diff --git a/debian-x86_64.sh b/debian-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian.sh b/debian.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index db2a6a9..0000000 --- a/debian/changelog +++ /dev/null @@ -1,23 +0,0 @@ -omr-server (0.1030) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Wed, 10 Apr 2024 19:35:34 +0200 - -omr-server (0.1028) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Fri, 14 Oct 2022 09:02:22 +0200 - -omr-server (0.1026) unstable; urgency=medium - - * Many changes - - -- OpenMPTCProuter Mon, 14 Jun 2021 07:43:42 +0200 - -omr-server (0.1025-test) unstable; urgency=medium - - * Wireguard support and fixed - - -- OpenMPTCProuter Thu, 04 Mar 2021 14:36:12 +0200 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 9a03714..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -10 \ No newline at end of file diff --git a/debian/control b/debian/control deleted file mode 100644 index 72af96a..0000000 --- a/debian/control +++ /dev/null @@ -1,37 +0,0 @@ -Source: omr-server -Section: net -Priority: optional -Maintainer: OpenMPTCProuter -Build-Depends: debhelper (>= 10) -X-Python-Version: >= 3.2 -Standards-Version: 0.0.1 -Homepage: https://github.com/ysurac/openmptcprouter-vps - -Package: omr-server -Architecture: all -Multi-Arch: foreign -Depends: - curl, - rename, - libcurl4, - unzip, - tracebox, - omr-iperf3, - omr-shadowsocks-libev (= 3.3.5-2), - omr-vps-admin (= 0.3+20210508), - omr-simple-obfs, - omr-mlvpn (= 3.0.0+20201216.git.2263bab), - omr-glorytun (= 0.3.4-4), - omr-glorytun-tcp (= 0.0.35-3), - omr-dsvpn (= 0.1.4-2), - shorewall, - shorewall6, - iptables, - v2ray-plugin (= 4.35.1), - v2ray (=4.35.1), - linux-image-5.4.100-mptcp (= 1.18+9d3f35b), - ${misc:Depends} -Provides: omr-server -Conflicts: omr-server -Replaces: omr-server -Description: OpenMPTCProuter Server script \ No newline at end of file diff --git a/debian/postinst b/debian/postinst deleted file mode 100644 index 57ee50d..0000000 --- a/debian/postinst +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -e - -test $DEBIAN_SCRIPT_DEBUG && set -v -x - -# use debconf -. /usr/share/debconf/confmodule - -sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh -systemctl daemon-reload -systemctl restart omr-update - -db_stop - -#DEBHELPER# -exit 0 -# vim:set ai et sts=2 sw=2 tw=0: \ No newline at end of file diff --git a/debian/rules b/debian/rules deleted file mode 100755 index 9a69cc6..0000000 --- a/debian/rules +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/bin/make -f -#export DH_VERBOSE = 1 - -# Security Hardening -export DEB_BUILD_MAINT_OPTIONS = hardening=+all - -%: - dh $@ - -override_dh_auto_install: - mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server - find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';' - cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/ - cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/ - mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin - touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin - diff --git a/debian11-x86_64.sh b/debian11-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian11-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian12-x86_64.sh b/debian12-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/debian12-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh old mode 100755 new mode 100644 index 631e431..7ba12f8 --- a/debian9-x86_64.sh +++ b/debian9-x86_64.sh @@ -1,31 +1,20 @@ #!/bin/sh # -# Copyright (C) 2018-2024 Ycarus (Yannick Chabanois) for OpenMPTCProuter +# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. # -KERNEL=${KERNEL:-6.6} -UPSTREAM=${UPSTREAM:-no} -[ "$UPSTREAM" = "yes" ] && KERNEL="6.1" -UPSTREAM6=${UPSTREAM6:-no} -[ "$UPSTREAM6" = "yes" ] && KERNEL="6.1" SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")} NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-yes} -V2RAY_PLUGIN=${V2RAY_PLUGIN:-no} +V2RAY_PLUGIN=${V2RAY_PLUGIN:-yes} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} -XRAY=${XRAY:-yes} -XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID} -SHADOWSOCKS=${SHADOWSOCKS:-yes} -SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes} -PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)} -UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)} UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} @@ -37,74 +26,31 @@ MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} UBOND=${UBOND:-no} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} -OPENVPN_BONDING=${OPENVPN_BONDING:-yes} DSVPN=${DSVPN:-yes} -WIREGUARD=${WIREGUARD:-yes} -FAIL2BAN=${FAIL2BAN:-yes} -SOURCES=${SOURCES:-no} -if [ "$KERNEL" != "5.4" ]; then - SOURCES="yes" -fi +SOURCES=${SOURCES:-yes} NOINTERNET=${NOINTERNET:-no} -GRETUNNELS=${GRETUNNELS:-yes} -LANROUTES=${LANROUTES:-yes} -REINSTALL=${REINSTALL:-yes} -SPEEDTEST=${SPEEDTEST:-yes} -IPERF=${IPERF:-yes} +SPEEDTEST=${SPEEDTEST:-no} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -INTERFACE6=${INTERFACE6:-$(ip -o -6 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} -[ -z "$INTERFACE6" ] && INTERFACE6="$INTERFACE" -KERNEL_VERSION="5.4.207" -KERNEL_PACKAGE_VERSION="1.22" +KERNEL_VERSION="5.4.74" +KERNEL_PACKAGE_VERSION="1.14+9d3f35b" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -#if [ "$KERNEL" = "5.15" ]; then -# KERNEL_VERSION="5.15.57" -# KERNEL_PACKAGE_VERSION="1.6" -# KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" -#fi -if [ "$KERNEL" = "6.1" ]; then - KERNEL_VERSION="6.1.0" - KERNEL_PACKAGE_VERSION="1.30" - KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" -fi -GLORYTUN_UDP=${GLORYTUN_UDP:-yes} -GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" -GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" -GLORYTUN_TCP=${GLORYTUN_TCP:-yes} -# Old Glorytun TCP version if sources is not enabled... -GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" +GLORYTUN_UDP_VERSION="97607fdf5c6c33df512ed85190a1fd93b5f45e77" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" -MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" -MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" -UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" +MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7" +UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" -OBFS_BINARY_VERSION="0.0.5-1" -OMR_ADMIN_VERSION="7e98b32ebf549f87e9d20072acc80a87a562cb7d" -OMR_ADMIN_BINARY_VERSION="0.14+20250220" -#OMR_ADMIN_BINARY_VERSION="0.3+20220827" +OMR_ADMIN_VERSION="774aceb357e989676ed9a06d411db41bdfa3bf03" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" -DSVPN_BINARY_VERSION="0.1.4-2" -V2RAY_VERSION="5.7.0" -V2RAY_PLUGIN_VERSION="4.43.0" -XRAY_VERSION="24.11.5" +#V2RAY_VERSION="v1.1.0" +V2RAY_PLUGIN_VERSION="v1.4.3" EASYRSA_VERSION="3.0.6" -#SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" -#if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b" -#fi -IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" -SHADOWSOCKS_BINARY_VERSION="3.3.5-3" -SHADOWSOCKS_GO_VERSION="1.13.0" -DEFAULT_USER="openmptcprouter" +SHADOWSOCKS_VERSION="38871da8baf5cfa400983dcdf918397e48655203" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} -VPSPATH="server-test" -VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} +VPSPATH="server" VPSURL="https://www.openmptcprouter.com/" -REPO="repo.openmptcprouter.com" -CHINA=${CHINA:-no} -OMR_VERSION="0.1032-test" +OMR_VERSION="0.1022" DIR=$( pwd ) #" @@ -117,12 +63,6 @@ export DEBIAN_FRONTEND=noninteractive echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi -# Check Kernel -if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ] && [ "$KERNEL" != "6.10" ] && [ "$KERNEL" != "6.11" ] && [ "$KERNEL" != "6.12" ]; then - echo "Only kernels 5.4, 6.1, 6.6, 6.10 and 6.11 are currently supported" - exit 1 -fi - # Check Linux version echo "Check Linux version..." if test -f /etc/os-release ; then @@ -130,35 +70,24 @@ if test -f /etc/os-release ; then else . /usr/lib/os-release fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then - echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" +if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ]; then + echo "This script only work with Debian Stretch (9.x) or Debian Buster (10.x)" exit 1 -elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then - echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04" - echo "Use debian when possible" +elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ]; then + echo "This script only work with Ubuntu 18.04, 19.04 or 20.04" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then - echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" - echo "Use Debian when possible" + echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Debian Stretch (9.x) or Debian Buster (10.x)" exit 1 fi echo "Check architecture..." ARCH=$(dpkg --print-architecture | tr -d "\n") -if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then - echo "Only x86_64 (amd64) is supported on this OS" +if [ "$ARCH" != "amd64" ]; then + echo "Only x86_64 (amd64) is supported" exit 1 fi -if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then - echo "Check virtualized environment" - VIRT="$(systemd-detect-virt 2>/dev/null || true)" - if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then - echo "Container are not supported: kernel can't be modified." - exit 1 - fi -fi - # Check if DPKG is locked and for broken packages #dpkg -i /dev/zero 2>/dev/null #if [ "$?" -eq 2 ]; then @@ -166,11 +95,10 @@ fi # exit 1 #fi echo "Check about broken packages..." -if ! eval apt-get check >/dev/null 2>&1 ; then - if ! eval apt-get -f install -y 2>&1 ; then - echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." - exit 1 - fi +apt-get check >/dev/null 2>&1 +if [ "$?" -ne 0 ]; then + echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." + exit 1 fi # Fix old string... @@ -194,612 +122,229 @@ if [ "$UPDATE" = "yes" ]; then fi echo "Update mode" fi -# Force update key -#[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { -# echo "Update OpenMPTCProuter repo key" -# #wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - -# wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg -#} - -CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" -if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then - exit 1 -fi - -# Force update key -[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { - echo "Update ${REPO} key" - apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' >/dev/null 2>&1 - if [ "$CHINA" = "yes" ]; then - #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - - wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg - else - #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg - fi -} echo "Remove lock and update packages list..." -rm -f /etc/apt/sources.list.d/xanmod* -rm -f /etc/apt/trusted.gpg.d/xanmod* - rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock -rm -f /etc/apt/sources.list.d/buster-backports.list -rm -f /etc/apt/sources.list.d/stretch-backports.list -[ ! -f /etc/apt/sources.list ] && touch /etc/apt/sources.list -sed -i '/buster-backports/d' /etc/apt/sources.list -sed -i '/stretch-backports/d' /etc/apt/sources.list -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then - apt-get update -else - apt-get update --allow-releaseinfo-change -fi +apt-get update rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock echo "Install apt-transport-https, gnupg and openssh-server..." -apt-get -y install apt-transport-https gnupg openssh-server libcrypt1 zstd +apt-get -y install apt-transport-https gnupg openssh-server #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 9 Stretch to Debian 10 Buster" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade + apt-get -y -f --force-yes upgrade + apt-get -y -f --force-yes dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade + apt-get update + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Debian 10 Buster to Debian 11 Bullseye" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - sed -i 's:buster:bullseye:g' /etc/apt/sources.list - sed -i 's:archive:deb:g' /etc/apt/sources.list - sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - VERSION_ID="11" -fi -if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Debian 11 Bullseye to Debian 12 Bookworm" - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -f --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - sed -i 's:archive:deb:g' /etc/apt/sources.list - sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" --allow-downgrades dist-upgrade - VERSION_ID="12" -fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Ubuntu 18.04 to Ubuntu 20.04" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade + apt-get -y -f --force-yes upgrade + apt-get -y -f --force-yes dist-upgrade sed -i 's:bionic:focal:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change + apt-get update apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi -if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then - echo "Update Ubuntu 20.04 to Ubuntu 22.04" - apt-get -y -f --force-yes --allow-downgrades upgrade - apt-get -y -f --force-yes --allow-downgrades dist-upgrade - sed -i 's:focal:jammy:g' /etc/apt/sources.list - apt-get update --allow-releaseinfo-change - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade - VERSION_ID="22.04" -fi - # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." -if [ "$CHINA" = "yes" ]; then - echo "Install git..." - apt-get -y install git - if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then - #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian - git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian - fi - cd /var/lib/openmptcprouter-vps-debian - git pull -# if [ "$VPSPATH" = "server-test" ]; then -# git checkout develop -# else -# git checkout main -# fi - echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list - cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - - if [ ! -d /usr/share/omr-server-git ]; then - #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git - git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git - fi - cd /usr/share/omr-server-git - git pull - if [ "$VPSPATH" = "server-test" ]; then - git checkout develop - else - git checkout master - fi - LOCALFILES="yes" - TLS="no" - DIR="/usr/share/omr-server-git" -else - echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list - cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref - Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones - Package: * - Pin: origin ${REPO} - Pin-Priority: 1001 - EOF - if [ -n "$(echo $OMR_VERSION | grep test)" ]; then - echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list -# cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref -# Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones -# Package: * -# Pin: origin ${REPO} -# Pin-Priority: 1002 -# EOF - else - rm -f /etc/apt/sources.list.d/openmptcprouter-test.list - fi - if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then - cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref - Explanation: Prefer libuv1 Debian native package - Package: libuv1 - Pin: version * - Pin-Priority: 1003 - EOF - fi - #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg -fi +echo 'deb [arch=amd64] https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list +cat <> /etc/apt/sources.