastopen = 3 # TCP buffer -net.ipv4.tcp_mem = 8092 131072 67108864 +net.ipv4.tcp_mem = 768174 75000000 150000000 # UDP buffer -net.ipv4.udp_mem = 8092 131072 67108864 +net.ipv4.udp_mem = 768174 75000000 150000000 # TCP receive buffer -net.ipv4.tcp_rmem = 4096 87380 33554432 +net.ipv4.tcp_rmem = 4096 524288 75000000 # TCP write buffer -net.ipv4.tcp_wmem = 4096 65536 33554432 +net.ipv4.tcp_wmem = 4096 524288 75000000 # turn on path MTU discovery net.ipv4.tcp_mtu_probing = 0 @@ -50,15 +48,8 @@ net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_congestion_control = bbr net.core.default_qdisc = fq # Default conntrack is too small -net.netfilter.nf_conntrack_max = 524288 -net.netfilter.nf_conntrack_buckets=131072 -net.netfilter.nf_conntrack_tcp_timeout_established = 86400 - -net.ipv4.conf.all.log_martians = 0 -net.ipv4.conf.default.log_martians = 0 +net.netfilter.nf_conntrack_max = 131072 # MPTCP settings net.mptcp.mptcp_checksum = 0 -net.mptcp.mptcp_syn_retries = 4 -net.mptcp.mptcp_scheduler = blest -net.ipv4.tcp_ecn = 2 +net.mptcp.mptcp_syn_retries = 1 diff --git a/shorewall4/interfaces b/shorewall4/interfaces index bb8b644..0f6a403 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -14,13 +14,9 @@ ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0 -vpn gt-tun+ nosmurfs,tcpflags -vpn gt-udp-tun+ nosmurfs,tcpflags -vpn mlvpn+ nosmurfs,tcpflags -vpn tun+ nosmurfs,tcpflags -vpn wg+ nosmurfs,tcpflags -vpncl client-wg+ nosmurfs,tcpflags -vpn dsvpn+ nosmurfs,tcpflags -vpn gre-user+ nosmurfs,tcpflags -vpn omr-bonding nosmurfs,tcpflags +net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0 +vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags +vpn gt-udp-tun0 nosmurfs,routefilter,logmartians,tcpflags +vpn mlvpn0 nosmurfs,routefilter,logmartians,tcpflags +vpn tun0 nosmurfs,routefilter,logmartians,tcpflags + diff --git a/shorewall4/params.vpn b/shorewall4/params.vpn index 074e6ec..e4082cb 100644 --- a/shorewall4/params.vpn +++ b/shorewall4/params.vpn @@ -1,3 +1,3 @@ -VPS_ADDR=10.255.252.1 -OMR_ADDR=10.255.252.2 -VPS_IFACE=tun0 +VPS_ADDR=10.255.255.1 +OMR_ADDR=10.255.255.2 +VPS_IFACE=gt-tun0 diff --git a/shorewall4/policy b/shorewall4/policy index 910acb0..7d12fd2 100644 --- a/shorewall4/policy +++ b/shorewall4/policy @@ -17,10 +17,7 @@ vpn net ACCEPT vpn fw ACCEPT fw vpn ACCEPT fw net ACCEPT -net all DROP -vpn vpn DROP -vpncl vpn ACCEPT -vpn vpncl ACCEPT +net all DROP info # THE FOLLOWING POLICY MUST BE LAST -all all REJECT +all all REJECT info diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index d1ed03f..e82701f 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -39,7 +39,7 @@ INVALID_LOG_LEVEL= LOG_BACKEND= -LOG_MARTIANS=No +LOG_MARTIANS=Yes LOG_VERBOSITY=2 @@ -108,11 +108,10 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)" +DROP_DEFAULT=Drop NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)" +REJECT_DEFAULT=Reject ############################################################################### # R S H / R C P C O M M A N D S @@ -145,17 +144,17 @@ BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" -#CHAIN_SCRIPTS=Yes +CHAIN_SCRIPTS=Yes CLAMPMSS=No -CLEAR_TC=No +CLEAR_TC=Yes COMPLETE=No DEFER_DNS_RESOLUTION=Yes -DELETE_THEN_ADD=No +DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No @@ -181,7 +180,7 @@ IGNOREUNKNOWNVARIABLES=No IMPLICIT_CONTINUE=No -#INLINE_MATCHES=No +INLINE_MATCHES=No IPSET_WARNINGS=Yes @@ -189,7 +188,7 @@ IP_FORWARDING=On KEEP_RT_TABLES=No -#LOAD_HELPERS_ONLY=Yes +LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter @@ -197,13 +196,13 @@ MACLIST_TTL= MANGLE_ENABLED=Yes -#MAPOLDACTIONS=No +MAPOLDACTIONS=No MARK_IN_FORWARD_CHAIN=No MINIUPNPD=No -#MODULE_SUFFIX=ko +MODULE_SUFFIX=ko MULTICAST=No @@ -233,7 +232,7 @@ SAVE_ARPTABLES=No SAVE_IPSETS=No -TC_ENABLED=No +TC_ENABLED=Simple TC_EXPERT=No diff --git a/shorewall4/snat b/shorewall4/snat index 8435e40..fec1ff9 100644 --- a/shorewall4/snat +++ b/shorewall4/snat @@ -15,14 +15,7 @@ ########################################################################################################################################### #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # -MASQUERADE 10.255.247.0/24,\ - 10.255.248.0/24,\ - 10.255.250.0/24,\ - 10.255.251.0/24,\ - 10.255.252.0/24,\ - 10.255.253.0/24,\ - 10.255.254.0/24,\ - 10.255.255.0/24,\ +MASQUERADE 10.0.0.0/8,\ 169.254.0.0/16,\ 172.16.0.0/12,\ 192.168.0.0/16 $NET_IFACE diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules index 30eeac9..b276de9 100644 --- a/shorewall4/stoppedrules +++ b/shorewall4/stoppedrules @@ -13,18 +13,12 @@ ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE # PORT(S) PORT(S) -ACCEPT gt-tun+ - -ACCEPT - gt-tun+ -ACCEPT gt-udp-tun+ - -ACCEPT - gt-udp-tun+ -ACCEPT mlvpn+ - -ACCEPT - mlvpn+ -ACCEPT dsvpn+ - -ACCEPT - dsvpn+ -ACCEPT tun+ - -ACCEPT - tun+ -ACCEPT wg+ - -ACCEPT - wg+ -ACCEPT client-wg+ - -ACCEPT - client-wg+ +ACCEPT gt-tun0 - +ACCEPT - gt-tun0 +ACCEPT gt-udp-tun0 - +ACCEPT - gt-udp-tun0 +ACCEPT mlvpn0 - +ACCEPT - mlvpn0 +ACCEPT tun0 - +ACCEPT - tun0 diff --git a/shorewall4/tcinterfaces b/shorewall4/tcinterfaces index 376cc36..106fbc6 100644 --- a/shorewall4/tcinterfaces +++ b/shorewall4/tcinterfaces @@ -1,3 +1,3 @@ #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH $NET_IFACE External -#$VPS_IFACE Internal \ No newline at end of file +$VPS_IFACE Internal \ No newline at end of file diff --git a/shorewall4/zones b/shorewall4/zones index 095a8e6..62fff26 100644 --- a/shorewall4/zones +++ b/shorewall4/zones @@ -16,5 +16,4 @@ fw firewall net ipv4 vpn ipv4 -vpncl ipv4 diff --git a/shorewall6/interfaces b/shorewall6/interfaces index b7e0d24..98d5a1f 100644 --- a/shorewall6/interfaces +++ b/shorewall6/interfaces @@ -14,6 +14,6 @@ ?FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS -net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1,routeback -vpn omr-6in4-user+ tcpflags,forward=1,routeback +net eth0 dhcp,tcpflags,rpfilter,forward=1 +vpn omr-6in4 tcpflags,forward=1 diff --git a/shorewall6/params b/shorewall6/params index 1249080..112eb98 100644 --- a/shorewall6/params +++ b/shorewall6/params @@ -21,5 +21,4 @@ # net eth0 - dhcp,nosmurfs # ############################################################################### -INCLUDE params.net -INCLUDE params.vpn +INCLUDE params.net \ No newline at end of file diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn deleted file mode 100644 index a7a7058..0000000 --- a/shorewall6/params.vpn +++ /dev/null @@ -1 +0,0 @@ -OMR_ADDR=fe80::a00:2 diff --git a/shorewall6/policy b/shorewall6/policy index 8b37313..dd80aa7 100644 --- a/shorewall6/policy +++ b/shorewall6/policy @@ -13,9 +13,9 @@ ############################################################################### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST -vpn all ACCEPT +vpn all ACCEPT info fw all ACCEPT -net all DROP +net all DROP info # THE FOLLOWING POLICY MUST BE LAST -all all REJECT +all all REJECT info diff --git a/shorewall6/rules b/shorewall6/rules index c33cced..bddeacd 100644 --- a/shorewall6/rules +++ b/shorewall6/rules @@ -30,18 +30,18 @@ DNS(ACCEPT) $FW net # # Allow Ping from/to the VPN # -ACCEPT vpn $FW ipv6-icmp -ACCEPT vpn net ipv6-icmp -ACCEPT $FW vpn