1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Compare commits

...

150 commits

Author SHA1 Message Date
Ycarus (Yannick Chabanois)
fd55a16550 Update Shadowsocks to 1.13.0 2025-03-07 08:05:23 +00:00
Ycarus (Yannick Chabanois)
7aac683f4f Update omr-admin with XRay fixes, update kernel 6.12, various fix 2025-02-26 09:27:33 +00:00
Ycarus (Yannick Chabanois)
f8484dc742 Fix gre tunnel configuration 2025-02-26 09:26:38 +00:00
Ycarus (Yannick Chabanois)
efd7ffd1db Add tcp-nodelay option for OpenVPN TCP 2025-02-26 09:26:03 +00:00
Ycarus (Yannick Chabanois)
0091388ff2 Fix XRay API listening 2025-02-26 09:25:39 +00:00
Ycarus (Yannick Chabanois)
56a2c5f7ff Update iperf3 to 3.18 using source and update kernel to 6.12.12 2025-02-04 13:56:39 +00:00
Ycarus (Yannick Chabanois)
c942c30384 Update omr-admin API, disable fastOpen, add vpn1 management in omr-service,.. 2025-01-29 13:51:48 +00:00
Ycarus (Yannick Chabanois)
be6a17dcdd Fix omr-service OpenVPN route setting 2024-11-29 14:53:26 +00:00
Ycarus (Yannick Chabanois)
4b590a13eb Update omr-admin, add kernel 6.12 support 2024-11-29 14:52:55 +00:00
Ycarus (Yannick Chabanois)
2a0501172f Update XRay 2024-11-18 10:24:10 +00:00
Ycarus (Yannick Chabanois)
458b472a78 Update OMR-Admin, for update to Debian 12 and fix when IPv6 is disabled 2024-10-30 14:58:01 +00:00
Ycarus (Yannick Chabanois)
3b4f875051 Update OMR admin, omr-service and shadowsocks-go 2024-10-23 06:11:05 +00:00
Ycarus (Yannick Chabanois)
455f3c86d8 Enable FastOpen on Shadowsocks-go 2024-10-16 13:43:00 +00:00
Ycarus (Yannick Chabanois)
3ac858c56b Less output logs 2024-10-16 13:42:39 +00:00
Ycarus (Yannick Chabanois)
c635b0a1b6 Sync with server 2024-10-07 09:29:20 +00:00
Ycarus (Yannick Chabanois)
c0e0e19b6c No need for client-config-dir on OpenVPN UDP 2024-08-28 09:37:58 +00:00
Ycarus (Yannick Chabanois)
c06b6ac75f Better check if VPN are installed or not for OMR-Service 2024-08-28 09:37:31 +00:00
Ycarus (Yannick Chabanois)
93f9244e83 Update OMR-Admin API 2024-08-28 09:36:57 +00:00
Ycarus (Yannick Chabanois)
b76adb8a24 Update omr-admin API, add gre-tunnel and lan-routes as options, add OpenVPN to fail2ban 2024-08-09 15:35:17 +00:00
Ycarus (Yannick Chabanois)
5abd262382 Add missing files 2024-08-01 07:55:38 +00:00
Ycarus (Yannick Chabanois)
654e1a1335 Change in kernel settings 2024-07-31 11:02:21 +00:00
Ycarus (Yannick Chabanois)
6aa0d03888 Update URL for default update script 2024-07-31 11:01:55 +00:00
Ycarus (Yannick Chabanois)
4e16d813bf Add kernel 6.10 support and fail2ban 2024-07-31 11:00:49 +00:00
Ycarus (Yannick Chabanois)
70a240a396 Update to latest changes 2024-07-04 09:45:34 +00:00
Ycarus (Yannick Chabanois)
f713ebcc67 Merge branch 'master' into develop 2024-04-15 15:04:13 +00:00
Ycarus (Yannick Chabanois)
49390c7277 Fix buster backports for existing install 2024-04-15 15:03:24 +00:00
Ycarus (Yannick Chabanois)
1cc3bda158 Add support for a specific interface for IPv6 2024-04-15 15:02:32 +00:00
Ycarus (Yannick Chabanois)
172c0461be Add changes from master branch and create a new test script 2024-04-15 07:39:29 +00:00
Ycarus (Yannick Chabanois)
efdb9e3ef7 Fixes on script 2024-04-14 17:01:13 +00:00
Ycarus (Yannick Chabanois)
c13a84dc6b Update changelog 2024-04-10 17:35:43 +00:00
Ycarus (Yannick Chabanois)
fd2a3f1a27 Merge develop to master branch 2024-04-10 17:32:48 +00:00
Ycarus (Yannick Chabanois)
103e508dd7 Change in master branch 2024-04-10 17:28:22 +00:00
Ycarus (Yannick Chabanois)
90d327abbe Test for Debian 6.6 official kernel when not on x86_64 2024-04-09 12:58:45 +00:00
Ycarus (Yannick Chabanois)
1ab5d977de Fix route in openvpn MPTCP over VPN 2024-04-09 12:57:02 +00:00
Ycarus (Yannick Chabanois)
96775408d7 Update omr-admin script and fix on openvpn 2024-03-28 08:16:15 +00:00
Ycarus (Yannick Chabanois)
2b99a77d1a Update omr-admin 2024-03-01 19:03:24 +00:00
Ycarus (Yannick Chabanois)
b4d8f5551c Add some allow-downgrades to fix error in some install with kernel 6.1 2024-02-26 14:28:12 +00:00
Ycarus (Yannick Chabanois)
001aa3be4d Add kernel 6.6 support, allow to disable all proxy and VPNs, change IPv6 address in omr-pihole 2024-02-22 17:31:57 +00:00
Ycarus (Yannick Chabanois)
0bd93fb5c8 Update omr-admin API script 2024-02-13 14:08:52 +00:00
Ycarus (Yannick Chabanois)
a5fc57038b Update omr-admin API and fix omr-bypass rights 2024-02-09 10:52:04 +00:00
Ycarus (Yannick Chabanois)
a9e217fb7c Add omr-bypass service 2024-02-09 10:42:55 +00:00
Ycarus (Yannick Chabanois)
c0c9627007 Update script to latest version on server with vless-reality, iperf from distribution, updated API,... 2024-02-01 19:48:09 +00:00
Ycarus (Yannick Chabanois)
6e64c06325 Add management port on openvpn 2023-12-08 19:15:02 +00:00
Ycarus (Yannick Chabanois)
c708189fb9 Update omr-admin, fix Pi-Hole install, optimize OpenVPN 2023-12-08 07:59:01 +00:00
Ycarus (Yannick Chabanois)
c0af37c0c2 Fix dsvpn restart in omr-service, add VLESS-REALITY support 2023-10-26 14:29:51 +00:00
Ycarus (Yannick Chabanois)
0d9a766d28 Add shadowsocks-go and XRay 2023-10-10 14:38:56 +00:00
Ycarus (Yannick Chabanois)