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi - # Add buster-backports repo - echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list - if [ "$VERSION_ID" = "12" ]; then - echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list - fi elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list - [ "$VERSION_ID" = "22.04" ] && { - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 - echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list - } fi -# Install mptcp kernel and shadowsocks -echo "Install mptcp kernel and shadowsocks..." -apt-get update --allow-releaseinfo-change +apt-get update sleep 2 -apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset - -if [ -z "$(dpkg-query -l | grep grub)" ]; then - if [ -d /boot/grub2 ]; then - apt-get -y install grub2 - elif [ -d /boot/grub ]; then - apt-get -y install grub-legacy - fi - [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { - echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub - } +wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb +wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb +# Rename bzImage to vmlinuz, needed when custom kernel was used +cd /boot +apt-get -y install rename curl libcurl4 unzip git +rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 +#apt-get -y install linux-mptcp +#dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp +#dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp +if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then + echo "Install kernel linux-image-${KERNEL_RELEASE}" + echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" + dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb + dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb fi - -if [ -z "$(dpkg-query -l | grep grub)" ]; then - if [ -d /boot/grub2 ]; then - apt-get -y install grub2 - elif [ -d /boot/grub ]; then - apt-get -y install grub-legacy - fi - [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { - echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub - } -fi -if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then - if [ "$SOURCES" = "yes" ]; then - wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb - # Rename bzImage to vmlinuz, needed when custom kernel was used - cd /boot - apt-get -y install git - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - #apt-get -y install linux-mptcp - #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp - #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE} source release" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb - fi - else - cd /boot - rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 - if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then - echo "Install kernel linux-image-${KERNEL_RELEASE}" - echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" - apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} - fi - fi - - - # Check if mptcp kernel is grub default kernel - echo "Set MPTCP kernel as grub default..." - if [ "$LOCALFILES" = "no" ]; then - wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh - cd /tmp - else - cd ${DIR} - fi - [ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg - rm -f /etc/grub.d/30_os-prober - bash update-grub.sh ${KERNEL_VERSION}-mptcp - bash update-grub.sh ${KERNEL_RELEASE} - [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg >/dev/null 2>&1 -elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - KERNEL_VERSION="6.6.36" - KERNEL_REV="0~20240628.g36640c1" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.10" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v1" ]; then - echo "psABI x86-64-v1 not supported by Xanmod kernel 6.10, use an older kernel" - exit 0 - fi - KERNEL_VERSION="6.10.2" - KERNEL_REV="0~20240728.gae7b555" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.11" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v1" ]; then - echo "psABI x86-64-v1 not supported by Xanmod kernel 6.11, use an older kernel" - exit 0 - fi - KERNEL_VERSION="6.11.0" - KERNEL_REV="0~20240916.g9c60408" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.12" ] && [ "$ARCH" = "amd64" ]; then - # awk command from xanmod website - PSABI=$(awk 'BEGIN { while (!/flags/) if (getline < "/proc/cpuinfo" != 1) exit 1; if (/lm/&&/cmov/&&/cx8/&&/fpu/&&/fxsr/&&/mmx/&&/syscall/&&/sse2/) level = 1; if (level == 1 && /cx16/&&/lahf/&&/popcnt/&&/sse4_1/&&/sse4_2/&&/ssse3/) level = 2; if (level == 2 && /avx/&&/avx2/&&/bmi1/&&/bmi2/&&/f16c/&&/fma/&&/abm/&&/movbe/&&/xsave/) level = 3; if (level == 3 && /avx512f/&&/avx512bw/&&/avx512cd/&&/avx512dq/&&/avx512vl/) level = 4; if (level > 0) { print "x64v" level; exit level + 1 }; exit 1;}' | tr -d "\n") - if [ "$PSABI" = "x64v4" ]; then - PSABI="x64v3" - fi - KERNEL_VERSION="6.12.15" - KERNEL_REV="0~20250219.g6e42b4c" - wget -O /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - wget -O /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - echo "Install kernel linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1 source release" - dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - dpkg --force-all -i -B /tmp/linux-image-${KERNEL_VERSION}-${PSABI}-xanmod1_${KERNEL_VERSION}-${PSABI}-xanmod1-${KERNEL_REV}_amd64.deb - -# wget -qO - https://dl.xanmod.org/archive.key | gpg --batch --yes --dearmor -vo /usr/share/keyrings/xanmod-archive-keyring.gpg -# echo 'deb [signed-by=/usr/share/keyrings/xanmod-archive-keyring.gpg] http://deb.xanmod.org releases main' | tee /etc/apt/sources.list.d/xanmod-release.list -# apt-get update -# apt-get -y install linux-xanmod-lts-x64v3 - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then - echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list - apt-get update - latestkernel=$(apt-cache search linux-image-6.6 | grep -v headers | grep -v dbg | grep -v rt | tail -n 1 | cut -d" " -f1) - latestkernelheaders=$(echo $latestkernel | sed 's/image/headers/g') - apt-get -y install $latestkernel $latestkernelheaders - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -else - if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then - apt-get -y install $(apt-cache search linux-image-unsigned-6.1 | tail -n 1 | cut -d" " -f1) - fi - [ -f /etc/default/grub ] && { - sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 - [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 - } -fi - -if [ "$ARCH" = "amd64" ]; then - echo "Install tracebox OpenMPTCProuter edition" - apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox -fi -if [ "$IPERF" = "yes" ]; then - #echo "Install iperf3 OpenMPTCProuter edition" - #apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 - #chmod 644 /lib/systemd/system/iperf3.service - echo "Install iperf3" - [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 >/dev/null 2>&1 - if [ "$SOURCES" = "yes" ]; then - apt-get -y remove iperf3 libiperf0 - apt-get -y install xz-utils devscripts - cd /tmp - rm -rf iperf-3.18 - wget https://github.com/esnet/iperf/releases/download/3.18/iperf-3.18.tar.gz - tar xzf iperf-3.18.tar.gz - cd iperf-3.18 - wget --waitretry=1 --read-timeout=20 --timeout=15 -t 5 --continue --no-dns-cache http://deb.debian.org/debian/pool/main/i/iperf3/iperf3_3.18-1.debian.tar.xz - tar xJf iperf3_3.18-1.debian.tar.xz - sleep 1 - echo "Install iperf3 dependencies..." - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - echo "Build iperf3 package...." - dpkg-buildpackage -b -us -uc >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - cd /tmp - echo "Install iperf3 package..." - dpkg -i iperf3_3.18-1_amd64.deb libiperf0_3.18-1_amd64.deb >/dev/null 2>&1 - rm -rf iperf-3.18 - rm -f iperf* libiperf* - else - apt-get -y install iperf3 libiperf0 - fi - if [ ! -f "/etc/iperf3/private.pem" ]; then - mkdir -p /etc/iperf3 - openssl genrsa -out /etc/iperf3/private.pem 2048 - openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem - IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }') - echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv - fi - chown -Rf iperf3 /etc/iperf3 || true - systemctl enable iperf3.service || true - mkdir -p /etc/systemd/system/iperf3.service.d - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf - else - cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf - fi - echo "iperf3 installed" -fi - -rm -f /var/lib/dpkg/lock -rm -f /var/lib/dpkg/lock-frontend - -if [ "$KERNEL" != "5.4" ]; then - echo "Compile and install mptcpize..." - apt-get -y install --no-install-recommends build-essential +# Check if mptcp kernel is grub default kernel +echo "Set MPTCP kernel as grub default..." +if [ "$LOCALFILES" = "no" ]; then + wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh cd /tmp - apt-get -y install git - git clone https://github.com/Ysurac/mptcpize.git - cd mptcpize - make - make install +else + cd ${DIR} +fi +rm -f /etc/grub.d/30_os-prober +bash update-grub.sh ${KERNEL_VERSION}-mptcp +bash update-grub.sh ${KERNEL_RELEASE} +sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null + +echo "Install tracebox OpenMPTCProuter edition" +apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox +echo "Install iperf3 OpenMPTCProuter edition" +apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 + +apt-get -y remove shadowsocks-libev + +if [ "$SOURCES" = "yes" ]; then + #apt -t stretch-backports -y install shadowsocks-libev + ## Compile Shadowsocks + #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz cd /tmp - rm -rf /tmp/mptcpize - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then - apt-get -y install iproute2 - else - echo "Compile and install iproute2..." - apt-get -y install --no-install-recommends bison libbison-dev flex - #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz - #tar xzf iproute2-5.16.0.tar.gz - #cd iproute2-5.16.0 - git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git - cd iproute2 - git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 - make - make install - cd /tmp - fi - rm -rf iproute2 - - if [ "$ID" = "debian" ]; then - echo "MPTCPize iperf3..." - mptcpize enable iperf3 >/dev/null 2>&1 || true - fi - - #if [ "$UPSTREAM6" = "yes" ]; then - # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg - # apt-get -y install systemtap - # mkdir -p /usr/share/systemtap-mptcp - # wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap + rm -rf shadowsocks-libev + git clone https://github.com/Ysurac/shadowsocks-libev.git + cd shadowsocks-libev + git checkout ${SHADOWSOCKS_VERSION} + git submodule update --init --recursive + #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz + #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} + #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch + #patch -p1 < 020-NOCRYPTO.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch + #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch + #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch + # Shadowsocks eBPF support + #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch + #patch -p1 < 030-eBPF.patch + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev + #cd /tmp + #rm -rf libbpf + #git clone https://github.com/libbpf/libbpf.git + #cd libbpf + #if [ "$ID" = "debian" ]; then + # rm -f /var/lib/dpkg/lock + # apt -y -t stretch-backports install linux-libc-dev + #elif [ "$ID" = "ubuntu" ]; then + # rm -f /var/lib/dpkg/lock + # apt-get -y install linux-libc-dev #fi -fi - -echo "Remove Shadowsocks-libev..." -apt-get -y remove shadowsocks-libev >/dev/null 2>&1 || true -if [ "$SHADOWSOCKS" = "yes" ]; then - echo "Install Shadowsocks-libev..." - if [ "$SOURCES" = "yes" ]; then - #apt -t stretch-backports -y install shadowsocks-libev - ## Compile Shadowsocks - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - cd /tmp - rm -rf shadowsocks-libev - git clone https://github.com/Ysurac/shadowsocks-libev.git - cd shadowsocks-libev - git checkout ${SHADOWSOCKS_VERSION} - git submodule update --init --recursive - #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz - #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch - #patch -p1 < 020-NOCRYPTO.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch - #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch - #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch - # Shadowsocks eBPF support - #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch - #patch -p1 < 030-eBPF.patch - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev - #cd /tmp - #rm -rf libbpf - #git clone https://github.com/libbpf/libbpf.git - #cd libbpf - #if [ "$ID" = "debian" ]; then - # rm -f /var/lib/dpkg/lock - # apt -y -t stretch-backports install linux-libc-dev - #elif [ "$ID" = "ubuntu" ]; then - # rm -f /var/lib/dpkg/lock - # apt-get -y install linux-libc-dev - #fi - #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" - #cp /tmp/libbpf/src/libbpf.so /usr/lib - #cp /tmp/libbpf/src/*.h /usr/include/bpf - #cd /tmp - #rm -rf /tmp/libbpf + #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" + #cp /tmp/libbpf/src/libbpf.so /usr/lib + #cp /tmp/libbpf/src/*.h /usr/include/bpf + #cd /tmp + #rm -rf /tmp/libbpf + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev + sleep 1 + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + systemctl enable haveged + + if [ "$ID" = "debian" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev - apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc - sleep 1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - systemctl enable haveged - if [ "$ID" = "debian" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - if [ "$VERSION_ID" = "9" ]; then - apt -y -t stretch-backports install libsodium-dev - else - apt -y install libsodium-dev - fi - elif [ "$ID" = "ubuntu" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install libsodium-dev + if [ "$VERSION_ID" = "9" ]; then + apt -y -t stretch-backports install libsodium-dev + else + apt -y install libsodium-dev fi - #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + elif [ "$ID" = "ubuntu" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend - mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg-buildpackage -b -us -uc >/dev/null 2>&1 - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - cd /tmp - #dpkg -i shadowsocks-libev_*.deb - dpkg -i omr-shadowsocks-libev_*.deb >/dev/null 2>&1 - #mkdir -p /usr/lib/shadowsocks-libev - #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev - #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} - rm -rf /tmp/shadowsocks-libev - else - apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} + apt-get -y install libsodium-dev fi + #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + dpkg-buildpackage -b -us -uc + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + cd /tmp + #dpkg -i shadowsocks-libev_*.deb + dpkg -i omr-shadowsocks-libev_*.deb + #mkdir -p /usr/lib/shadowsocks-libev + #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev + #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} + rm -rf /tmp/shadowsocks-libev +else + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev fi -echo "Add modules on server start..." +# Load OLIA Congestion module at boot time +if ! grep -q olia /etc/modules ; then + echo mptcp_olia >> /etc/modules +fi +# Load WVEGAS Congestion module at boot time +if ! grep -q wvegas /etc/modules ; then + echo mptcp_wvegas >> /etc/modules +fi +# Load BALIA Congestion module at boot time +if ! grep -q balia /etc/modules ; then + echo mptcp_balia >> /etc/modules +fi # Load BBR Congestion module at boot time if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi - -if [ "$KERNEL" = "5.4" ]; then - # Load OLIA Congestion module at boot time - if ! grep -q olia /etc/modules ; then - echo mptcp_olia >> /etc/modules - fi - # Load WVEGAS Congestion module at boot time - if ! grep -q wvegas /etc/modules ; then - echo mptcp_wvegas >> /etc/modules - fi - # Load BALIA Congestion module at boot time - if ! grep -q balia /etc/modules ; then - echo mptcp_balia >> /etc/modules - fi - # Load BBRv2 Congestion module at boot time - if ! grep -q bbr2 /etc/modules ; then - echo tcp_bbr2 >> /etc/modules - fi - # Load mctcpdesync Congestion module at boot time - if ! grep -q mctcp_desync /etc/modules ; then - echo mctcp_desync >> /etc/modules - fi - # Load ndiffports module at boot time - if ! grep -q mptcp_ndiffports /etc/modules ; then - echo mptcp_ndiffports >> /etc/modules - fi - # Load redundant module at boot time - if ! grep -q mptcp_redundant /etc/modules ; then - echo mptcp_redundant >> /etc/modules - fi - # Load rr module at boot time - if ! grep -q mptcp_rr /etc/modules ; then - echo mptcp_rr >> /etc/modules - fi - # Load mctcp ECF scheduler at boot time - if ! grep -q mptcp_ecf /etc/modules ; then - echo mptcp_ecf >> /etc/modules - fi - # Load mctcp BLEST scheduler at boot time - if ! grep -q mptcp_blest /etc/modules ; then - echo mptcp_blest >> /etc/modules - fi +# Load mctcpdesync Congestion module at boot time +if ! grep -q mctcp_desync /etc/modules ; then + echo mctcp_desync >> /etc/modules +fi +# Load ndiffports module at boot time +if ! grep -q mptcp_ndiffports /etc/modules ; then + echo mptcp_ndiffports >> /etc/modules +fi +# Load redundant module at boot time +if ! grep -q mptcp_redundant /etc/modules ; then + echo mptcp_redundant >> /etc/modules +fi +# Load rr module at boot time +if ! grep -q mptcp_rr /etc/modules ; then + echo mptcp_rr >> /etc/modules +fi +# Load mctcp ECF scheduler at boot time +if ! grep -q mptcp_ecf /etc/modules ; then + echo mptcp_ecf >> /etc/modules +fi +# Load mctcp BLEST scheduler at boot time +if ! grep -q mptcp_blest /etc/modules ; then + echo mptcp_blest >> /etc/modules fi -echo "Stop OpenMPTCProuter VPS admin" -if systemctl -q is-active omr-admin.service 2>/dev/null; then - systemctl -q stop omr-admin > /dev/null 2>&1 || true -fi -if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then - systemctl -q stop omr-admin-ipv6 > /dev/null 2>&1 || true - systemctl -q disable omr-admin-ipv6 > /dev/null 2>&1 || true +if systemctl -q is-active omr-admin.service; then + systemctl -q stop omr-admin > /dev/null 2>&1 fi if [ "$OMR_ADMIN" = "yes" ]; then @@ -837,56 +382,24 @@ if [ "$OMR_ADMIN" = "yes" ]; then apt-get -y remove python3-jwt pip3 -q install pyjwt else - if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then - if [ "$VERSION_ID" = "12" ]; then - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 - pip3 -q install uvloop --break-system-packages - else - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 - pip3 -q install uvloop - fi - else - apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop - fi + apt-get -y install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi - apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen + apt-get -y install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil echo '-- pip3 install needed python modules' - echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U - if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then - #pip3 -q install netjsonconfig --break-system-packages - pip3 -q install fastapi -U --break-system-packages - pip3 -q install jsonschema -U --break-system-packages - pip3 -q install python-multipart jinja2 -U --break-system-packages - pip3 -q install starlette --break-system-packages - pip3 -q install starlette --break-system-packages - else - #pip3 -q install netjsonconfig - if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then - pip3 -q install fastapi==0.99.1 -U - else - pip3 -q install fastapi -U - fi - pip3 -q install fastapi -U - pip3 -q install jsonschema -U - pip3 -q install python-multipart jinja2 -U - pip3 -q install starlette - pip3 -q install starlette - fi + pip3 -q install fastapi netjsonconfig python-multipart -U mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf - #[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn - [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn + [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in - #wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ - if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then + if [ -f /usr/local/bin/omr-admin.py ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 @@ -901,142 +414,84 @@ if [ "$OMR_ADMIN" = "yes" ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin fi - rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} - chmod u+x /usr/local/bin/omr-admin.py - else - if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then - OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") - [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 - OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 - fi - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} - if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then - cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ - fi - #OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") - #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") - fi - if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then - cd /etc/openmptcprouter-vps-admin openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" + sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json + [ "$NOINTERNET" = "yes" ] && { + sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json + } + chmod u+x /usr/local/bin/omr-admin.py + systemctl enable omr-admin.service + rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} + else + apt-get -y install omr-vps-admin + OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") + OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi - sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json - [ "$NOINTERNET" = "yes" ] && { - jq '. + {internet: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - #sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - [ "$GRETUNNELS" = "no" ] && { - jq '. + {gre_tunnels: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - #sed -i 's/"port": 65500,/"port": 65500,\n "gre_tunnels": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - [ "$LANROUTES" = "no" ] && { - jq '. + {lan_routes: false}' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp - mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json - } - chmod 644 /lib/systemd/system/omr-admin.service - #chmod 644 /lib/systemd/system/omr-admin-ipv6.service - #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py - #[ "$(ip -6 a)" != "" ] && { - # systemctl enable omr-admin-ipv6.service - #} - systemctl enable omr-admin.service - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable omr-admin.service >/dev/null 2>&1 - #[ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service >/dev/null 2>&1 - fi - if systemctl -q is-active omr-admin-ipv6.service 2>/dev/null; then - systemctl -q stop omr-admin-ipv6 >/dev/null 2>&1 - systemctl -q disable omr-admin-ipv6 >/dev/null 2>&1 - fi + fi # Get shadowsocks optimization if [ "$LOCALFILES" = "no" ]; then - if [ "$KERNEL" != "5.4" ]; then - wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf - else - wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf - fi + wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf else - if [ "$KERNEL" != "5.4" ]; then - cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf - else - cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf - fi + cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf fi -if [ "$SHADOWSOCKS" = "yes" ]; then - if [ "$update" != 0 ]; then - if [ ! -f /etc/shadowsocks-libev/manager.json ]; then - SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') - elif [ -f /etc/shadowsocks-libev/manager.json ]; then - SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') - fi +if [ "$update" != 0 ]; then + if [ ! -f /etc/shadowsocks-libev/manager.json ]; then + SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') + else + SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') fi - # Install shadowsocks config and add a shadowsocks by CPU - if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json - else - cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json - fi - SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') - if [ "$NBCPU" -gt "1" ]; then - for i in $(seq 2 NBCPU); do - sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json - done - fi - #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json - sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json - [ "$(ip -6 a 2>/dev/null)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json - elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then - for i in $(seq 2 $NBCPU); do +fi +# Install shadowsocks config and add a shadowsocks by CPU +if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json + else + cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json + fi + SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') + if [ "$NBCPU" -gt "1" ]; then + for i in $(seq 2 NBCPU); do sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json done - sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json - fi - [ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl - #sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json - #sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in - else - cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service - fi - if systemctl -q is-enabled shadowsocks-libev 2>/dev/null; then - systemctl -q disable shadowsocks-libev - fi - [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service - systemctl enable shadowsocks-libev-manager@manager.service - if [ $NBCPU -gt 1 ]; then - for i in $(seq 1 $NBCPU); do - [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service - done - fi - if systemctl -q is-active shadowsocks-libev-manager@manager 2>/dev/null; then - systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi + #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json + sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json + [ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json +elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then + for i in $(seq 2 $NBCPU); do + sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json + done + sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json +fi +[ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl +#sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json +#sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service +if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in +else + cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service +fi +if systemctl -q is-enabled shadowsocks-libev; then + systemctl -q disable shadowsocks-libev +fi +[ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service +systemctl enable shadowsocks-libev-manager@manager.service +if [ $NBCPU -gt 1 ]; then + for i in $(seq 1 $NBCPU); do + [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service + done fi if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf fi -if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in - wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update - chmod 755 /usr/bin/omr-update -else - cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service - cp ${DIR}/omr-update /usr/bin/omr-update - chmod 755 /usr/bin/omr-update +if systemctl -q is-active shadowsocks-libev-manager@manager; then + systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi -chmod 644 /lib/systemd/system/omr-update.service # Install simple-obfs if [ "$OBFS" = "yes" ]; then @@ -1063,9 +518,7 @@ if [ "$OBFS" = "yes" ]; then cd /tmp rm -rf /tmp/simple-obfs else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs fi #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json fi @@ -1073,250 +526,52 @@ fi # Install v2ray-plugin if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" - if [ "$SOURCES" = "yes" ]; then - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - cd /tmp - tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz - cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin - cd /tmp - rm -rf /tmp/v2ray-plugin_linux_amd64 - rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + #wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + wget -O /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v1.4.3/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + cd /tmp + tar xzvf v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz + cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin + cd /tmp + rm -rf /tmp/v2ray-plugin_linux_amd64 + rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz - #rm -rf /tmp/v2ray-plugin - #cd /tmp - #rm -f /var/lib/dpkg/lock - #apt-get install -y --no-install-recommends git ca-certificates golang-go - #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin - #cd /tmp/v2ray-plugin - #git checkout ${V2RAY_PLUGIN_VERSION} - #git submodule update --init --recursive - #CGO_ENABLED=0 go build -o v2ray-plugin - #cp v2ray-plugin /usr/local/bin/v2ray-plugin - #cd /tmp - #rm -rf /tmp/simple-obfs - else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} - fi + #rm -rf /tmp/v2ray-plugin + #cd /tmp + #rm -f /var/lib/dpkg/lock + #apt-get install -y --no-install-recommends git ca-certificates golang-go + #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin + #cd /tmp/v2ray-plugin + #git checkout ${V2RAY_PLUGIN_VERSION} + #git submodule update --init --recursive + #CGO_ENABLED=0 go build -o v2ray-plugin + #cp v2ray-plugin /usr/local/bin/v2ray-plugin + #cd /tmp + #rm -rf /tmp/simple-obfs fi -if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then +if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ]; then sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi -if systemctl -q is-active shadowsocks-go.service 2>/dev/null; then - systemctl -q stop shadowsocks-go > /dev/null 2>&1 - systemctl -q disable shadowsocks-go > /dev/null 2>&1 -fi - -if [ "$SHADOWSOCKS_GO" = "yes" ]; then - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb - fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION} - fi - if [ -f /etc/shadowsocks-go/server.json ]; then - PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n") - [ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2" - UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n") - [ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2" - fi - wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json - sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json - sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json - jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - - chmod 644 /lib/systemd/system/shadowsocks-go.service - systemctl daemon-reload - systemctl enable shadowsocks-go.service -fi - - -if systemctl -q is-active v2ray.service 2>/dev/null; then +if systemctl -q is-active v2ray.service; then systemctl -q stop v2ray > /dev/null 2>&1 systemctl -q disable v2ray > /dev/null 2>&1 fi if [ "$V2RAY" = "yes" ]; then - #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb - rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb - fi -# else -# [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" -# [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" -# [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" -# [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" -# [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" -# [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" -# [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" -# [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" -# wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} -# cd /tmp -# rm -rf v2ray -# mkdir -p v2ray -# cd v2ray -# unzip /tmp/v2ray-${V2RAY_VERSION}.zip -# cp v2ray /usr/bin/ -# cp geoip.dat /usr/bin/ -# cp geosite.dat /usr/bin/ -# wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service -# fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} - fi - if [ -f /etc/v2ray/v2ray-server.json ]; then - V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n") - [ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2" - fi - #if [ ! -f /etc/v2ray/v2ray-server.json ]; then + apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray + if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json - #fi - if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then - sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json + rm /etc/v2ray/config.json + ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json fi - rm -f /etc/v2ray/config.json - ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json - #if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then - # mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service - #fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service - else - cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service - fi - chmod 644 /lib/systemd/system/v2ray.service - systemctl daemon-reload systemctl enable v2ray.service - #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then - # mptcpize enable v2ray - #fi fi -if systemctl -q is-active xray.service 2>/dev/null; then - systemctl -q stop xray > /dev/null 2>&1 - systemctl -q disable xray > /dev/null 2>&1 -fi - -if [ "$XRAY" = "yes" ]; then - #apt-get -y -o Dpkg::Options::="--force-overwrite" install xray - if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then - if [ "$ARCH" = "amd64" ]; then - wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb - rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb - elif [ "$ARCH" = "arm64" ]; then - wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb - rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb - fi - else - apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION} - fi - if [ -f /etc/xray/xray-server.json ]; then - XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2" - PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n") - [ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2" - UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n") - [ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2" - XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2" - XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") - [ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2" - #jq -M 'del(.transport)' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - #mv -f /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - - fi - jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak - mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json - if [ ! -f /etc/xray/xray-server.json ] || [ -z "$(grep -i mptcp /etc/xray/xray-server.json | grep true)" ] || [ -z "$(grep -i transport /etc/xray/xray-server.json)" ]; then - wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json - sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json - sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json - sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json - sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json - wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json - if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then - XRAY_X25519_KEYS=$(/usr/bin/xray x25519) - XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n") - XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n") - fi - sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json - sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json - sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json - for xrayuser in $(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r '.users[0][].username'); do - if [ "$xrayuser" != "admin" ] && [ "$xrayuser" != "openmptcprouter" ]; then - xrayid="$(/usr/bin/xray uuid)" - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-vmess-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-socks-tunnel") | .settings.accounts) += [{"user": $xrayuser,"pass": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - jq --arg xrayuser "$xrayuser" --arg xrayid "$xrayid" '(.inbounds[] | select(.tag=="omrin-trojan-tunnel") | .settings.clients) += [{"level": 0, "alterId": 0, "email": $xrayuser,"id": $xrayid}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - [ -e /etc/shadowsocks-go/upsks.json ] && shadowsockspass="$(jq --arg xrayuser $xrayuser -r '.