ipv6-icmp +Ping(ACCEPT) vpn $FW +Ping(ACCEPT) vpn net +Ping(ACCEPT) $FW vpn # # Allow Ping from the firewall to the network # -ACCEPT $FW net ipv6-icmp +Ping(ACCEPT) $FW net # # Drop Ping from the "bad" net zone.. and prevent your log from being flooded.. # -#DROP net $FW ipv6-icmp -ACCEPT net $FW ipv6-icmp +#Ping(DROP) net $FW +Ping(ACCEPT) net $FW # # Accept connection from port > 65000 for shadowsocks and glorytun on the firewall # @@ -54,8 +54,7 @@ ACCEPT net $FW tcp 65222 # # DHCP forward to the VPN from the firewall # -ACCEPT $FW vpn udp 53 -ACCEPT vpn net udp 53 +DHCPfwd(ACCEPT) $FW vpn # # Redirect all port from 1 to 64999 to the VPN client from the network # diff --git a/shorewall6/shorewall6.conf b/shorewall6/shorewall6.conf index 699a0f2..3c18dc3 100644 --- a/shorewall6/shorewall6.conf +++ b/shorewall6/shorewall6.conf @@ -105,11 +105,10 @@ TC= ############################################################################### ACCEPT_DEFAULT=none -BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL" -DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" +DROP_DEFAULT=Drop NFQUEUE_DEFAULT=none QUEUE_DEFAULT=none -REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)" +REJECT_DEFAULT=Reject ############################################################################### # R S H / R C P C O M M A N D S @@ -138,7 +137,7 @@ BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" -#CHAIN_SCRIPTS=Yes +CHAIN_SCRIPTS=Yes CLAMPMSS=No @@ -168,7 +167,7 @@ IGNOREUNKNOWNVARIABLES=No IMPLICIT_CONTINUE=No -#INLINE_MATCHES=No +INLINE_MATCHES=No IPSET_WARNINGS=Yes @@ -176,7 +175,7 @@ IP_FORWARDING=On KEEP_RT_TABLES=Yes -#LOAD_HELPERS_ONLY=Yes +LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter diff --git a/shorewall6/snat b/shorewall6/snat index 38df7be..7468de7 100644 --- a/shorewall6/snat +++ b/shorewall6/snat @@ -18,4 +18,4 @@ MASQUERADE fe80::/10,\ fd00::/8 $NET_IFACE # SNAT from VPN server for all VPN clients -#SNAT(fe80::a00:1) ::/0 omr-6in4-user+ +SNAT(fe80::a00:1) ::/0 omr-6in4 diff --git a/shorewall6/stoppedrules b/shorewall6/stoppedrules index 7262894..5d964af 100644 --- a/shorewall6/stoppedrules +++ b/shorewall6/stoppedrules @@ -13,6 +13,6 @@ ############################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE # PORT(S) PORT(S) -#ACCEPT omr-6in4 - -#ACCEPT - omr-6in4 +ACCEPT omr-6in4 - +ACCEPT - omr-6in4 diff --git a/tun0.glorytun b/tun0.glorytun index 92b9816..2e5ee3f 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -1,7 +1,6 @@ PORT=65001 -HOST=0.0.0.0 DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 5000000 timeout 10000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp index 670bbac..a89e1a8 100644 --- a/tun0.glorytun-udp +++ b/tun0.glorytun-udp @@ -1,6 +1,4 @@ BIND=0.0.0.0 BIND_PORT=65001 -HOST=0.0.0.0 -PORT=5000 DEV=tun0 OPTIONS="chacha persist" diff --git a/ubond.network b/ubond.network deleted file mode 100644 index 814ae03..0000000 --- a/ubond.network +++ /dev/null @@ -1,17 +0,0 @@ -[Match] -Name=ubond* - -[Network] -Description=UBOND tunnel -Address=10.255.248.1/24 -DHCPServer=yes -IPMasquerade=yes - -[DHCPServer] -PoolOffset=2 -PoolSize=50 -EmitDNS=no -EmitNTP=no -DNS=9.9.9.9 -DefaultLeaseTimeSec=12h -MaxLeaseTimeSec=24h \ No newline at end of file diff --git a/ubond0.conf b/ubond0.conf deleted file mode 100644 index b6063fd..0000000 --- a/ubond0.conf +++ /dev/null @@ -1,42 +0,0 @@ -[general] -tuntap = "tun" -mode = "server" -interface_name = "ubond0" -timeout = 30 -password = "UBOND_PASS" -reorder_buffer = yes -reorder_buffer_size = 64 -loss_tolerence = 50 - -[wan1] -bindport = 65251 -bindhost = "0.0.0.0" - -[wan2] -bindport = 65252 -bindhost = "0.0.0.0" - -[wan3] -bindport = 65253 -bindhost = "0.0.0.0" - -[wan4] -bindport = 65254 -bindhost = "0.0.0.0" - -[wan5] -bindport = 65255 -bindhost = "0.0.0.0" - -[wan6] -bindport = 65256 -bindhost = "0.0.0.0" - -[wan7] -bindport = 65257 -bindhost = "0.0.0.0" - -[wan8] -bindport = 65258 -bindhost = "0.0.0.0" - diff --git a/ubond@.service.in b/ubond@.service.in deleted file mode 100644 index 18f8be6..0000000 --- a/ubond@.service.in +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=UBOND connection to %i -PartOf=ubond.service -ReloadPropagatedFrom=ubond.service -After=network.target network-online.target - -[Service] -Type=notify -NotifyAccess=main -ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet -ExecReload=/bin/kill -HUP $MAINPID -WorkingDirectory=/etc/ubond -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/ubuntu19.04-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/ubuntu20.04-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/v2ray-server.json b/v2ray-server.json deleted file mode 100644 index 95f8dbf..0000000 --- a/v2ray-server.json +++ /dev/null @@ -1,220 +0,0 @@ -{ - "log": { - "loglevel": "error", - "error": "/tmp/v2rayError.log" - }, - "transport": { - "tcpSettings": {}, - "wsSettings": {}, - "kcpSettings": { - "mtu": 1460, - "tti": 10, - "uplinkCapacity": 100, - "downlinkCapacity": 100, - "congestion": false, - "readBufferSize": 8, - "writeBufferSize": 8 - } - }, - "inbounds": [ - { - "tag": "omrin-tunnel", - "port": 65228, - "protocol": "vless", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-vmess-tunnel", - "port": 65230, - "protocol": "vmess", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-socks-tunnel", - "port": 65231, - "protocol": "socks", - "settings": { - "auth": "password", - "accounts": [ - { - "pass": "V2RAY_UUID", - "user": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-trojan-tunnel", - "port": 65229, - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "V2RAY_UUID", - "email": "openmptcprouter", - "level": 0 - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "listen": "127.0.0.1", - "port": 10085, - "protocol": "dokodemo-door", - "settings": { - "address": "127.0.0.1" - }, - "tag": "api" - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": { - "userLevel": 0 - }, - "tag": "direct" - } - ], - "routing": { - "rules": [ - { - "type": "field", - "inboundTag": [ - "omrin-tunnel", - "omrin-vmess-tunnel", - "omrin-socks-tunnel", - "omrin-trojan-tunnel" - ], - "outboundTag": "OMRLan", - "domain": [ - "full:omr.lan" - ] - }, - { - "inboundTag": [ - "api" - ], - "outboundTag": "api", - "type": "field" - } - ] - }, - "reverse": { - "portals": [ - { - "tag": "OMRLan", - "domain": "omr.lan" - } - ] - }, - "stats": {}, - "api": { - "tag": "api", - "services": [ - "HandlerService", - "LoggerService", - "StatsService" - ] - }, - "policy": { - "levels": { - "0": { - "uplinkOnly": 0, - "downlinkOnly": 0, - "bufferSize": 512, - "connIdle": 2400, - "statsUserUplink": true, - "statsUserDownlink": true - } - }, - "system": { - "statsInboundUplink": true, - "statsInboundDownlink": true - } - } -} diff --git a/v2ray.service b/v2ray.service deleted file mode 100644 index f97647e..0000000 --- a/v2ray.