0743e7c75a Fix omr-service 2023-09-23 06:46:50 +00:00
Ycarus (Yannick Chabanois)
8ac6293b58 Update API, add check for omr-service, fix v2ray service file 2023-09-14 09:31:45 +00:00
Ycarus (Yannick Chabanois)
8cef34ed5b Fix https://github.com/Ysurac/openmptcprouter/issues/2949 2023-09-07 12:25:38 +00:00
Ycarus (Yannick Chabanois)
afa31c4f03 Custom 6.1 sysctl kernel configuration 2023-09-07 07:56:25 +00:00
Ycarus (Yannick Chabanois)
a029915e39 Decrease timeout before restarting not working Glorytun TCP 2023-09-07 07:55:39 +00:00
Ycarus (Yannick Chabanois)
e9fd4192dc Update omr-admin, don't add TCP congestion control on kernel 6.1, remove 9000 MTU 2023-09-01 07:19:07 +00:00
Ycarus (Yannick Chabanois)
0ad22072a7 Increase nf_contrack_max and nf_conntrack_buckets values 2023-08-31 07:21:36 +00:00
Ycarus (Yannick Chabanois)
73cecfb6f9 Fix V2Ray update 2023-08-31 07:21:07 +00:00
Ycarus (Yannick Chabanois)
dfba574f7e Fix Ubuntu support 2023-08-30 09:28:03 +00:00
Ycarus (Yannick Chabanois)
450da26917 Fixes and add trojan, socks and vmess protocol support for V2Ray 2023-08-28 19:16:45 +00:00
Ycarus (Yannick Chabanois)
2204e080d3 Update omr admin 2023-08-23 18:01:37 +00:00
Ycarus (Yannick Chabanois)
4b349539f7 Set v2ray loglevel to error 2023-08-23 14:55:07 +00:00
Ycarus (Yannick Chabanois)
19bc566da6 Fix glorytun-udp repo to use fork 2023-08-23 14:54:48 +00:00
Ycarus (Yannick Chabanois)
178186002c Fixes on ARM64 support and some VPN changes 2023-08-22 12:56:05 +00:00
Ycarus (Yannick Chabanois)
cb5f138c4e Fix fastapi install on Debian 10 2023-07-11 19:11:16 +00:00
Ycarus (Yannick Chabanois)
c91411a621 Fix fastapi install on Debian 10 2023-07-11 19:10:46 +00:00
Ycarus (Yannick Chabanois)
039218a015 Set a better log message on omr-service 2023-07-11 17:07:47 +00:00
Ycarus (Yannick Chabanois)
2806a8078a Update omr-admin and use latest shadowsocks changes in fork 2023-07-11 17:07:18 +00:00
Ycarus (Yannick Chabanois)
8af0bed8c3 Update omr_admin 2023-07-11 17:05:46 +00:00
Ycarus (Yannick Chabanois)
3de88a211f Add Debian 12 support 2023-06-13 11:26:17 +00:00
Ycarus (Yannick Chabanois)
fdcd1c59f9 Use systemtap to force MPTCP on all applications 2023-06-13 11:24:22 +00:00
Ycarus (Yannick Chabanois)
56d3c8ae08 Fix fw patch 2023-04-23 05:40:20 +00:00
Ycarus (Yannick Chabanois)
8d1055668f Fix missing patch, update v2ray and update glorytun config 2023-04-23 05:37:23 +00:00
Ycarus (Yannick Chabanois)
dfdfaa2487 Optimize glorytun TCP 2023-03-10 18:59:45 +00:00
Ycarus (Yannick Chabanois)
cc756de52d Prepare for 0.1029 test 2023-03-01 19:26:13 +00:00
Ycarus (Yannick Chabanois)
9c3f955a61 Add 6.1.0 support 2023-02-19 17:53:04 +00:00
Ycarus (Yannick Chabanois)
838d1b69e5 Fix multipath 2023-02-19 17:52:37 +00:00
Ycarus (Yannick Chabanois)
4e09734f41 Set syn retries to 4 2023-02-19 17:52:12 +00:00
Ycarus (Yannick Chabanois)
44467085a7 Update changelog 2022-10-14 07:02:36 +00:00
Ycarus (Yannick Chabanois)
7a7a4a2778 Add current 0.1028 release 2022-10-14 07:01:41 +00:00
Ycarus (Yannick Chabanois)
cf8aa1dc03 Merge develop in master 2022-08-22 06:34:31 +00:00
Ycarus (Yannick Chabanois)
b3ef329cd0 Littles fixes on VPS script 2022-08-21 18:25:29 +00:00
Ycarus (Yannick Chabanois)
3dc18b63b8 Add Debian 11 symbolic link 2022-08-16 19:48:58 +00:00
Ycarus (Yannick Chabanois)
657c2b386c Add Ubuntu 22.04 support 2022-08-16 19:47:12 +00:00
Ycarus (Yannick Chabanois)
c232d34169 Fix WG client port 2022-08-14 04:45:44 +00:00
Ycarus (Yannick Chabanois)
ade517b142 Fix shorewall configuration on update 2022-08-12 05:56:12 +00:00
Ycarus (Yannick Chabanois)
4fbb8d08f3 Push latest scripts changes 2022-08-09 18:36:09 +00:00
Ycarus (Yannick Chabanois)
a8553ba64f Add missing package 2022-02-11 15:56:10 +00:00
Ycarus (Yannick Chabanois)
2b5afea3a1 Fix 2022-02-11 15:54:58 +00:00
Ycarus (Yannick Chabanois)
16e01d1120 Various fixes 2021-11-19 21:03:15 +00:00
Ycarus (Yannick Chabanois)
0fcb2c22f4 Merge branch 'master' into develop 2021-08-23 13:52:44 +00:00
Ycarus (Yannick Chabanois)
d7dacc3e72 Update ubond 2021-08-23 13:51:22 +00:00
Ycarus (Yannick Chabanois)
ce4516fac2 Commit latest small changes in script 2021-08-23 13:50:00 +00:00
Ycarus (Yannick Chabanois)
e063e29ff9 Fix vpspath for release 2021-06-15 05:04:25 +00:00
Ycarus (Yannick Chabanois)
bfe7d972b9 Update omr-service to 0.1026 2021-06-14 05:52:59 +00:00
Ycarus (Yannick Chabanois)
a5cf11a449 Update server script 2021-06-14 05:47:42 +00:00
Ycarus (Yannick Chabanois)
33cf1b4718 Update to 0.1026 2021-06-14 05:46:38 +00:00
Ycarus (Yannick Chabanois)
c19bade451 Add latest omr vps script changes 2021-06-08 17:42:39 +00:00
Ycarus (Yannick Chabanois)
a02b306243 Check wireguard ip 2021-05-09 08:35:55 +00:00
Ycarus (Yannick Chabanois)
4b8a9432cd Replace gitee by gitlab 2021-05-09 08:35:34 +00:00
Ycarus (Yannick Chabanois)
df637bb0c4 Fix VPS update via web and update omr-test-speed 2021-05-08 06:46:40 +00:00
Ycarus (Yannick Chabanois)
c39b07eaa5 Doesn't download each firewall file for update 2021-04-27 08:24:10 +00:00
Ycarus (Yannick Chabanois)
180a3fc0ac Remove bad dsvpn ipv6 route 2021-04-19 19:15:43 +00:00