[$xrayuser]' /etc/shadowsocks-go/upsks.json)" - [ -z "$shadowsockspass" ] && shadowsockspass=$(head -c 32 /dev/urandom | base64 -w0) - jq --arg xrayuser "$xrayuser" --arg shadowsockspass "$shadowsockspass" '(.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients) += [{"email": $xrayuser,"password": $shadowsockspass}]' /etc/xray/xray-server.json > /etc/xray/xray-server.json.tmp - mv /etc/xray/xray-server.json.tmp /etc/xray/xray-server.json - fi - done - fi - #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then - # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json - #fi - rm -f /etc/xray/config.json - ln -s /etc/xray/xray-server.json /etc/xray/config.json - #if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then - # mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service - #fi - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service - else - cp ${DIR}/xray.service /lib/systemd/system/xray.service - fi - chmod 644 /lib/systemd/system/xray.service - systemctl daemon-reload - systemctl enable xray.service -fi - -if systemctl -q is-active mlvpn@mlvpn0.service 2>/dev/null; then +if systemctl -q is-active mlvpn@mlvpn0.service; then systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1 fi @@ -1328,7 +583,6 @@ if [ "$MLVPN" = "yes" ]; then if [ -f /etc/mlvpn/mlvpn0.conf ]; then mlvpnupdate="1" fi - mkdir -p /etc/mlvpn if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend @@ -1336,8 +590,7 @@ if [ "$MLVPN" = "yes" ]; then rm -rf /tmp/mlvpn cd /tmp #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn - #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn - git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn + git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn cd /tmp/mlvpn git checkout ${MLVPN_VERSION} @@ -1347,26 +600,23 @@ if [ "$MLVPN" = "yes" ]; then make install cd /tmp rm -rf /tmp/mlvpn - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network - wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in - else - cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network - cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service - fi - if [ "$mlvpnupdate" = "0" ]; then - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf - else - cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf - fi - fi else - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} + apt-get -y -o Dpkg::Options::="--force-overwrite" install mlvpn fi + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network + wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in + else + cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network + cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service + fi + mkdir -p /etc/mlvpn if [ "$mlvpnupdate" = "0" ]; then + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf + else + cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf + fi sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf fi chmod 0600 /etc/mlvpn/mlvpn0.conf @@ -1378,7 +628,11 @@ if [ "$MLVPN" = "yes" ]; then systemctl enable systemd-networkd.service echo "install mlvpn done" fi -if systemctl -q is-active ubond@ubond0.service 2>/dev/null; then +if systemctl -q is-active openvpn-server@tun0.service; then + systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 + systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 +fi +if systemctl -q is-active ubond@ubond0.service; then systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1 fi @@ -1433,76 +687,7 @@ if [ "$UBOND" = "yes" ]; then systemctl enable systemd-networkd.service echo "install ubond done" fi - -if systemctl -q is-active wg-quick@wg0.service 2>/dev/null; then - systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 - systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 -fi - -if [ "$WIREGUARD" = "yes" ]; then - echo "Install WireGuard" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install wireguard-tools --no-install-recommends - if [ ! -f /etc/wireguard/wg0.conf ]; then - cd /etc/wireguard - umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key - cat > /etc/wireguard/wg0.conf <<-EOF - [Interface] - PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") - ListenPort = 65311 - Address = 10.255.247.1/24 - SaveConfig = true - EOF - fi - systemctl enable wg-quick@wg0 - if [ ! -f /etc/wireguard/client-wg0.conf ]; then - cd /etc/wireguard - umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key - cat > /etc/wireguard/client-wg0.conf <<-EOF - [Interface] - PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") - ListenPort = 65312 - Address = 10.255.246.1/24 - SaveConfig = true - - [Peer] - PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n") - AllowedIPs = 10.255.246.2/32 - EOF - fi - if [ ! -f /root/wireguard-client.conf ]; then - cat > /root/wireguard-client.conf <<-EOF - [Interface] - Address = 10.255.246.2/24 - PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n") - - [Peer] - PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n") - Endpoint = ${VPS_PUBLIC_IP}:65312 - AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24 - EOF - fi - systemctl enable wg-quick@client-wg0 - echo "Install wireguard done" -fi - -if systemctl -q is-active fail2ban.service 2>/dev/null; then - systemctl -q stop fail2ban > /dev/null 2>&1 - systemctl -q disable fail2ban > /dev/null 2>&1 -fi -if [ "$FAIL2BAN" = "yes" ]; then - echo "Install Fail2ban" - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - apt-get -y install fail2ban python3-systemd - systemctl enable fail2ban - wget -O /etc/fail2ban/jail.d/openmptcprouter.conf ${VPSURL}${VPSPATH}/fail2ban-jail-openmptcprouter.conf - wget -O /etc/fail2ban/filter.d/openvpn.conf ${VPSURL}${VPSPATH}/fail2ban-filter-openvpn.conf - echo "Install Fail2ban done" -fi - -if systemctl -q is-active openvpn-server@tun0.service 2>/dev/null; then +if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 fi @@ -1562,11 +747,11 @@ if [ "$OPENVPN" = "yes" ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca - ./easyrsa --batch init-pki >/dev/null 2>&1 + ./easyrsa init-pki ./easyrsa --batch build-ca nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass - EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass - EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl + EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass + EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "openmptcprouter" nopass + EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl fi if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt @@ -1576,145 +761,73 @@ if [ "$OPENVPN" = "yes" ]; then openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048 fi if [ "$LOCALFILES" = "no" ]; then - if [ "$KERNEL" != "5.4" ]; then - wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf - wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf - else - wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf - wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf - wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf - wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf - wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf - wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf - wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf - wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf - wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf - fi + wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf + wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf else - if [ "$KERNEL" != "5.4" ]; then - cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf - cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf - else - cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf - cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf - cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf - cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf - cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf - cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf - cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf - cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf - cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf - fi - fi - if [ "$(ip -6 a 2>/dev/null)" = "" ]; then - sed -i 's/proto tcp6-server//' /etc/openvpn/tun0.conf - sed -i 's/proto udp6//' /etc/openvpn/tun1.conf - if [ "$OPENVPN_BONDING" = "yes" ]; then - sed -i 's/proto udp6//' /etc/openvpn/bonding1.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding2.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding3.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding4.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding5.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding6.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding7.conf - sed -i 's/proto udp6//' /etc/openvpn/bonding8.conf - fi + cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf + cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf fi mkdir -p /etc/openvpn/ccd - if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then - echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt - fi - if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then - echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt - fi - chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable openvpn@tun0 >/dev/null 2>&1 - fi - if [ "$OPENVPN_BONDING" = "yes" ]; then - systemctl enable openvpn@bonding1.service - systemctl enable openvpn@bonding2.service - systemctl enable openvpn@bonding3.service - systemctl enable openvpn@bonding4.service - systemctl enable openvpn@bonding5.service - systemctl enable openvpn@bonding6.service - systemctl enable openvpn@bonding7.service - systemctl enable openvpn@bonding8.service - fi fi echo 'Glorytun UDP' # Install Glorytun UDP -if systemctl -q is-active glorytun-udp@tun0.service 2>/dev/null; then +if systemctl -q is-active glorytun-udp@tun0.service; then systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1 fi -if [ "$GLORYTUN_UDP" = "yes" ]; then - if [ "$SOURCES" = "yes" ]; then - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun - apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config - rm -rf /tmp/glorytun-udp - cd /tmp - git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp - cd /tmp/glorytun-udp - git checkout ${GLORYTUN_UDP_VERSION} - git submodule update --init --recursive - meson build - ninja -C build install - sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network - rm /lib/systemd/system/glorytun* - rm /lib/systemd/network/glorytun* - if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run - else - cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run - fi - chmod 755 /usr/local/bin/glorytun-udp-run - if [ "$LOCALFILES" = "no" ]; then - wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in - else - cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service - fi - chmod 644 /lib/systemd/system/glorytun-udp@.service - #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network - rm -f /lib/systemd/network/glorytun-udp.network - mkdir -p /etc/glorytun-udp - if [ "$LOCALFILES" = "no" ]; then - wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh - wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp - else - cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh - cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 - fi - chmod 755 /etc/glorytun-udp/post.sh - if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key - elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then - cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key - fi - systemctl enable glorytun-udp@tun0.service - systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-udp +if [ "$SOURCES" = "yes" ]; then + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config + rm -rf /tmp/glorytun-udp + cd /tmp + git clone https://github.com/angt/glorytun.git /tmp/glorytun-udp + cd /tmp/glorytun-udp + git checkout ${GLORYTUN_UDP_VERSION} + git submodule update --init --recursive + meson build + ninja -C build install + sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network + rm /lib/systemd/system/glorytun* + rm /lib/systemd/network/glorytun* + if [ "$LOCALFILES" = "no" ]; then + wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run else - rm -f /usr/local/bin/glorytun - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} - chmod 644 /lib/systemd/system/glorytun-udp@.service - GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" + cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run fi - [ "$(ip -6 a 2>/dev/null)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 + chmod 755 /usr/local/bin/glorytun-udp-run + if [ "$LOCALFILES" = "no" ]; then + wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in + else + cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service + fi + #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network + rm -f /lib/systemd/network/glorytun-udp.network + mkdir -p /etc/glorytun-udp + if [ "$LOCALFILES" = "no" ]; then + wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh + wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp + else + cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh + cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 + fi + chmod 755 /etc/glorytun-udp/post.sh + if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key + elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then + cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key + fi + systemctl enable glorytun-udp@tun0.service + systemctl enable systemd-networkd.service + cd /tmp + rm -rf /tmp/glorytun-udp +else + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun + GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi - # Add chrony for time sync apt-get install -y chrony systemctl enable chrony @@ -1722,7 +835,7 @@ systemctl enable chrony if [ "$DSVPN" = "yes" ]; then echo 'A Dead Simple VPN' # Install A Dead Simple VPN - if systemctl -q is-active dsvpn-server.service 2>/dev/null; then + if systemctl -q is-active dsvpn-server.service; then systemctl -q disable dsvpn-server > /dev/null 2>&1 systemctl -q stop dsvpn-server > /dev/null 2>&1 fi @@ -1732,16 +845,17 @@ if [ "$DSVPN" = "yes" ]; then apt-get install -y --no-install-recommends build-essential git ca-certificates rm -rf /tmp/dsvpn cd /tmp - git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn + git clone https://github.com/jedisct1/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} + wget https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/dsvpn/patches/nofirewall.patch + patch -p1 < nofirewall.patch make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install rm -f /lib/systemd/system/dsvpn/* wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run chmod 755 /usr/local/bin/dsvpn-run wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in - chmod 644 /lib/systemd/system/dsvpn-server@.service mkdir -p /etc/dsvpn wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config if [ -f /etc/dsvpn/dsvpn.key ]; then @@ -1754,75 +868,59 @@ if [ "$DSVPN" = "yes" ]; then cd /tmp rm -rf /tmp/dsvpn else - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} - chmod 644 /lib/systemd/system/dsvpn-server@.service + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi - if [ "$KERNEL" != "5.4" ]; then - mptcpize enable dsvpn-server@dsvpn0 >/dev/null 2>&1 - fi fi # Install Glorytun TCP -if systemctl -q is-active glorytun-tcp@tun0.service 