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=V2Ray Service -Documentation=https://www.v2fly.org/ -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -User=root -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=true -ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json -Restart=always -RestartPreventExitStatus=23 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/xray-server.json b/xray-server.json deleted file mode 100644 index 14c62ee..0000000 --- a/xray-server.json +++ /dev/null @@ -1,232 +0,0 @@ -{ - "log": { - "loglevel": "error", - "error": "/tmp/v2rayError.log" - }, - "inbounds": [ - { - "tag": "omrin-tunnel", - "port": 65248, - "protocol": "vless", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-vmess-tunnel", - "port": 65250, - "protocol": "vmess", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-socks-tunnel", - "port": 65251, - "protocol": "socks", - "settings": { - "auth": "password", - "accounts": [ - { - "pass": "V2RAY_UUID", - "user": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-trojan-tunnel", - "port": 65249, - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "V2RAY_UUID", - "email": "openmptcprouter", - "level": 0 - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-shadowsocks-tunnel", - "port": 65252, - "protocol": "shadowsocks", - "settings": { - "password": "XRAY_PSK", - "method": "2022-blake3-aes-256-gcm", - "network": "tcp,udp", - "clients": [ - { - "password": "XRAY_UPSK", - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp" - } - }, - { - "listen": "127.0.0.1", - "port": 10086, - "protocol": "dokodemo-door", - "settings": { - "address": "127.0.0.1" - }, - "tag": "api" - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": { - "userLevel": 0 - }, - "tag": "direct" - } - ], - "routing": { - "rules": [ - { - "type": "field", - "inboundTag": [ - "omrin-tunnel", - "omrin-vless-reality", - "omrin-vmess-tunnel", - "omrin-socks-tunnel", - "omrin-trojan-tunnel" - ], - "outboundTag": "OMRLan", - "domain": [ - "full:omr.lan" - ] - }, - { - "inboundTag": [ - "api" - ], - "outboundTag": "api", - "type": "field" - } - ] - }, - "reverse": { - "portals": [ - { - "tag": "OMRLan", - "domain": "omr.lan" - } - ] - }, - "stats": {}, - "api": { - "tag": "api", - "listen": "127.0.0.1:65080", - "services": [ - "HandlerService", - "LoggerService", - "StatsService" - ] - }, - "policy": { - "levels": { - "0": { - "uplinkOnly": 0, - "downlinkOnly": 0, - "bufferSize": 512, - "connIdle": 2400, - "statsUserUplink": true, - "statsUserDownlink": true - } - }, - "system": { - "statsInboundUplink": true, - "statsInboundDownlink": true - } - } -} diff --git a/xray-vless-reality.json b/xray-vless-reality.json deleted file mode 100644 index ca1a9c6..0000000 --- a/xray-vless-reality.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "inbounds": [ - { - "port": 443, - "tag": "omrin-vless-reality", - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "XRAY_UUID", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none" - }, - "streamSettings": { - "network": "tcp", - "security": "reality", - "realitySettings": { - "dest": "1.1.1.1:443", - "serverNames": [ - "" - ], - "privateKey": "XRAY_X25519_PRIVATE_KEY", - "publicKey": "XRAY_X25519_PUBLIC_KEY", - "shortIds": [ - "" - ] - }, - "sockopt": { - "tcpMptcp": true, - "mark": 0 - } - } - } - ], - "routing": { - "rules": [ - { - "type": "field", - "inboundTag": [ - "omrin-vless-reality" - ] - } - ] - } -} \ No newline at end of file diff --git a/xray.service b/xray.service deleted file mode 100644 index a1df9e4..0000000 --- a/xray.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=XRay Service -Documentation=https://xtls.github.io/ -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -User=root -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=true -ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json -Restart=always -RestartPreventExitStatus=23 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target