Ycarus (Yannick Chabanois)
950b704495 Update server API 2021-04-14 19:16:45 +00:00
Ycarus (Yannick Chabanois)
db95630ef9 Disable TLS from let's encrypt in China 2021-03-29 14:32:39 +00:00
Ycarus (Yannick Chabanois)
fd915dfbb9 Update API version 2021-03-25 09:19:08 +00:00
Ycarus (Yannick Chabanois)
5023d5cf33 Fix 2021-03-24 14:02:18 +00:00
Ycarus (Yannick Chabanois)
1d2887c747 Add omr-test-speed 2021-03-23 19:58:37 +00:00
Ycarus (Yannick Chabanois)
07e23b7851 fix 2021-03-23 19:57:16 +00:00
Ycarus (Yannick Chabanois)
cedb65670e Add missing files and use localfiles for china 2021-03-23 19:53:25 +00:00
Ycarus (Yannick Chabanois)
31d4712c83 Fix 2021-03-23 19:49:12 +00:00
Ycarus (Yannick Chabanois)
dae3133a1d Fix 2021-03-23 19:44:43 +00:00
Ycarus (Yannick Chabanois)
98ee07f6a6 Add a test for a China compatible script 2021-03-23 19:41:26 +00:00
Ycarus (Yannick Chabanois)
9a764d0eaf Fix LAN default route, fix https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way 2021-03-23 12:36:53 +00:00
Ycarus (Yannick Chabanois)
454046f830 Update API 2021-03-15 19:40:17 +00:00
Ycarus (Yannick Chabanois)
507f49413c Update API 2021-03-15 19:12:01 +00:00
Ycarus (Yannick Chabanois)
69df502cb9 Keep old config 2021-03-12 17:13:56 +00:00
Ycarus (Yannick Chabanois)
5291876fe6 Fix mlvpn source install and use binary by default 2021-03-12 16:57:04 +00:00
Ycarus (Yannick Chabanois)
fd10d9ac20 Force update repo key 2021-03-12 13:21:25 +00:00
Ycarus (Yannick Chabanois)
8e738a8f19 Fix https://github.com/Ysurac/openmptcprouter-vps/issues/46 2021-03-12 06:46:05 +00:00
Ycarus (Yannick Chabanois)
83e81cfd9f Go to openmptcprouter-vps-admin dir before creating key 2021-03-11 14:48:12 +00:00
Ycarus (Yannick Chabanois)
47df28fdc6 Fix symbolic link for v2ray config 2021-03-11 08:07:55 +00:00
Ycarus (Yannick Chabanois)
8856fece58 Use v2ray_plugin debian package 2021-03-10 14:38:35 +00:00
Ycarus (Yannick Chabanois)
e70303ba3f Change version 2021-03-10 14:11:54 +00:00
Ycarus (Yannick Chabanois)
a713d44645 No error if omr-server not installed 2021-03-10 13:46:55 +00:00
Ycarus (Yannick Chabanois)
7ce28a9481 Fix script for kernel binary install 2021-03-10 13:43:18 +00:00
Ycarus (Yannick Chabanois)
269b986cbe Install omr-server debian package at end of install script 2021-03-10 13:04:17 +00:00
Ycarus (Yannick Chabanois)
5bfd42770d Fix get previous pass for omr-admin 2021-03-10 13:00:54 +00:00
Ycarus (Yannick Chabanois)
8e795b035b Reboot not needed after install 2021-03-10 13:00:31 +00:00
Ycarus (Yannick Chabanois)
2dbc4e4f0f Fix output of omr-update 2021-03-10 10:31:20 +00:00
Ycarus (Yannick Chabanois)
f573c43ce0 Fix omr-update service script install 2021-03-10 10:30:32 +00:00
Ycarus (Yannick Chabanois)
382fc59a4f Fix v2ray 2021-03-10 10:30:05 +00:00
Ycarus (Yannick Chabanois)
95453a8013 Fix sed in debian package 2021-03-10 09:51:50 +00:00
Ycarus (Yannick Chabanois)
605acd1ffd Fix kernel package version in install script 2021-03-10 09:35:54 +00:00
Ycarus (Yannick Chabanois)
cf1eca052a Fix kernel package version 2021-03-10 09:33:15 +00:00
Ycarus (Yannick Chabanois)
bf160e67a6 Merge branch 'develop' of github.com:Ysurac/openmptcprouter-vps into develop 2021-03-10 09:30:38 +00:00
Ycarus (Yannick Chabanois)
96eb181b40 Use Debian package for kernel 2021-03-10 09:30:19 +00:00
Ycarus (Yannick Chabanois)
0ddc538c87 Add dependencie in debian package 2021-03-10 09:29:59 +00:00
Ycarus (Yannick Chabanois)
3c6e85e07f Add a service to do update after reboot 2021-03-10 10:23:46 +01:00
Ycarus (Yannick Chabanois)
c64bed8db5 Fix script name 2021-03-08 15:50:32 +00:00
Ycarus (Yannick Chabanois)
aacad49aa4 Update API and fix debian mlvpn depend 2021-03-08 14:53:06 +00:00
Ycarus (Yannick Chabanois)
ea0993c781 Add version and depends in Debian package 2021-03-08 14:02:06 +00:00
Ycarus (Yannick Chabanois)
8319728f56 Fix script 2021-03-08 08:12:51 +00:00
Ycarus (Yannick Chabanois)
2ae5602bca Merge branch 'develop' of github.com:Ysurac/openmptcprouter-vps into develop 2021-03-05 09:11:04 +00:00
Ycarus (Yannick Chabanois)
3cd9952c69 Force use of version for binaries, enable wireguard by default 2021-03-05 09:10:30 +00:00
Ycarus (Yannick Chabanois)
795c693d13 Add wireguard interface in firewall 2021-03-05 09:09:48 +00:00
Ycarus (Yannick Chabanois)
377ad59134 Fix debian package 2021-03-04 16:38:04 +00:00
Ycarus (Yannick Chabanois)
91116306a1 Add initial Debian packages files 2021-03-04 16:41:52 +01:00
Ycarus (Yannick Chabanois)
637e2ee08a Add symbolic link for ubuntu 2021-03-04 14:18:14 +00:00
Ycarus (Yannick Chabanois)
379b30a65e Add omr-admin-ipv6 2021-03-04 14:16:24 +00:00
Ycarus (Yannick Chabanois)
5cf11f2650 Server scripts update 2021-03-02 08:52:33 +00:00
Ycarus (Yannick Chabanois)
e87ff9af8e Update kernel, API and latest glorytun udp fix 2021-01-06 07:53:55 +00:00
Ycarus (Yannick Chabanois)
68ef21c679 Merge branch 'master' into develop 2021-01-05 14:12:17 +00:00
Ycarus (Yannick Chabanois)
c0a99de20c Add openvpn-bonding 2020-12-22 11:32:08 +00:00
70 changed files with 3018 additions and 654 deletions