2>/dev/null; then +if systemctl -q is-active glorytun-tcp@tun0.service; then systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1 fi -if [ "$GLORYTUN_TCP" = "yes" ]; then - if [ "$SOURCES" = "yes" ]; then - if [ "$ID" = "debian" ]; then - if [ "$VERSION_ID" = "9" ]; then - apt -t stretch-backports -y install libsodium-dev - else - apt -y install libsodium-dev - fi - elif [ "$ID" = "ubuntu" ]; then - apt-get -y install libsodium-dev - fi - rm -f /var/lib/dpkg/lock - rm -f /var/lib/dpkg/lock-frontend - rm -f /usr/bin/glorytun-tcp - apt-get -y install build-essential pkg-config autoconf automake - rm -rf /tmp/glorytun-0.0.35 - cd /tmp - if [ "$KERNEL" != "5.4" ]; then - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz +if [ "$SOURCES" = "yes" ]; then + if [ "$ID" = "debian" ]; then + if [ "$VERSION_ID" = "9" ]; then + apt -t stretch-backports -y install libsodium-dev else - wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + apt -y install libsodium-dev fi - tar xzf glorytun-0.0.35.tar.gz - if [ "$KERNEL" != "5.4" ]; then - mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 - fi - cd glorytun-0.0.35 - ./autogen.sh - ./configure - make - cp glorytun /usr/local/bin/glorytun-tcp - wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run - chmod 755 /usr/local/bin/glorytun-tcp-run - wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in - #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network - chmod 644 /lib/systemd/system/glorytun-tcp@.service - rm -f /lib/systemd/network/glorytun-tcp.network - mkdir -p /etc/glorytun-tcp - wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh - chmod 755 /etc/glorytun-tcp/post.sh - wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun - if [ "$update" = "0" ]; then - echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key - fi - systemctl enable glorytun-tcp@tun0.service - #systemctl enable systemd-networkd.service - cd /tmp - rm -rf /tmp/glorytun-0.0.35 - else - rm -f /usr/local/bin/glorytun-tcp - apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} + elif [ "$ID" = "ubuntu" ]; then + apt-get -y install libsodium-dev fi - [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 + rm -f /var/lib/dpkg/lock + rm -f /var/lib/dpkg/lock-frontend + apt-get -y install build-essential pkg-config autoconf automake + rm -rf /tmp/glorytun-0.0.35 + cd /tmp + wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz + tar xzf glorytun-0.0.35.tar.gz + cd glorytun-0.0.35 + ./autogen.sh + ./configure + make + cp glorytun /usr/local/bin/glorytun-tcp + wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run + chmod 755 /usr/local/bin/glorytun-tcp-run + wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in + #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network + rm -f /lib/systemd/network/glorytun-tcp.network + mkdir -p /etc/glorytun-tcp + wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh + chmod 755 /etc/glorytun-tcp/post.sh + wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun + if [ "$update" = "0" ]; then + echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key + fi + systemctl enable glorytun-tcp@tun0.service + #systemctl enable systemd-networkd.service + cd /tmp + rm -rf /tmp/glorytun-0.0.35 +else + apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-glorytun-tcp fi + # Load tun module at boot time if ! grep -q tun /etc/modules ; then echo tun >> /etc/modules @@ -1836,49 +934,26 @@ else fi chmod 755 /usr/local/bin/multipath -# Add omr-test-speed utility -if [ "$LOCALFILES" = "no" ]; then - wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed -else - cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed -fi -chmod 755 /usr/local/bin/omr-test-speed - # Add OpenMPTCProuter service if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in - wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass - wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in - wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in else cp ${DIR}/omr-service /usr/local/bin/omr-service cp ${DIR}/omr.service.in /lib/systemd/system/omr.service cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service - cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass - cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service - cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer - fi -chmod 644 /lib/systemd/system/omr.service -chmod 644 /lib/systemd/system/omr6in4@.service chmod 755 /usr/local/bin/omr-service -chmod 755 /usr/local/bin/omr-bypass chmod 755 /usr/local/bin/omr-6in4-run -chmod 644 /lib/systemd/system/omr-bypass.service -chmod 644 /lib/systemd/system/omr-bypass.timer -systemctl daemon-reload -if systemctl -q is-active omr-6in4.service 2>/dev/null; then +if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi systemctl enable omr6in4@user0.service systemctl enable omr.service -systemctl enable omr-bypass.timer -systemctl enable omr-bypass.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config @@ -1900,10 +975,8 @@ if [ "$update" = "0" ]; then fi tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall rm /etc/shorewall/openmptcprouter-shorewall.tar.gz - if [ -n "$INTERFACE" ]; then - sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* - systemctl enable shorewall - fi + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* + systemctl enable shorewall if [ "$LOCALFILES" = "no" ]; then wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz else @@ -1911,49 +984,48 @@ if [ "$update" = "0" ]; then fi tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz - if [ -n "$INTERFACE6" ]; then - sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* - systemctl enable shorewall6 - fi + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* + systemctl enable shorewall6 else # Update only needed firewall files if [ "$LOCALFILES" = "no" ]; then - mkdir -p ${DIR} - wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz - wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz - mkdir -p ${DIR}/shorewall4 - tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4 - mkdir -p ${DIR}/shorewall6 - tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6 + wget -O /etc/shorewall/interfaces ${VPSURL}${VPSPATH}/shorewall4/interfaces + wget -O /etc/shorewall/snat ${VPSURL}${VPSPATH}/shorewall4/snat + wget -O /etc/shorewall/stoppedrules ${VPSURL}${VPSPATH}/shorewall4/stoppedrules + wget -O /etc/shorewall/tcinterfaces ${VPSURL}${VPSPATH}/shorewall4/tcinterfaces + wget -O /etc/shorewall/shorewall.conf ${VPSURL}${VPSPATH}/shorewall4/shorewall.conf + wget -O /etc/shorewall/policy ${VPSURL}${VPSPATH}/shorewall4/policy + wget -O /etc/shorewall/params ${VPSURL}${VPSPATH}/shorewall4/params + wget -O /etc/shorewall/params.vpn ${VPSURL}${VPSPATH}/shorewall4/params.vpn + wget -O /etc/shorewall/params.net ${VPSURL}${VPSPATH}/shorewall4/params.net + wget -O /etc/shorewall6/params ${VPSURL}${VPSPATH}/shorewall6/params + wget -O /etc/shorewall6/params.net ${VPSURL}${VPSPATH}/shorewall6/params.net + wget -O /etc/shorewall6/params.vpn ${VPSURL}${VPSPATH}/shorewall6/params.vpn + wget -O /etc/shorewall6/interfaces ${VPSURL}${VPSPATH}/shorewall6/interfaces + wget -O /etc/shorewall6/stoppedrules ${VPSURL}${VPSPATH}/shorewall6/stoppedrules + wget -O /etc/shorewall6/snat ${VPSURL}${VPSPATH}/shorewall6/snat + else + cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces + cp ${DIR}/shorewall4/snat /etc/shorewall/snat + cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules + cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces + cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf + cp ${DIR}/shorewall4/policy /etc/shorewall/policy + cp ${DIR}/shorewall4/params /etc/shorewall/params + cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn + cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net + cp ${DIR}/shorewall6/params /etc/shorewall6/params + cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net + cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn + cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces + cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules + cp ${DIR}/shorewall6/snat /etc/shorewall6/snat fi - cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces - cp ${DIR}/shorewall4/snat /etc/shorewall/snat - cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules - cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces - cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf - cp ${DIR}/shorewall4/policy /etc/shorewall/policy - cp ${DIR}/shorewall4/params /etc/shorewall/params - cp ${DIR}/shorewall4/zones /etc/shorewall/zones - #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn - #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net - cp ${DIR}/shorewall6/params /etc/shorewall6/params - #cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net - #cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn - cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces - cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules - cp ${DIR}/shorewall6/snat /etc/shorewall6/snat sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules - sed -i "s:eth0:$INTERFACE6:g" /etc/shorewall6/* - if [ "$LOCALFILES" = "no" ]; then - rm -rf ${DIR}/shorewall4 - rm -rf ${DIR}/shorewall6 - rm -f ${DIR}/openmptcprouter-shorewall.tar.gz - rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz - fi + sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* fi -[ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then apt-get -y install iptables update-alternatives --set iptables /usr/sbin/iptables-legacy @@ -1965,31 +1037,19 @@ if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] & sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf fi -if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then - sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat -fi - -# Limit /var/log/journal size -sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf if [ "$TLS" = "yes" ]; then VPS_CERT=0 - apt-get -y install socat cron - if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then + apt-get -y install dnsutils socat + if [ "$VPS_DOMAIN" != "" ] && [ "$(dig +noidnout +noall +answer $VPS_DOMAIN)" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e #[ "$(shorewall status | grep stopped)" = "" ] && shorewall open all all tcp 443 curl https://get.acme.sh | sh systemctl -q restart shorewall - ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 >/dev/null 2>&1' --post-hook 'shorewall close all all tcp 443 >/dev/null 2>&1' >/dev/null 2>&1 + ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null set -e - if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then - rm -f /etc/openmptcprouter-vps-admin/cert.pem - ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem - rm -f /etc/openmptcprouter-vps-admin/key.pem - ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem - fi # mkdir -p /etc/ssl/v2ray # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer @@ -2002,9 +1062,9 @@ if [ "$TLS" = "yes" ]; then fi if [ "$SPEEDTEST" = "yes" ]; then - mkdir -p /usr/share/omr-server/speedtest - if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then + if [ ! -f /usr/share/omr-server/speedtest/test.img ]; then echo "Generate speedtest image..." + mkdir -p /usr/share/omr-server/speedtest dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 echo "Done" fi @@ -2029,16 +1089,11 @@ else echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd fi -if [ "$SOURCES" != "yes" ]; then - apt-get -y install omr-server=${OMR_VERSION} >/dev/null 2>&1 || true - rm -f /etc/openmtpcprouter-vps-admin/update-bin -fi - if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' echo "OpenMPTCProuter Server $OMR_VERSION is now installed !" - echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m' + echo '\033[4m\0331mSSH port: 65222 (instead of port 22)\033[0m' if [ "$OMR_ADMIN" = "yes" ]; then echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' @@ -2053,14 +1108,12 @@ if [ "$update" = "0" ]; then echo 'Shadowsocks encryption: chacha20' echo 'Your shadowsocks key: ' echo $SHADOWSOCKS_PASS - echo 'Your shadowsocks 2022 key: ' - echo "${PSK}:${UPSK}" echo 'Glorytun port: 65001' echo 'Glorytun encryption: chacha20' echo 'Your glorytun key: ' echo $GLORYTUN_PASS if [ "$DSVPN" = "yes" ]; then - echo 'A Dead Simple VPN port: 65401' + echo 'A Dead Simple VPN port: 65011' echo 'A Dead Simple VPN key: ' echo $DSVPN_PASS fi @@ -2091,49 +1144,35 @@ if [ "$update" = "0" ]; then echo '====================================================================================' echo '\033[1m /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m' echo '------------------------------------------------------------------------------------' - echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.' + echo ' After reboot, check with uname -a that the kernel name contain mptcp.' echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub' - echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.' echo '====================================================================================' # Save info in file cat > /root/openmptcprouter_config.txt <<-EOF SSH port: 65222 (instead of port 22) + Shadowsocks port: 65101 + Shadowsocks encryption: chacha20 + Your shadowsocks key: ${SHADOWSOCKS_PASS} + Glorytun port: 65001 + Glorytun encryption: chacha20 + Your glorytun key: ${GLORYTUN_PASS} EOF - if [ "$SHADOWSOCKS" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - Shadowsocks port: 65101 - Shadowsocks encryption: chacha20 - Your shadowsocks key: ${SHADOWSOCKS_PASS} - EOF - fi - if [ "$SHADOWSOCKS_GO" = "yes" ]; then - cat >> /root/openmptcprouter_config.txt <<-EOF - Your shadowsocks 2022 key: ${PSK}:${UPSK} - EOF - fi - if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then - cat >> /root/openmptcprouter_config.txt <<-EOF - Glorytun port: 65001 - Glorytun encryption: chacha20 - Your glorytun key: ${GLORYTUN_PASS} - EOF - fi if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - A Dead Simple VPN port: 65401 + A Dead Simple VPN port: 65011 A Dead Simple VPN key: ${DSVPN_PASS} EOF fi if [ "$MLVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - MLVPN first port: 65201 + MLVPN first port: 65201' Your MLVPN password: $MLVPN_PASS EOF fi if [ "$UBOND" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF - UBOND first port: 65251 + UBOND first port: 65251' Your UBOND password: $UBOND_PASS EOF fi @@ -2144,7 +1183,6 @@ if [ "$update" = "0" ]; then Your OpenMPTCProuter Server username: openmptcprouter EOF fi - #systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" @@ -2172,27 +1210,18 @@ else systemctl -q restart v2ray echo 'done' fi - if [ "$XRAY" = "yes" ]; then - echo 'Restarting xray...' - systemctl -q restart xray - echo 'done' - fi if [ "$DSVPN" = "yes" ]; then echo 'Restarting dsvpn...' systemctl -q start dsvpn-server@dsvpn0 || true systemctl -q restart 'dsvpn-server@*' || true echo 'done' fi - if [ "$GLORYTUN_TCP" = "yes" ]; then - echo 'Restarting glorytun tcp...' - systemctl -q start glorytun-tcp@tun0 || true - systemctl -q restart 'glorytun-tcp@*' || true - fi - if [ "$GLORYTUN_UDP" = "yes" ]; then - systemctl -q start glorytun-udp@tun0 || true - systemctl -q restart 'glorytun-udp@*' || true - echo 'done' - fi + echo 'Restarting glorytun...' + systemctl -q start glorytun-tcp@tun0 || true + systemctl -q restart 'glorytun-tcp@*' || true + systemctl -q start glorytun-udp@tun0 || true + systemctl -q restart 'glorytun-udp@*' || true + echo 'done' echo 'Restarting omr6in4...' systemctl -q start omr6in4@user0 || true systemctl -q restart omr6in4@* || true @@ -2203,11 +1232,6 @@ else systemctl -q restart openvpn@tun1 echo 'done' fi - if [ "$WIREGUARD" = "yes" ]; then - echo 'Restarting WireGuard' - systemctl -q restart wg-quick@wg0 - echo 'done' - fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Restarting OpenMPTCProuter VPS admin' systemctl -q restart omr-admin @@ -2225,40 +1249,28 @@ else echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' - else - echo '!!! Keys are in /root/openmptcprouter_config.txt !!!' fi fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi + echo 'Restarting shorewall...' + systemctl -q restart shorewall + systemctl -q restart shorewall6 + echo 'done' echo 'Apply latest sysctl...' - sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true + sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 echo 'done' echo 'Restarting omr...' systemctl -q restart omr echo 'done' - if [ "$SHADOWSOCKS" = "yes" ]; then - echo 'Restarting shadowsocks...' - systemctl -q restart shadowsocks-libev-manager@manager - fi - if [ "$SHADOWSOCKS_GO" = "yes" ]; then - echo 'Restarting shadowsocks-go...' - systemctl -q restart shadowsocks-go - fi + echo 'Restarting shadowsocks...' + systemctl -q restart shadowsocks-libev-manager@manager # if [ $NBCPU -gt 1 ]; then # for i in $NBCPU; do # systemctl restart shadowsocks-libev-server@config$i # done # fi echo 'done' - echo 'Restarting shorewall...' - [ -n "$INTERFACE" ] && systemctl -q restart shorewall >/dev/null 2>&1 || true - [ -n "$INTERFACE6" ] && systemctl -q restart shorewall6 >/dev/null 2>&1 || true - echo 'done' - echo '====================================================================================' - echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' - echo '====================================================================================' fi -exit 0 \ No newline at end of file diff --git a/dsvpn-run b/dsvpn-run index f4a2a5d..e4000c2 100644 --- a/dsvpn-run +++ b/dsvpn-run @@ -12,7 +12,7 @@ fi exec dsvpn \ ${MODE} \ "$1".key \ - ${HOST:-auto} \ + auto \ ${PORT} \ ${DEV} \ ${LOCALTUNIP} \ diff --git a/dsvpn0-config b/dsvpn0-config index 647f160..933e98b 100644 --- a/dsvpn0-config +++ b/dsvpn0-config @@ -1,5 +1,4 @@ PORT=65401 -HOST=0.0.0.0 DEV=dsvpn0 MODE=server LOCALTUNIP=10.255.251.1 diff --git a/fail2ban-filter-openvpn.conf b/fail2ban-filter-openvpn.conf deleted file mode 100644 index 1a53b2f..0000000 --- a/fail2ban-filter-openvpn.conf +++ /dev/null @@ -1,10 +0,0 @@ -[INCLUDES] -before = common.conf - -[Definition] -_daemon = ovpn-server -failregex =%(__prefix_line)s:[0-9]{4,5} TLS Auth Error:.