1
debian-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

23
debian/changelog vendored Normal file
View file

@ -0,0 +1,23 @@
omr-server (0.1030) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Wed, 10 Apr 2024 19:35:34 +0200
omr-server (0.1028) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Fri, 14 Oct 2022 09:02:22 +0200
omr-server (0.1026) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 14 Jun 2021 07:43:42 +0200
omr-server (0.1025-test) unstable; urgency=medium
* Wireguard support and fixed
-- OpenMPTCProuter <contact@openmptcprouter.com> Thu, 04 Mar 2021 14:36:12 +0200

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
10

37
debian/control vendored Normal file
View file

@ -0,0 +1,37 @@
Source: omr-server
Section: net
Priority: optional
Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
Build-Depends: debhelper (>= 10)
X-Python-Version: >= 3.2
Standards-Version: 0.0.1
Homepage: https://github.com/ysurac/openmptcprouter-vps
Package: omr-server
Architecture: all
Multi-Arch: foreign
Depends:
curl,
rename,
libcurl4,
unzip,
tracebox,
omr-iperf3,
omr-shadowsocks-libev (= 3.3.5-2),
omr-vps-admin (= 0.3+20210508),
omr-simple-obfs,
omr-mlvpn (= 3.0.0+20201216.git.2263bab),
omr-glorytun (= 0.3.4-4),
omr-glorytun-tcp (= 0.0.35-3),
omr-dsvpn (= 0.1.4-2),
shorewall,
shorewall6,
iptables,
v2ray-plugin (= 4.35.1),
v2ray (=4.35.1),
linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
${misc:Depends}
Provides: omr-server
Conflicts: omr-server
Replaces: omr-server
Description: OpenMPTCProuter Server script

16
debian/postinst vendored Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x
# use debconf
. /usr/share/debconf/confmodule
sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
systemctl daemon-reload
systemctl restart omr-update
db_stop
#DEBHELPER#
exit 0
# vim:set ai et sts=2 sw=2 tw=0:

18
debian/rules vendored Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/make -f
#export DH_VERBOSE = 1
# Security Hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@
override_dh_auto_install:
mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin

1
debian11-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian12-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1976
debian9-x86_64.sh Normal file → Executable file

File diff suppressed because it is too large Load diff

View file

@ -12,7 +12,7 @@ fi
exec dsvpn \ exec dsvpn \
${MODE} \ ${MODE} \
"$1".key \ "$1".key \
auto \ ${HOST:-auto} \
${PORT} \ ${PORT} \
${DEV} \ ${DEV} \
${LOCALTUNIP} \ ${LOCALTUNIP} \

View file

@ -1,4 +1,5 @@
PORT=65401 PORT=65401
HOST=0.0.0.0
DEV=dsvpn0 DEV=dsvpn0
MODE=server MODE=server
LOCALTUNIP=10.255.251.1 LOCALTUNIP=10.255.251.1

View file

@ -0,0 +1,10 @@
[INCLUDES]
before = common.conf
[Definition]
_daemon = ovpn-server
failregex =%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Auth Error:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} VERIFY ERROR:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
%(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}
maxlines = 1

View file

@ -0,0 +1,21 @@
[DEFAULT]
backend = systemd
banaction = shorewall
[sshd]
enabled = true
[openvpn_tcp]
enabled = true
port = 65301
protocol = tcp
filter = openvpn
maxretry = 5
[openvpn_udp]
enabled = true
port = 65301
protocol = udp
filter = openvpn
maxretry = 5

View file

@ -9,7 +9,7 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt${HOST:+c}-$(basename "$1")" DEV="gt-$(basename "$1")"
exec glorytun-tcp \ exec glorytun-tcp \
${SERVER:+listener} \ ${SERVER:+listener} \

View file

@ -9,11 +9,10 @@ fi
. "$(readlink -f "$1")" . "$(readlink -f "$1")"
DEV="gt${HOST:+c}-udp-$(basename "$1")" DEV="gt-udp-$(basename "$1")"
exec glorytun \ exec glorytun \
bind from addr $BIND port $BIND_PORT \ bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
keyfile "$1".key \ keyfile "$1".key \
${DEV:+dev "$DEV"} \ ${DEV:+dev "$DEV"} \
${HOST:+to addr "$HOST" port "$PORT"} \
${OPTIONS:+$OPTIONS} ${OPTIONS:+$OPTIONS}

3
iperf3.override.conf Normal file
View file

@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem

View file

@ -3,7 +3,7 @@ Description=iperf3
Requires=network.target Requires=network.target
[Service] [Service]
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/public.pem ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
Restart=on-failure Restart=on-failure
[Install] [Install]

147
multipath Normal file → Executable file
View file

@ -6,9 +6,8 @@
# Released under GPL 3 or later # Released under GPL 3 or later
if [ -d "/proc/sys/net/mptcp" ]; then if [ -d "/proc/sys/net/mptcp" ]; then
if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
echo "MPTCP is disabled!" echo "MPTCP is disabled!"
echo "Please set net.mptcp.mptcp_enabled = 1"
exit 1 exit 1
fi fi
else else
@ -26,7 +25,7 @@ case $1 in
echo " multipath device {on | off | backup | handover}" echo " multipath device {on | off | backup | handover}"
echo echo
echo "show established conections: -c" echo "show established conections: -c"
echo "show mullmesh info: -f" echo "show fullmesh info: -f"
echo "show kernel config: -k" echo "show kernel config: -k"
echo echo
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag" echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
@ -43,12 +42,28 @@ case $1 in
cat /proc/net/mptcp_fullmesh cat /proc/net/mptcp_fullmesh
exit 0;; exit 0;;
"-k") "-k")
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled` if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager` echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum` elif [ -f /proc/sys/net/mptcp/enabled ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler` echo Enabled: `cat /proc/sys/net/mptcp/enabled`
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries` fi
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug` if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
fi
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
else
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
fi
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo echo
echo See http://multipath-tcp.org/ for details echo See http://multipath-tcp.org/ for details
exit 0 ;; exit 0 ;;
@ -65,38 +80,98 @@ TYPE="$2"
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"` #FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
[ -d "/sys/class/net/$DEVICE/" ] || { [ -d "/sys/class/net/$DEVICE/" ] || {
echo "Device '$DEVICE' can't found!" #echo "Device '$DEVICE' can't found!"
echo "Use the hardware name like in ifconfig" #echo "Use the hardware name like in ifconfig"
exit 1 exit 1
} }
FLAG_PATH="/sys/class/net/$DEVICE/flags" if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
IFF=`cat $FLAG_PATH` FLAG_PATH="/sys/class/net/$DEVICE/flags"
IFF=`cat $FLAG_PATH`
IFF_OFF="0x80000" IFF_OFF="0x80000"
IFF_ON="0x00" IFF_ON="0x00"
IFF_BACKUP="0x100000" IFF_BACKUP="0x100000"
IFF_HANDOVER="0x200000" IFF_HANDOVER="0x200000"
IFF_MASK="0x380000" IFF_MASK="0x380000"
case $TYPE in case $TYPE in
"off") FLAG=$IFF_OFF;; "off") FLAG=$IFF_OFF;;
"on") FLAG=$IFF_ON;; "on") FLAG=$IFF_ON;;
"backup") FLAG=$IFF_BACKUP;; "backup") FLAG=$IFF_BACKUP;;
"handover") FLAG=$IFF_HANDOVER;; "handover") FLAG=$IFF_HANDOVER;;
"") "")
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))` IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
case "$IFF" in case "$IFF" in
$IFF_OFF) echo $DEVICE is deactivated;; $IFF_OFF) echo $DEVICE is deactivated;;
$IFF_ON) echo $DEVICE is in default mode;; $IFF_ON) echo $DEVICE is in default mode;;
$IFF_BACKUP) echo $DEVICE is in backup mode;; $IFF_BACKUP) echo $DEVICE is in backup mode;;
$IFF_HANDOVER) echo $DEVICE is in handover mode;; $IFF_HANDOVER) echo $DEVICE is in handover mode;;
*) echo "Unkown state!" && exit 1;; *) echo "Unkown state!" && exit 1;;
esac esac
exit 0;; exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;; *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac esac
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
else
ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
#IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
[ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in
"off")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
exit 0;;
"on")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
done
exit 0;;
"signal")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE signal
done
exit 0;;
"backup")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE backup fullmesh
done
exit 0;;
"")
case "$IFF" in
"") echo $DEVICE is deactivated;;
"subflow") echo $DEVICE is in default mode;;
"backup") echo $DEVICE is in backup mode;;
"signal") echo $DEVICE is in signal mode;;
"fullmesh") echo $DEVICE is in fullmesh mode;;
*) echo "$DEVICE Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
fi