* - %(__prefix_line)s:[0-9]{4,5} VERIFY ERROR:.* - %(__prefix_line)s:[0-9]{4,5} TLS Error: TLS handshake failed.* - %(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]:[0-9]{4,5} -maxlines = 1 diff --git a/fail2ban-jail-openmptcprouter.conf b/fail2ban-jail-openmptcprouter.conf deleted file mode 100644 index 45cf34d..0000000 --- a/fail2ban-jail-openmptcprouter.conf +++ /dev/null @@ -1,21 +0,0 @@ -[DEFAULT] -backend = systemd -banaction = shorewall - -[sshd] -enabled = true - -[openvpn_tcp] -enabled = true -port = 65301 -protocol = tcp -filter = openvpn -maxretry = 5 - -[openvpn_udp] -enabled = true -port = 65301 -protocol = udp -filter = openvpn -maxretry = 5 - diff --git a/glorytun-tcp-run b/glorytun-tcp-run index 0572861..9ccbee6 100644 --- a/glorytun-tcp-run +++ b/glorytun-tcp-run @@ -9,7 +9,7 @@ fi . "$(readlink -f "$1")" -DEV="gt-$(basename "$1")" +DEV="gt${HOST:+c}-$(basename "$1")" exec glorytun-tcp \ ${SERVER:+listener} \ diff --git a/glorytun-udp-post.sh b/glorytun-udp-post.sh index 51a20f0..2c1dc40 100644 --- a/glorytun-udp-post.sh +++ b/glorytun-udp-post.sh @@ -13,5 +13,4 @@ done ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null } tc qdisc replace dev $INTF root cake -ip link set $INTF txqlen 100 -glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null \ No newline at end of file +ip link set $INTF txqlen 100 \ No newline at end of file diff --git a/glorytun-udp-run b/glorytun-udp-run index fb66c92..d393056 100644 --- a/glorytun-udp-run +++ b/glorytun-udp-run @@ -9,10 +9,11 @@ fi . "$(readlink -f "$1")" -DEV="gt-udp-$(basename "$1")" +DEV="gt${HOST:+c}-udp-$(basename "$1")" exec glorytun \ - bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \ + bind $BIND $BIND_PORT \ keyfile "$1".key \ ${DEV:+dev "$DEV"} \ + ${HOST:+to "$HOST" "$PORT"} \ ${OPTIONS:+$OPTIONS} diff --git a/iperf3.override.conf b/iperf3.override.conf deleted file mode 100644 index 94edfcc..0000000 --- a/iperf3.override.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem \ No newline at end of file diff --git a/iperf3.service.in b/iperf3.service.in index 03f7ff2..72d8094 100644 --- a/iperf3.service.in +++ b/iperf3.service.in @@ -3,7 +3,7 @@ Description=iperf3 Requires=network.target [Service] -ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem +ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem Restart=on-failure [Install] diff --git a/multipath b/multipath old mode 100755 new mode 100644 index bc90876..cee0743 --- a/multipath +++ b/multipath @@ -6,8 +6,9 @@ # Released under GPL 3 or later if [ -d "/proc/sys/net/mptcp" ]; then - if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then + if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then echo "MPTCP is disabled!" + echo "Please set net.mptcp.mptcp_enabled = 1" exit 1 fi else @@ -25,7 +26,7 @@ case $1 in echo " multipath device {on | off | backup | handover}" echo echo "show established conections: -c" - echo "show fullmesh info: -f" + echo "show mullmesh info: -f" echo "show kernel config: -k" echo echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" @@ -42,28 +43,12 @@ case $1 in cat /proc/net/mptcp_fullmesh exit 0;; "-k") - if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then - echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` - elif [ -f /proc/sys/net/mptcp/enabled ]; then - echo Enabled: `cat /proc/sys/net/mptcp/enabled` - fi - if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then - echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` - fi - if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then - echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` - else - echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled` - fi - if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then - echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` - fi - if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then - echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` - fi - if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then - echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` - fi + echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` + echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` + echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` + echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` + echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` + echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` echo echo See http://multipath-tcp.org/ for details exit 0 ;; @@ -80,98 +65,38 @@ TYPE="$2" #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` [ -d "/sys/class/net/$DEVICE/" ] || { - #echo "Device '$DEVICE' can't found!" - #echo "Use the hardware name like in ifconfig" + echo "Device '$DEVICE' can't found!" + echo "Use the hardware name like in ifconfig" exit 1 } -if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then - FLAG_PATH="/sys/class/net/$DEVICE/flags" - IFF=`cat $FLAG_PATH` +FLAG_PATH="/sys/class/net/$DEVICE/flags" +IFF=`cat $FLAG_PATH` - IFF_OFF="0x80000" - IFF_ON="0x00" - IFF_BACKUP="0x100000" - IFF_HANDOVER="0x200000" - IFF_MASK="0x380000" +IFF_OFF="0x80000" +IFF_ON="0x00" +IFF_BACKUP="0x100000" +IFF_HANDOVER="0x200000" +IFF_MASK="0x380000" - case $TYPE in - "off") FLAG=$IFF_OFF;; - "on") FLAG=$IFF_ON;; - "backup") FLAG=$IFF_BACKUP;; - "handover") FLAG=$IFF_HANDOVER;; - "") - IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` - case "$IFF" in - $IFF_OFF) echo $DEVICE is deactivated;; - $IFF_ON) echo $DEVICE is in default mode;; - $IFF_BACKUP) echo $DEVICE is in backup mode;; - $IFF_HANDOVER) echo $DEVICE is in handover mode;; - *) echo "Unkown state!" && exit 1;; - esac - exit 0;; - *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; - esac +case $TYPE in + "off") FLAG=$IFF_OFF;; + "on") FLAG=$IFF_ON;; + "backup") FLAG=$IFF_BACKUP;; + "handover") FLAG=$IFF_HANDOVER;; + "") + IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` + case "$IFF" in + $IFF_OFF) echo $DEVICE is deactivated;; + $IFF_ON) echo $DEVICE is in default mode;; + $IFF_BACKUP) echo $DEVICE is in backup mode;; + $IFF_HANDOVER) echo $DEVICE is in handover mode;; + *) echo "Unkown state!" && exit 1;; + esac + exit 0;; + *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; +esac - printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH -else - ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}') - IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}') - #IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') - [ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local') - [ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local') - RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }') - [ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null - case $TYPE in - "off") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - exit 0;; - "on") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE subflow fullmesh - done - exit 0;; - "signal") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE signal - done - exit 0;; - "backup") - [ -n "$ID" ] && { - for i in $ID; do - ip mptcp endpoint delete id $i 2>&1 >/dev/null - done - } - for i in $IP; do - ip mptcp endpoint add $i dev $DEVICE backup fullmesh - done - exit 0;; - "") - case "$IFF" in - "") echo $DEVICE is deactivated;; - "subflow") echo $DEVICE is in default mode;; - "backup") echo $DEVICE is in backup mode;; - "signal") echo $DEVICE is in signal mode;; - "fullmesh") echo $DEVICE is in fullmesh mode;; - *) echo "$DEVICE Unkown state!" && exit 1;; - esac - exit 0;; - *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; - esac +printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH -fi diff --git a/old-v2ray.service b/old-v2ray.service deleted file mode 100644 index 9ed715a..0000000 --- a/old-v2ray.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=V2Ray - A unified platform for anti-censorship -Documentation=https://v2ray.com https://guide.v2fly.org -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple -#Type=exec -Type=simple -# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port. -# This service runs as root. You may consider to run it as another user for security concerns. -# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray. -# More discussion at https://github.com/v2ray/v2ray-core/issues/1011 -User=root -#User=v2ray -CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=yes -ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json -Restart=on-failure -# Don't restart in the case of configuration error -RestartPreventExitStatus=23 - -[Install] -WantedBy=multi-user.target diff --git a/omr-6in4-run b/omr-6in4-run index ae91dce..ea5faad 100755 --- a/omr-6in4-run +++ b/omr-6in4-run @@ -3,7 +3,7 @@ set -e if [ ! -f "$2" ]; then - echo "usage: $(basename "$0") start FILE" + echo "usage: $(basename "$0") FILE" exit 1 fi diff --git a/omr-admin-ipv6.service.in b/omr-admin-ipv6.service.in deleted file mode 100644 index 9af8b55..0000000 --- a/omr-admin-ipv6.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR-Admin IPv6 -After=network.target network-online.target - -[Service] -Type=simple -Restart=always -ExecStart=/usr/local/bin/omr-admin.py --host="::" -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP - -[Install] -WantedBy=multi-user.target diff --git a/omr-admin.service.in b/omr-admin.service.in index ba30724..d76318a 100644 --- a/omr-admin.service.in +++ b/omr-admin.service.in @@ -6,7 +6,7 @@ After=network.target network-online.target Type=simple Restart=always ExecStart=/usr/local/bin/omr-admin.py -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW [Install] WantedBy=multi-user.target diff --git a/omr-bypass b/omr-bypass deleted file mode 100755 index 5aa8e02..0000000 --- a/omr-bypass +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/sh -# Copyright (C) 2023 Ycarus (Yannick Chabanois) for OpenMPTCProuter -# Released under GPL 3. See LICENSE for the full terms. - -[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0 - -# Configuration -INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" -[ "$INTERFACE" = "null" ] && INTERFACE="vpn1" -GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" -GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')" -TABLE="991337" -MARK="0x539" - -CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')" -PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')" -[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0 -jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp -mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json -# Action -ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null -ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null -ipset -q --exist restore <<-EOF -create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64 -create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64 -EOF -ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[]) -for ip in $ipv4; do - ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip -done -ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[]) -for ip in $ipv6; do - ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip -done -iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass - --A PREROUTING -j omr-bypass -COMMIT -EOF -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass-local - --A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local -COMMIT -EOF -iptables-restore -w --wait=60 --noflush <<-EOF -*mangle --A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass -m mark --mark ${MARK} -j RETURN --A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass-local -m mark --mark ${MARK} -j RETURN -COMMIT -EOF -ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 -ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE} -ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass - --A PREROUTING -j omr-bypass -COMMIT -EOF -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle -:omr-bypass-local - --A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local -COMMIT -EOF -ip6tables-restore -w --wait=60 --noflush <<-EOF -*mangle --A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass -m mark --mark ${MARK} -j RETURN --A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK} --A omr-bypass-local -m mark --mark ${MARK} -j RETURN -COMMIT -EOF -if [ -n "$GATEWAY6" ]; then - ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1 - ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE} -fi \ No newline at end of file diff --git a/omr-bypass.service.in b/omr-bypass.service.in deleted file mode 100644 index 0d49437..0000000 --- a/omr-bypass.service.in +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OMR-ByPass -After=network.target network-online.target shorewall.service - -[Service] -Type=simple -ExecStart=/usr/local/bin/omr-bypass -KillSignal=9 -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW - -[Install] -WantedBy=multi-user.target diff --git a/omr-bypass.timer.in b/omr-bypass.timer.in deleted file mode 100644 index 85d7eb7..0000000 --- a/omr-bypass.timer.in +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Timer for omr-bypass - -[Timer] -OnUnitActiveSec=300 - -[Install] -WantedBy=timers.target diff --git a/omr-pihole.sh b/omr-pihole.sh index b8b0c27..20a023f 100644 --- a/omr-pihole.sh +++ b/omr-pihole.sh @@ -8,11 +8,6 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then echo "This script doesn't work with Debian Stretch (9.x)" exit 1 fi -if [ "$(id -u)" -ne 0 ]; then - echo "You must run the script as root" - exit 1 -fi - echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "Don't apply Pi-hole firewall rules." @@ -31,14 +26,13 @@ $SERVER["socket"] == "10.255.252.1:80" { } $SERVER["socket"] == "10.255.251.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { } EOF -systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd +systemctl -q restart lighttpd grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf cat >> /etc/pihole/setupVars.conf <<-EOF PIHOLE_INTERFACE=gt-tun0 IPV4_ADDRESS=10.255.0.0/16 -IPV6_ADDRESS=fd00::a00:/106 -RATE_LIMIT=0/0 +IPV6_ADDRESS=fe80::aff:ff01/64 EOF grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf diff --git a/omr-service b/omr-service index e927ab6..38002d3 100755 --- a/omr-service +++ b/omr-service @@ -5,228 +5,81 @@ _multipath() { # Force multipath status source /etc/shorewall/params.net for intf in `ls -1 /sys/class/net`; do - if [ "$intf" != "bonding_masters" ]; then - if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then - [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1 - [ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && { - multipath $intf signal >/dev/null 2>&1 - ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1 - } - else - [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1 - fi + if [ "$intf" = "$NET_IFACE" ]; then + [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on + else + [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off fi done } _glorytun_udp() { - #if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then - if systemctl list-unit-files glorytun-udp@.service >/dev/null; then - [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { - logger -t "OMR-Service" "Restart Glorytun-UDP" - systemctl -q restart 'glorytun-udp@*' - sleep 10 - } - for intf in /etc/glorytun-udp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} - done - #ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1 - fi + [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { + logger -t "OMR-Service" "Restart Glorytun-UDP" + systemctl -q restart 'glorytun-udp@*' + } + for intf in /etc/glorytun-udp/tun*; do + [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} + done } _glorytun_tcp() { - #if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then - if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then - for intf in /etc/glorytun-tcp/tun*; do - [ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf} - done - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then - localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.255.