12
omr-admin-ipv6.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-Admin IPv6
After=network.target network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-admin.py --host="::"
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install]
WantedBy=multi-user.target

View file

@ -6,7 +6,7 @@ After=network.target network-online.target
Type=simple Type=simple
Restart=always Restart=always
ExecStart=/usr/local/bin/omr-admin.py ExecStart=/usr/local/bin/omr-admin.py
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

82
omr-bypass Executable file
View file

@ -0,0 +1,82 @@
#!/bin/sh
# Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Released under GPL 3. See LICENSE for the full terms.
[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
# Configuration
INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
TABLE="991337"
MARK="0x539"
CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
# Action
ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q --exist restore <<-EOF
create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
EOF
ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
for ip in $ipv4; do
ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
done
ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
for ip in $ipv6; do
ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
done
iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
if [ -n "$GATEWAY6" ]; then
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
fi

12
omr-bypass.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-ByPass
After=network.target network-online.target shorewall.service
[Service]
Type=simple
ExecStart=/usr/local/bin/omr-bypass
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target

8
omr-bypass.timer.in Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Timer for omr-bypass
[Timer]
OnUnitActiveSec=300
[Install]
WantedBy=timers.target

View file

@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
echo "This script doesn't work with Debian Stretch (9.x)" echo "This script doesn't work with Debian Stretch (9.x)"
exit 1 exit 1
fi fi
if [ "$(id -u)" -ne 0 ]; then
echo "You must run the script as root"
exit 1
fi
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end." echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
echo "Don't apply Pi-hole firewall rules." echo "Don't apply Pi-hole firewall rules."
@ -26,13 +31,14 @@ $SERVER["socket"] == "10.255.252.1:80" { }
$SERVER["socket"] == "10.255.251.1:80" { } $SERVER["socket"] == "10.255.251.1:80" { }
$SERVER["socket"] == "10.255.253.1:80" { } $SERVER["socket"] == "10.255.253.1:80" { }
EOF EOF
systemctl -q restart lighttpd systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd
grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
cat >> /etc/pihole/setupVars.conf <<-EOF cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0 PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16 IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fe80::aff:ff01/64 IPV6_ADDRESS=fd00::a00:/106
RATE_LIMIT=0/0
EOF EOF
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf

View file

@ -6,110 +6,227 @@ _multipath() {
source /etc/shorewall/params.net source /etc/shorewall/params.net
for intf in `ls -1 /sys/class/net`; do for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then if [ "$intf" != "bonding_masters" ]; then
if [ "$intf" = "$NET_IFACE" ]; then if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
[ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on [ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
multipath $intf signal >/dev/null 2>&1
ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
}
else else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off [ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
fi fi
fi fi
done done
} }
_glorytun_udp() { _glorytun_udp() {
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && { #if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
logger -t "OMR-Service" "Restart Glorytun-UDP" if systemctl list-unit-files glorytun-udp@.service >/dev/null; then
systemctl -q restart 'glorytun-udp@*' [ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
} logger -t "OMR-Service" "Restart Glorytun-UDP"
for intf in /etc/glorytun-udp/tun*; do systemctl -q restart 'glorytun-udp@*'
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf} sleep 10
done }
for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
fi
} }
_glorytun_tcp() { _glorytun_tcp() {
for intf in /etc/glorytun-tcp/tun*; do #if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-tcp/post.sh ${intf} if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
done for intf in /etc/glorytun-tcp/tun*; do
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then [ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
if [ "$(ping -c 5 -w 5 10.255.255.2 | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]; then done
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP" if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
systemctl restart glorytun-tcp@tun0 localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.255.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
sleep 10
fi
fi
#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
fi
}
_dsvpn() {
#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.251.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
systemctl restart dsvpn-server@dsvpn0
fi
#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
fi fi
fi fi
} }
_shadowsocks() {
if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
[ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
systemctl restart shadowsocks-libev-manager@manager
}
fi
}
_shadowsocks_go() {
if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
[ -z "$(pgrep shadowsocks-go)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
systemctl restart shadowsocks-go
}
fi
}
_xray() {
if systemctl list-unit-files xray.service >/dev/null; then
[ -z "$(pgrep xray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart XRay"
systemctl restart xray
}
fi
}
_v2ray() {
if systemctl list-unit-files v2ray.service >/dev/null; then
[ -z "$(pgrep v2ray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
systemctl restart v2ray
}
fi
}
_wireguard() {
#if [ -n "$(systemctl -a | grep 'wg')" ]; then
if systemctl list-unit-files wg-quick@.service >/dev/null; then
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
fi
}
_omr_api() { _omr_api() {
[ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && { [ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Restart OMR-Admin" logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
systemctl -q restart omr-admin systemctl -q restart omr-admin
} }
} }
_lan_route() { _lan_route() {
cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' | jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
while IFS=$"\n" read -r c; do while IFS=$"\n" read -r c; do
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip') if [ -n "$c" ]; then
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
echo "$c" | jq -c '.lanips //empty' | username=$(echo "$c" | jq -r '.username')
while IFS=$"\n" read -r d; do if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
network=$(ipcalc -n $d | grep Network | awk '{print $2}') echo "$c" | jq -c -r '.lanips[]? //empty' |
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null while IFS=$"\n" read -r d; do
done if [ "$d" != "" ]; then
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
fi
done
fi
fi fi
done done
} }
_gre_tunnels() { _gre_tunnels() {
. "$(readlink -f "/etc/shorewall/params.vpn")" . "$(readlink -f "/etc/shorewall/params.vpn")"
for intf in /etc/openmptcprouter-vps-admin/intf/*; do if [ -n "$OMR_ADDR" ]; then
if [ -f "$intf" ]; then for intf in /etc/openmptcprouter-vps-admin/intf/*; do
. "$(readlink -f "$intf")" if [ -f "$intf" ]; then
iface="$(basename $intf)" . "$(readlink -f "$intf")"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then iface="$(basename $intf)"
ip tunnel del $iface 2>&1 >/dev/null if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR [ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
ip link set $iface up ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
ip addr add $LOCALIP dev $iface ip link set $iface up >/dev/null 2>&1
ip route add $NETWORK dev $iface 2>&1 >/dev/null ip addr add $LOCALIP dev $iface >/dev/null 2>&1
ip route add $NETWORK dev $iface >/dev/null 2>&1
fi
fi fi
fi done
done
}
_openvpn_bonding() {
if [ "$(ip link show ovpnbonding1)" != "" ] && ([ "$(ip link show ovpnbonding1 | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
echo 0 > /sys/class/net/omr-bonding/bonding/mode
ip link set ovpnbonding1 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding1 up
ip link set ovpnbonding2 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding2 up
ip link set ovpnbonding3 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding3 up
ip link set ovpnbonding4 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding4 up
ip link set ovpnbonding5 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding5 up
ip link set ovpnbonding6 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding6 up
ip link set ovpnbonding7 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding7 up
ip link set ovpnbonding8 master omr-bonding 2>&1 >/dev/null
ip link set ovpnbonding8 up
ip link set omr-bonding up mtu 1440 2>&1 >/dev/null
ip a add 10.255.248.1 dev omr-bonding 2>&1 >/dev/null
ip r add 10.255.248.0/24 dev omr-bonding 2>&1 >/dev/null
ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 2>&1 >/dev/null
fi fi
} }
modprobe bonding 2>&1 >/dev/null _openvpn_bonding() {
ip link add omr-bonding type bond 2>&1 >/dev/null if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding1 up >/dev/null 2>&1
ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding2 up >/dev/null 2>&1
ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding3 up >/dev/null 2>&1
ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding4 up >/dev/null 2>&1
ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding5 up >/dev/null 2>&1
ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding6 up >/dev/null 2>&1
ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding7 up >/dev/null 2>&1
ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding8 up >/dev/null 2>&1
ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
fi
}
_vpn1() {
vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
if [ -n "$vpn1route" ]; then
ip r del $vpn1route
vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
ip r a default via $vpngw dev vpn1 table 991337
for route in $(ip r show dev vpn1); do
ip r a $route table 991337
done
fi
}
sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
modprobe bonding >/dev/null 2>&1
ip link add omr-bonding type bond >/dev/null 2>&1
#[ -n "$(uname -r | grep '6.1')" ] && {
# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
#}
gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
while true; do while true; do
_glorytun_udp _glorytun_udp
_glorytun_tcp _glorytun_tcp
_shadowsocks
_shadowsocks_go
_xray
_v2ray
_dsvpn
_wireguard
_multipath _multipath
_omr_api _omr_api
_lan_route [ "$lan_routes" != "false" ] && _lan_route
_gre_tunnels [ "$gre_tunnels" != "false" ] && _gre_tunnels
_openvpn_bonding _openvpn_bonding
_vpn1
sleep 10 sleep 10
done done

55
omr-test-speed Normal file
View file

@ -0,0 +1,55 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -4 -o /dev/null $HOST || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
fi
curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
fi
fi

56
omr-test-speedv6 Normal file
View file

@ -0,0 +1,56 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -6 $HOST >/dev/null || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

11
omr-update Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
if [ -f /etc/openmptcprouter-vps-admin/update ]; then
wget -O - http://www.openmptcprouter.com/server/debian.sh | sh
rm -f /etc/openmptcprouter-vps-admin/update
reboot
fi
if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
rm -f /etc/openmptcprouter-vps-admin/update-bin
#reboot
fi

15
omr-update.service.in Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=OMR Update
After=network.target network-online.target
[Service]
Type=simple
Restart=no
ExecStart=/usr/bin/omr-update
#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
AmbientCapabilities=
StandardOutput=file:/var/log/omr-update.log
StandardError=file:/var/log/omr-update.log
[Install]
WantedBy=multi-user.target

View file

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=OMR Description=OMR
After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service
[Service] [Service]
Type=simple Type=simple

Binary file not shown.