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then - logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" - systemctl restart glorytun-tcp@tun0 - sleep 10 - fi - fi - #ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1 - fi -} - -_dsvpn() { - #if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then - if systemctl list-unit-files dsvpn-server@.service >/dev/null; then - [ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1 - if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then - localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)" - [ -z "$localip" ] && localip="10.255.251.1" - remoteip="$(echo $localip | sed 's/\.1/\.2/')" - if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then - logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN" - systemctl restart dsvpn-server@dsvpn0 - fi - #ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1 + for intf in /etc/glorytun-tcp/tun*; do + [ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} + done + if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then + if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ]; then + logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" + systemctl restart glorytun-tcp@tun0 fi fi } -_shadowsocks() { - if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then - [ -z "$(pgrep ss-server)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev" - systemctl restart shadowsocks-libev-manager@manager - } - fi -} - -_shadowsocks_go() { - if systemctl list-unit-files shadowsocks-go.service >/dev/null; then - [ -z "$(pgrep shadowsocks-go)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go" - systemctl restart shadowsocks-go - } - fi -} - -_xray() { - if systemctl list-unit-files xray.service >/dev/null; then - [ -z "$(pgrep xray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart XRay" - systemctl restart xray - } - fi -} - -_v2ray() { - if systemctl list-unit-files v2ray.service >/dev/null; then - [ -z "$(pgrep v2ray)" ] && { - logger -t "OMR-Service" "ss-server not detected, restart V2Ray" - systemctl restart v2ray - } - fi -} - -_wireguard() { - #if [ -n "$(systemctl -a | grep 'wg')" ]; then - if systemctl list-unit-files wg-quick@.service >/dev/null; then - [ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1 - [ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1 - fi -} - - _omr_api() { - [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { - logger -t "OMR-Service" "Can't contact API, restart OMR-Admin" + [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { + logger -t "OMR-Service" "Restart OMR-Admin" systemctl -q restart omr-admin } } _lan_route() { - jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json | + cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | while IFS=$"\n" read -r c; do - if [ -n "$c" ]; then - vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') - username=$(echo "$c" | jq -r '.username') - if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then - echo "$c" | jq -c -r '.lanips[]? //empty' | - while IFS=$"\n" read -r d; do - if [ "$d" != "" ]; then - network=$(ipcalc -n $d | grep Network | awk '{print $2}') - networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1) - netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}') - [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1 - [ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username} - fi - done - fi + vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') + if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then + echo "$c" | jq -c '.lanips //empty' | + while IFS=$"\n" read -r d; do + network=$(ipcalc -n $d | grep Network | awk '{print $2}') + [ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null + done fi done } _gre_tunnels() { . "$(readlink -f "/etc/shorewall/params.vpn")" - if [ -n "$OMR_ADDR" ]; then - for intf in /etc/openmptcprouter-vps-admin/intf/*; do - if [ -f "$intf" ]; then - . "$(readlink -f "$intf")" - iface="$(basename $intf)" - if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then - [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1 - ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1 - ip link set $iface up >/dev/null 2>&1 - ip addr add $LOCALIP dev $iface >/dev/null 2>&1 - ip route add $NETWORK dev $iface >/dev/null 2>&1 - fi + for intf in /etc/openmptcprouter-vps-admin/intf/*; do + if [ -f "$intf" ]; then + . "$(readlink -f "$intf")" + iface="$(basename $intf)" + if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$REMOTEIP" ]; then + ip tunnel del $iface 2>&1 >/dev/null + ip tunnel add $iface mode gre local $INTFADDR remote $REMOTEIP + ip link set $iface up + ip addr add $LOCALIP dev $iface + ip route add $NETWORK dev $iface 2>&1 >/dev/null fi - done - fi + fi + done } -_openvpn_bonding() { - if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then - echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1 - ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding1 up >/dev/null 2>&1 - ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding2 up >/dev/null 2>&1 - ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding3 up >/dev/null 2>&1 - ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding4 up >/dev/null 2>&1 - ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding5 up >/dev/null 2>&1 - ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding6 up >/dev/null 2>&1 - ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding7 up >/dev/null 2>&1 - ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1 - ip link set ovpnbonding8 up >/dev/null 2>&1 - ip link set omr-bonding up mtu 1440 >/dev/null 2>&1 - ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1 - ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1 - ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1 - fi -} - -_vpn1() { - vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0') - [ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default') - if [ -n "$vpn1route" ]; then - ip r del $vpn1route - vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')" - ip r a default via $vpngw dev vpn1 table 991337 - for route in $(ip r show dev vpn1); do - ip r a $route table 991337 - done - fi -} - -sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1 -modprobe bonding >/dev/null 2>&1 -ip link add omr-bonding type bond >/dev/null 2>&1 -#[ -n "$(uname -r | grep '6.1')" ] && { -# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 & -#} - -gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" -lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)" while true; do _glorytun_udp _glorytun_tcp - _shadowsocks - _shadowsocks_go - _xray - _v2ray - _dsvpn - _wireguard _multipath _omr_api - [ "$lan_routes" != "false" ] && _lan_route - [ "$gre_tunnels" != "false" ] && _gre_tunnels - _openvpn_bonding - _vpn1 + _lan_route + _gre_tunnels sleep 10 done diff --git a/omr-test-speed b/omr-test-speed deleted file mode 100644 index 15666e1..0000000 --- a/omr-test-speed +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -HETZNER=false -if [ "$1" = "hetzner" ]; then - HETZNER=true - INTERFACE="$2" -else - INTERFACE="$1" -fi - -[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { - echo "You must use a real interface. You wan find them using 'ip a' for example" - exit 0 -} - -if [ "$HETZNER" = false ]; then - echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" - bestping="9999" - for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi - done -fi - -[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" - -echo "Best server is $HOST, running test:" -trap : HUP INT TERM -if [ -z "$INTERFACE" ]; then - curl -4 -o /dev/null $HOST || echo -else - domain=$(echo $HOST | awk -F/ '{print $3}') - hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then - for ip in $hostip; do - ipset add ss_rules_dst_bypass_all $ip - done - fi - curl -4 -o /dev/null --interface $INTERFACE $HOST || echo - if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then - for ip in $hostip; do - ipset del ss_rules_dst_bypass_all $ip - done - fi -fi diff --git a/omr-test-speedv6 b/omr-test-speedv6 deleted file mode 100644 index 3db10fe..0000000 --- a/omr-test-speedv6 +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : -HETZNER=false -if [ "$1" = "hetzner" ]; then - HETZNER=true - INTERFACE="$2" -else - INTERFACE="$1" -fi - -[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { - echo "You must use a real interface. You wan find them using 'ip a' for example" - exit 0 -} - - -if [ "$HETZNER" = false ]; then - echo "Select best test server..." - HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" - bestping="9999" - for pinghost in $HOSTLST; do - domain=$(echo $pinghost | awk -F/ '{print $3}') - if [ -z "$INTERFACE" ]; then - ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) - else - ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) - fi - echo "host: $domain - ping: $ping" - if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then - bestping=$ping - HOST=$pinghost - fi - done -fi - -[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin" - -echo "Best server is $HOST, running test:" -trap : HUP INT TERM -if [ -z "$INTERFACE" ]; then - curl -6 $HOST >/dev/null || echo -else - domain=$(echo $HOST | awk -F/ '{print $3}') - hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then - for ip in $hostip; do - ipset add ss_rules6_dst_bypass_all $ip - done - fi - curl -6 --interface $INTERFACE $HOST >/dev/null || echo - if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then - for ip in $hostip; do - ipset del ss_rules6_dst_bypass_all $ip - done - fi -fi diff --git a/omr-update b/omr-update deleted file mode 100755 index 6c3a094..0000000 --- a/omr-update +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -if [ -f /etc/openmptcprouter-vps-admin/update ]; then - wget -O - http://www.openmptcprouter.com/server/debian.sh | sh - rm -f /etc/openmptcprouter-vps-admin/update - reboot -fi -if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then - LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh - rm -f /etc/openmptcprouter-vps-admin/update-bin - #reboot -fi diff --git a/omr-update.service.in b/omr-update.service.in deleted file mode 100644 index 99120f8..0000000 --- a/omr-update.service.in +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=OMR Update -After=network.target network-online.target - -[Service] -Type=simple -Restart=no -ExecStart=/usr/bin/omr-update -#ExecStart=/usr/share/omr-server/debian9-x86_64.sh -AmbientCapabilities= -StandardOutput=file:/var/log/omr-update.log -StandardError=file:/var/log/omr-update.log - -[Install] -WantedBy=multi-user.target diff --git a/omr.service.in b/omr.service.in index 0e9352b..4e17716 100644 --- a/omr.service.in +++ b/omr.service.in @@ -1,6 +1,6 @@ [Unit] Description=OMR -After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service +After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service [Service] Type=simple diff --git a/openmptcprouter-shorewall.tar.gz b/openmptcprouter-shorewall.tar.gz index fcc04f3..5a98446 100644 Binary files a/openmptcprouter-shorewall.tar.gz and b/openmptcprouter-shorewall.tar.gz differ diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz index e186946..2f4dee4 100644 Binary files a/openmptcprouter-shorewall6.tar.gz and b/openmptcprouter-shorewall6.tar.gz differ diff --git a/openvpn-bonding1.conf b/openvpn-bonding1.conf deleted file mode 100644 index 45a07d7..0000000 --- a/openvpn-bonding1.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding1 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65351 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding2.conf b/openvpn-bonding2.conf deleted file mode 100644 index 71798b4..0000000 --- a/openvpn-bonding2.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding2 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65352 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding3.conf b/openvpn-bonding3.conf deleted file mode 100644 index 9614a96..0000000 --- a/openvpn-bonding3.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding3 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65353 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding4.conf b/openvpn-bonding4.conf deleted file mode 100644 index 846f5dc..0000000 --- a/openvpn-bonding4.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding4 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65354 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding5.conf b/openvpn-bonding5.conf deleted file mode 100644 index aafccd3..0000000 --- a/openvpn-bonding5.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding5 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65355 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding6.conf b/openvpn-bonding6.conf deleted file mode 100644 index 30b2067..0000000 --- a/openvpn-bonding6.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding6 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65356 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding7.conf b/openvpn-bonding7.conf deleted file mode 100644 index c5f1fe1..0000000 --- a/openvpn-bonding7.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding7 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65357 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-bonding8.conf b/openvpn-bonding8.conf deleted file mode 100644 index dbdd11b..0000000 --- a/openvpn-bonding8.conf +++ /dev/null @@ -1,18 +0,0 @@ -dev ovpnbonding8 -dev-type tap -cipher AES-256-CBC -proto udp -proto udp6 -port 65358 -persist-tun -persist-key -reneg-sec 0 -verb 3 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 100 2400 -mode server -tls-server diff --git a/openvpn-tun0.6.1.conf b/openvpn-tun0.6.1.conf deleted file mode 100644 index bc93c87..0000000 --- a/openvpn-tun0.6.1.conf +++ /dev/null @@ -1,34 +0,0 @@ -topology subnet -dev tun0 -user nobody -group nogroup -data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 -disable-dco -proto tcp-server -proto tcp6-server -port 65301 -persist-tun -persist-key -duplicate-cn -verb 3 -server 10.255.252.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 -txqueuelen 1000 -sndbuf 262144 -push "sndbuf 262144" -rcvbuf 262144 -push "rcvbuf 262144" -tun-mtu 1420 -tls-server -tls-version-min 1.2 -#push "route 10.255.252.1 255.255.255.255" -client-config-dir ccd -ifconfig-pool-persist ccd/ipp_tcp.txt -passtos -management 127.0.0.1 65302 -tcp-nodelay diff --git a/openvpn-tun0.conf b/openvpn-tun0.conf index a6d1864..fc778d9 100644 --- a/openvpn-tun0.conf +++ b/openvpn-tun0.conf @@ -18,12 +18,8 @@ crl-verify /etc/openvpn/ca/pki/crl.pem keepalive 10 240 sndbuf 0 rcvbuf 0 -txqueuelen 2000 -tun-mtu 1400 -mssfix 1360 tls-server tls-version-min 1.2 #compress lzo -#push "route 10.255.252.1 255.255.255.255" +push "route 10.255.252.1 255.255.255.255" client-config-dir ccd -management localhost 65302 diff --git a/openvpn-tun1.6.1.conf b/openvpn-tun1.6.1.conf deleted file mode 100644 index 6d91a8e..0000000 --- a/openvpn-tun1.6.1.conf +++ /dev/null @@ -1,30 +0,0 @@ -topology subnet -dev tun1 -data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 -proto udp -proto udp6 -port 65301 -persist-tun -persist-key -duplicate-cn -verb 3 -server 10.255.250.0 255.255.255.0 -ca /etc/openvpn/ca/pki/ca.crt -cert /etc/openvpn/ca/pki/issued/server.crt -key /etc/openvpn/ca/pki/private/server.key -dh /etc/openvpn/server/dh2048.pem -crl-verify /etc/openvpn/ca/pki/crl.pem -keepalive 10 240 -txqueuelen 1000 -sndbuf 262144 -push "sndbuf 262144" -rcvbuf 262144 -push "rcvbuf 262144" -tun-mtu 1420 -tls-server -tls-version-min 1.2 -push "route 10.255.250.1 255.255.255.255" -#client-config-dir ccd -#ifconfig-pool-persist ccd/ipp_udp.txt -#fast-io -passtos diff --git a/shadowsocks-go.server.json b/shadowsocks-go.server.json deleted file mode 100644 index 7d4704a..0000000 --- a/shadowsocks-go.server.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "servers": [ - { - "name": "ss-2022", - "protocol": "2022-blake3-aes-256-gcm", - "tcpListeners": [ - { - "network": "tcp", - "address": ":65280", - "fastOpen": false, - "reusePort": false, - "multipath": true - } - ], - "enableTCP": true, - "listenerTFO": true, - "enableUDP": true, - "mtu": 1500, - "psk": "PSK", - "uPSKStorePath": "/etc/shadowsocks-go/upsks.json" - } - ], - "stats": { - "enabled": true - }, - "api": { - "enabled": true, - "debugPprof": false, - "trustedProxies": [], - "listeners": [ - { - "network": "tcp", - "address": "127.0.0.1:65279" - } - ] - } -} \ No newline at end of file diff --git a/shadowsocks.6.1.conf b/shadowsocks.6.1.conf deleted file mode 100644 index 7828850..0000000 --- a/shadowsocks.6.1.conf +++ /dev/null @@ -1,77 +0,0 @@ -# local sysctl settings can be stored in this directory -# max open files -fs.file-max = 512000 -# max read buffer -net.core.rmem_max = 7500000 -# max write buffer -net.core.wmem_max = 7500000 -#net.core.optmem_max = 33554432 -# default read buffer -#net.core.rmem_default = 16777216 -# default write buffer -#net.core.wmem_default = 16777216 -# max processor input queue -net.core.netdev_max_backlog = 10000 -# max backlog -net.core.somaxconn = 16384 - -# resist SYN flood attacks -net.ipv4.tcp_syncookies = 1 -# reuse timewait sockets when safe -net.ipv4.tcp_tw_reuse = 1 -# turn off fast timewait sockets recycling -#net.ipv4.tcp_tw_recycle = 0 -# short FIN timeout -net.ipv4.tcp_fin_timeout = 30 -# Increase max orphans -net.ipv4.tcp_max_orphans = 16384 -# short keepalive time -net.ipv4.tcp_keepalive_time = 7200 -# outbound port range -net.ipv4.ip_local_port_range = 9999 65000 -# max SYN backlog -net.ipv4.tcp_max_syn_backlog = 4096 -# max timewait sockets held by system simultaneously -net.ipv4.tcp_max_tw_buckets = 16384 -# turn on TCP Fast Open on both client and server side -net.ipv4.tcp_fastopen = 3 -# TCP buffer -net.ipv4.tcp_mem = 409600 819200 1638400 -# UDP buffer -net.ipv4.udp_mem = 4096 87380 16777216 -# TCP receive buffer -net.ipv4.tcp_rmem = 4096 87380 16777216 -# TCP write buffer -net.ipv4.tcp_wmem = 4096 87380 16777216 -# turn on path MTU discovery -net.ipv4.tcp_mtu_probing = 0 -# 1/8 * available memory in receive buffer -net.ipv4.tcp_adv_win_scale=-3 -# limits the size of unsent bytes in the write queue -net.ipv4.tcp_notsent_lowat = 131072 - -# for low-latency network, use cubic instead -net.core.default_qdisc = fq -# Default conntrack is too small -net.netfilter.nf_conntrack_max = 524288 -net.netfilter.nf_conntrack_buckets=131072 -net.netfilter.nf_conntrack_tcp_timeout_established = 86400 - -net.ipv4.conf.all.log_martians = 0 -net.ipv4.conf.default.log_martians = 0 - -# MPTCP settings -net.ipv4.tcp_ecn = 2 -net.mptcp.checksum_enabled = 0 -net.mptcp.add_addr_timeout = 120 -net.mptcp.allow_join_initial_addr_port = 1 -net.mptcp.enabled = 1 -net.mptcp.pm_type = 0 -net.mptcp.stale_loss_cnt = 4 -net.mptcp.mptcp_checksum=0 -net.mptcp.mptcp_path_manager=fullmesh -net.mptcp.mptcp_scheduler=mptcp_burst -net.mptcp.mptcp_syn_retries=4 -net.mptcp.mptcp_version=1 -net.mptcp.checksum_enabled=0 -net.ipv4.tcp_congestion_control=bbr \ No newline at end of file diff --git a/shadowsocks.conf b/shadowsocks.conf index aa9587f..302bbe0 100644 --- a/shadowsocks.conf +++ b/shadowsocks.conf @@ -22,9 +22,7 @@ net.ipv4.tcp_tw_reuse = 1 # turn off fast timewait sockets recycling #net.ipv4.tcp_tw_recycle = 0 # short FIN timeout -net.ipv4.tcp_fin_timeout = 30 -# Increase max orphans -net.ipv4.tcp_max_orphans = 16384 +net.ipv4.tcp_fin_timeout = 80 # short keepalive time net.ipv4.tcp_keepalive_time = 7200 # outbound port range @@ -47,18 +45,16 @@ net.ipv4.tcp_wmem = 4096 65536 33554432 net.ipv4.tcp_mtu_probing = 0 # for low-latency network, use cubic instead -net.ipv4.tcp_congestion_control = bbr +net.ipv4.tcp_congestion_control = cubic net.core.default_qdisc = fq # Default conntrack is too small -net.netfilter.nf_conntrack_max = 524288 -net.netfilter.nf_conntrack_buckets=131072 -net.netfilter.nf_conntrack_tcp_timeout_established = 86400 +net.netfilter.nf_conntrack_max = 131072 net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.default.log_martians = 0 # MPTCP settings net.mptcp.mptcp_checksum = 0 -net.mptcp.mptcp_syn_retries = 4 +net.mptcp.mptcp_syn_retries = 2 net.mptcp.mptcp_scheduler = blest -net.ipv4.tcp_ecn = 2 +net.ipv4.tcp_ecn=1 diff --git a/shorewall4/interfaces b/shorewall4/interfaces index bb8b644..2f3e3ac 100644 --- a/shorewall4/interfaces +++ b/shorewall4/interfaces @@ -19,8 +19,6 @@ vpn gt-tun+ nosmurfs,tcpflags vpn gt-udp-tun+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags -vpn wg+ nosmurfs,tcpflags -vpncl client-wg+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags -vpn omr-bonding nosmurfs,tcpflags + diff --git a/shorewall4/params.vpn b/shorewall4/params.vpn index 074e6ec..e4082cb 100644 --- a/shorewall4/params.vpn +++ b/shorewall4/params.vpn @@ -1,3 +1,3 @@ -VPS_ADDR=10.255.252.1 -OMR_ADDR=10.255.252.2 -VPS_IFACE=tun0 +VPS_ADDR=10.255.255.1 +OMR_ADDR=10.255.255.2 +VPS_IFACE=gt-tun0 diff --git a/shorewall4/policy b/shorewall4/policy index 910acb0..59142ff 100644 --- a/shorewall4/policy +++ b/shorewall4/policy @@ -17,10 +17,8 @@ vpn net ACCEPT vpn fw ACCEPT fw vpn ACCEPT fw net ACCEPT -net all DROP +net all DROP info vpn vpn DROP -vpncl vpn ACCEPT -vpn vpncl ACCEPT # THE FOLLOWING POLICY MUST BE LAST -all all REJECT +all all REJECT info diff --git a/shorewall4/shorewall.conf b/shorewall4/shorewall.conf index d1ed03f..11bd54a 100644 --- a/shorewall4/shorewall.conf +++ b/shorewall4/shorewall.conf @@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED" CLAMPMSS=No -CLEAR_TC=No +CLEAR_TC=Yes COMPLETE=No DEFER_DNS_RESOLUTION=Yes -DELETE_THEN_ADD=No +DELETE_THEN_ADD=Yes DETECT_DNAT_IPADDRS=No @@ -233,7 +233,7 @@ SAVE_ARPTABLES=No SAVE_IPSETS=No -TC_ENABLED=No +TC_ENABLED=Simple TC_EXPERT=No diff --git a/shorewall4/snat b/shorewall4/snat index 8435e40..a240a09 100644 --- a/shorewall4/snat +++ b/shorewall4/snat @@ -15,14 +15,7 @@ ########################################################################################################################################### #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY # -MASQUERADE 10.255.247.0/24,\ - 10.255.248.0/24,\ - 10.255.250.0/24,\ - 10.255.251.0/24,\ - 10.255.252.0/24,\ - 10.255.253.0/24,\ - 10.255.254.0/24,\ - 10.255.255.0/24,\ +MASQUERADE 10.255.0.0/16,\ 169.254.0.0/16,\ 172.16.0.0/12,\ 192.168.0.0/16 $NET_IFACE diff --git a/shorewall4/stoppedrules b/shorewall4/stoppedrules index 30eeac9..aa5bfd5 100644 --- a/shorewall4/stoppedrules +++ b/shorewall4/stoppedrules @@ -23,8 +23,4 @@ ACCEPT dsvpn+ - ACCEPT - dsvpn+ ACCEPT tun+ - ACCEPT - tun+ -ACCEPT wg+ - -ACCEPT - wg+ -ACCEPT client-wg+ - -ACCEPT - client-wg+ diff --git a/shorewall4/tcinterfaces b/shorewall4/tcinterfaces index 376cc36..106fbc6 100644 --- a/shorewall4/tcinterfaces +++ b/shorewall4/tcinterfaces @@ -1,3 +1,3 @@ #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH $NET_IFACE External -#$VPS_IFACE Internal \ No newline at end of file +$VPS_IFACE Internal \ No newline at end of file diff --git a/shorewall4/zones b/shorewall4/zones index 095a8e6..62fff26 100644 --- a/shorewall4/zones +++ b/shorewall4/zones @@ -16,5 +16,4 @@ fw firewall net ipv4 vpn ipv4 -vpncl ipv4 diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn index a7a7058..e69de29 100644 --- a/shorewall6/params.vpn +++ b/shorewall6/params.vpn @@ -1 +0,0 @@ -OMR_ADDR=fe80::a00:2 diff --git a/shorewall6/policy b/shorewall6/policy index 8b37313..9a01ad9 100644 --- a/shorewall6/policy +++ b/shorewall6/policy @@ -15,7 +15,7 @@ vpn all ACCEPT fw all ACCEPT -net all DROP +net all DROP info # THE FOLLOWING POLICY MUST BE LAST -all all REJECT +all all REJECT info diff --git a/shorewall6/shorewall6.conf b/shorewall6/shorewall6.conf index 699a0f2..8ab80ab 100644 --- a/shorewall6/shorewall6.conf +++ b/shorewall6/shorewall6.conf @@ -138,7 +138,7 @@ BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" -#CHAIN_SCRIPTS=Yes +CHAIN_SCRIPTS=Yes CLAMPMSS=No @@ -168,7 +168,7 @@ IGNOREUNKNOWNVARIABLES=No IMPLICIT_CONTINUE=No -#INLINE_MATCHES=No +INLINE_MATCHES=No IPSET_WARNINGS=Yes @@ -176,7 +176,7 @@ IP_FORWARDING=On KEEP_RT_TABLES=Yes -#LOAD_HELPERS_ONLY=Yes +LOAD_HELPERS_ONLY=Yes MACLIST_TABLE=filter diff --git a/tun0.glorytun b/tun0.glorytun index 92b9816..abd7ab1 100644 --- a/tun0.glorytun +++ b/tun0.glorytun @@ -1,7 +1,6 @@ PORT=65001 -HOST=0.0.0.0 DEV=tun0 SERVER=true MPTCP=true IPV6=true -OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue" \ No newline at end of file +OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" \ No newline at end of file diff --git a/tun0.glorytun-udp b/tun0.glorytun-udp index 670bbac..a89e1a8 100644 --- a/tun0.glorytun-udp +++ b/tun0.glorytun-udp @@ -1,6 +1,4 @@ BIND=0.0.0.0 BIND_PORT=65001 -HOST=0.0.0.0 -PORT=5000 DEV=tun0 OPTIONS="chacha persist" diff --git a/ubond.network b/ubond.network deleted file mode 100644 index 814ae03..0000000 --- a/ubond.network +++ /dev/null @@ -1,17 +0,0 @@ -[Match] -Name=ubond* - -[Network] -Description=UBOND tunnel -Address=10.255.248.1/24 -DHCPServer=yes -IPMasquerade=yes - -[DHCPServer] -PoolOffset=2 -PoolSize=50 -EmitDNS=no -EmitNTP=no -DNS=9.9.9.9 -DefaultLeaseTimeSec=12h -MaxLeaseTimeSec=24h \ No newline at end of file diff --git a/ubond0.conf b/ubond0.conf deleted file mode 100644 index b6063fd..0000000 --- a/ubond0.conf +++ /dev/null @@ -1,42 +0,0 @@ -[general] -tuntap = "tun" -mode = "server" -interface_name = "ubond0" -timeout = 30 -password = "UBOND_PASS" -reorder_buffer = yes -reorder_buffer_size = 64 -loss_tolerence = 50 - -[wan1] -bindport = 65251 -bindhost = "0.0.0.0" - -[wan2] -bindport = 65252 -bindhost = "0.0.0.0" - -[wan3] -bindport = 65253 -bindhost = "0.0.0.0" - -[wan4] -bindport = 65254 -bindhost = "0.0.0.0" - -[wan5] -bindport = 65255 -bindhost = "0.0.0.0" - -[wan6] -bindport = 65256 -bindhost = "0.0.0.0" - -[wan7] -bindport = 65257 -bindhost = "0.0.0.0" - -[wan8] -bindport = 65258 -bindhost = "0.0.0.0" - diff --git a/ubond@.service.in b/ubond@.service.in deleted file mode 100644 index 18f8be6..0000000 --- a/ubond@.service.in +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=UBOND connection to %i -PartOf=ubond.service -ReloadPropagatedFrom=ubond.service -After=network.target network-online.target - -[Service] -Type=notify -NotifyAccess=main -ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet -ExecReload=/bin/kill -HUP $MAINPID -WorkingDirectory=/etc/ubond -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/ubuntu19.04-x86_64.sh b/ubuntu19.04-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/ubuntu19.04-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/ubuntu20.04-x86_64.sh b/ubuntu20.04-x86_64.sh deleted file mode 120000 index 814a06c..0000000 --- a/ubuntu20.04-x86_64.sh +++ /dev/null @@ -1 +0,0 @@ -debian9-x86_64.sh \ No newline at end of file diff --git a/v2ray-server.json b/v2ray-server.json index 95f8dbf..5d2b544 100644 --- a/v2ray-server.json +++ b/v2ray-server.json @@ -1,6 +1,6 @@ { "log": { - "loglevel": "error", + "loglevel": "debug", "error": "/tmp/v2rayError.log" }, "transport": { @@ -34,7 +34,6 @@ }, "streamSettings": { "sockopt": { - "mptcp": true, "mark": 0 }, "network": "tcp", @@ -49,98 +48,6 @@ } } }, - { - "tag": "omrin-vmess-tunnel", - "port": 65230, - "protocol": "vmess", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-socks-tunnel", - "port": 65231, - "protocol": "socks", - "settings": { - "auth": "password", - "accounts": [ - { - "pass": "V2RAY_UUID", - "user": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-trojan-tunnel", - "port": 65229, - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "V2RAY_UUID", - "email": "openmptcprouter", - "level": 0 - } - ] - }, - "streamSettings": { - "sockopt": { - "mptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, { "listen": "127.0.0.1", "port": 10085, @@ -165,10 +72,7 @@ { "type": "field", "inboundTag": [ - "omrin-tunnel", - "omrin-vmess-tunnel", - "omrin-socks-tunnel", - "omrin-trojan-tunnel" + "omrin-tunnel" ], "outboundTag": "OMRLan", "domain": [ diff --git a/v2ray.service b/v2ray.service deleted file mode 100644 index f97647e..0000000 --- a/v2ray.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=V2Ray Service -Documentation=https://www.v2fly.org/ -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -User=root -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=true -ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json -Restart=always -RestartPreventExitStatus=23 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target diff --git a/xray-server.json b/xray-server.json deleted file mode 100644 index 14c62ee..0000000 --- a/xray-server.json +++ /dev/null @@ -1,232 +0,0 @@ -{ - "log": { - "loglevel": "error", - "error": "/tmp/v2rayError.log" - }, - "inbounds": [ - { - "tag": "omrin-tunnel", - "port": 65248, - "protocol": "vless", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-vmess-tunnel", - "port": 65250, - "protocol": "vmess", - "settings": { - "decryption": "none", - "clients": [ - { - "id": "V2RAY_UUID", - "level": 0, - "alterId": 0, - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-socks-tunnel", - "port": 65251, - "protocol": "socks", - "settings": { - "auth": "password", - "accounts": [ - { - "pass": "V2RAY_UUID", - "user": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-trojan-tunnel", - "port": 65249, - "protocol": "trojan", - "settings": { - "clients": [ - { - "password": "V2RAY_UUID", - "email": "openmptcprouter", - "level": 0 - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp", - "security": "tls", - "tlsSettings": { - "certificates": [ - { - "certificateFile": "/etc/openvpn/ca/pki/issued/server.crt", - "keyFile": "/etc/openvpn/ca/pki/private/server.key" - } - ] - } - } - }, - { - "tag": "omrin-shadowsocks-tunnel", - "port": 65252, - "protocol": "shadowsocks", - "settings": { - "password": "XRAY_PSK", - "method": "2022-blake3-aes-256-gcm", - "network": "tcp,udp", - "clients": [ - { - "password": "XRAY_UPSK", - "email": "openmptcprouter" - } - ] - }, - "streamSettings": { - "sockopt": { - "tcpMptcp": true, - "mark": 0 - }, - "network": "tcp" - } - }, - { - "listen": "127.0.0.1", - "port": 10086, - "protocol": "dokodemo-door", - "settings": { - "address": "127.0.0.1" - }, - "tag": "api" - } - ], - "outbounds": [ - { - "protocol": "freedom", - "settings": { - "userLevel": 0 - }, - "tag": "direct" - } - ], - "routing": { - "rules": [ - { - "type": "field", - "inboundTag": [ - "omrin-tunnel", - "omrin-vless-reality", - "omrin-vmess-tunnel", - "omrin-socks-tunnel", - "omrin-trojan-tunnel" - ], - "outboundTag": "OMRLan", - "domain": [ - "full:omr.lan" - ] - }, - { - "inboundTag": [ - "api" - ], - "outboundTag": "api", - "type": "field" - } - ] - }, - "reverse": { - "portals": [ - { - "tag": "OMRLan", - "domain": "omr.lan" - } - ] - }, - "stats": {}, - "api": { - "tag": "api", - "listen": "127.0.0.1:65080", - "services": [ - "HandlerService", - "LoggerService", - "StatsService" - ] - }, - "policy": { - "levels": { - "0": { - "uplinkOnly": 0, - "downlinkOnly": 0, - "bufferSize": 512, - "connIdle": 2400, - "statsUserUplink": true, - "statsUserDownlink": true - } - }, - "system": { - "statsInboundUplink": true, - "statsInboundDownlink": true - } - } -} diff --git a/xray-vless-reality.json b/xray-vless-reality.json deleted file mode 100644 index ca1a9c6..0000000 --- a/xray-vless-reality.json +++ /dev/null @@ -1,47 +0,0 @@ -{ - "inbounds": [ - { - "port": 443, - "tag": "omrin-vless-reality", - "protocol": "vless", - "settings": { - "clients": [ - { - "id": "XRAY_UUID", - "flow": "xtls-rprx-vision" - } - ], - "decryption": "none" - }, - "streamSettings": { - "network": "tcp", - "security": "reality", - "realitySettings": { - "dest": "1.1.1.1:443", - "serverNames": [ - "" - ], - "privateKey": "XRAY_X25519_PRIVATE_KEY", - "publicKey": "XRAY_X25519_PUBLIC_KEY", - "shortIds": [ - "" - ] - }, - "sockopt": { - "tcpMptcp": true, - "mark": 0 - } - } - } - ], - "routing": { - "rules": [ - { - "type": "field", - "inboundTag": [ - "omrin-vless-reality" - ] - } - ] - } -} \ No newline at end of file diff --git a/xray.service b/xray.service deleted file mode 100644 index a1df9e4..0000000 --- a/xray.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=XRay Service -Documentation=https://xtls.github.io/ -After=network.target nss-lookup.target -Wants=network-online.target - -[Service] -User=root -CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW -NoNewPrivileges=true -ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json -Restart=always -RestartPreventExitStatus=23 -StartLimitInterval=0 - -[Install] -WantedBy=multi-user.target