Binary file not shown.

18
openvpn-bonding1.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding1
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65351
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding2.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding2
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65352
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding3.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding3
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65353
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding4.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding4
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65354
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding5.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding5
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65355
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding6.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding6
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65356
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding7.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding7
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65357
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding8.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding8
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65358
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

34
openvpn-tun0.6.1.conf Normal file
View file

@ -0,0 +1,34 @@
topology subnet
dev tun0
user nobody
group nogroup
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
disable-dco
proto tcp-server
proto tcp6-server
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
#push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
ifconfig-pool-persist ccd/ipp_tcp.txt
passtos
management 127.0.0.1 65302
tcp-nodelay

View file

@ -18,8 +18,12 @@ crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240 keepalive 10 240
sndbuf 0 sndbuf 0
rcvbuf 0 rcvbuf 0
txqueuelen 2000
tun-mtu 1400
mssfix 1360
tls-server tls-server
tls-version-min 1.2 tls-version-min 1.2
#compress lzo #compress lzo
push "route 10.255.252.1 255.255.255.255" #push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd client-config-dir ccd
management localhost 65302

30
openvpn-tun1.6.1.conf Normal file
View file

@ -0,0 +1,30 @@
topology subnet
dev tun1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
proto udp
proto udp6
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.250.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
push "route 10.255.250.1 255.255.255.255"
#client-config-dir ccd
#ifconfig-pool-persist ccd/ipp_udp.txt
#fast-io
passtos

View file

@ -0,0 +1,37 @@
{
"servers": [
{
"name": "ss-2022",
"protocol": "2022-blake3-aes-256-gcm",
"tcpListeners": [
{
"network": "tcp",
"address": ":65280",
"fastOpen": false,
"reusePort": false,
"multipath": true
}
],
"enableTCP": true,
"listenerTFO": true,
"enableUDP": true,
"mtu": 1500,
"psk": "PSK",
"uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
}
],
"stats": {
"enabled": true
},
"api": {
"enabled": true,
"debugPprof": false,
"trustedProxies": [],
"listeners": [
{
"network": "tcp",
"address": "127.0.0.1:65279"
}
]
}
}

77
shadowsocks.6.1.conf Normal file
View file

@ -0,0 +1,77 @@
# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 7500000
# max write buffer
net.core.wmem_max = 7500000
#net.core.optmem_max = 33554432
# default read buffer
#net.core.rmem_default = 16777216
# default write buffer
#net.core.wmem_default = 16777216
# max processor input queue
net.core.netdev_max_backlog = 10000
# max backlog
net.core.somaxconn = 16384
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 16384
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 409600 819200 1638400
# UDP buffer
net.ipv4.udp_mem = 4096 87380 16777216
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 16777216
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 16777216
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# 1/8 * available memory in receive buffer
net.ipv4.tcp_adv_win_scale=-3
# limits the size of unsent bytes in the write queue
net.ipv4.tcp_notsent_lowat = 131072
# for low-latency network, use cubic instead
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.ipv4.tcp_ecn = 2
net.mptcp.checksum_enabled = 0
net.mptcp.add_addr_timeout = 120
net.mptcp.allow_join_initial_addr_port = 1
net.mptcp.enabled = 1
net.mptcp.pm_type = 0
net.mptcp.stale_loss_cnt = 4
net.mptcp.mptcp_checksum=0
net.mptcp.mptcp_path_manager=fullmesh
net.mptcp.mptcp_scheduler=mptcp_burst
net.mptcp.mptcp_syn_retries=4
net.mptcp.mptcp_version=1
net.mptcp.checksum_enabled=0
net.ipv4.tcp_congestion_control=bbr

View file

@ -22,7 +22,9 @@ net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling # turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0 #net.ipv4.tcp_tw_recycle = 0
# short FIN timeout # short FIN timeout
net.ipv4.tcp_fin_timeout = 80 net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time # short keepalive time
net.ipv4.tcp_keepalive_time = 7200 net.ipv4.tcp_keepalive_time = 7200
# outbound port range # outbound port range
@ -45,16 +47,18 @@ net.ipv4.tcp_wmem = 4096 65536 33554432
net.ipv4.tcp_mtu_probing = 0 net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead # for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = cubic net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq net.core.default_qdisc = fq
# Default conntrack is too small # Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072 net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0 net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0 net.ipv4.conf.default.log_martians = 0
# MPTCP settings # MPTCP settings
net.mptcp.mptcp_checksum = 0 net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 2 net.mptcp.mptcp_syn_retries = 4
net.mptcp.mptcp_scheduler = blest net.mptcp.mptcp_scheduler = blest
net.ipv4.tcp_ecn=1 net.ipv4.tcp_ecn = 2

View file

@ -19,6 +19,8 @@ vpn gt-tun+ nosmurfs,tcpflags
vpn gt-udp-tun+ nosmurfs,tcpflags vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags vpn tun+ nosmurfs,tcpflags
vpn wg+ nosmurfs,tcpflags
vpncl client-wg+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags vpn gre-user+ nosmurfs,tcpflags
vpn omr-bonding nosmurfs,tcpflags vpn omr-bonding nosmurfs,tcpflags

View file

@ -1,3 +1,3 @@
VPS_ADDR=10.255.255.1 VPS_ADDR=10.255.252.1
OMR_ADDR=10.255.255.2 OMR_ADDR=10.255.252.2
VPS_IFACE=gt-tun0 VPS_IFACE=tun0

View file

@ -17,8 +17,10 @@ vpn net ACCEPT
vpn fw ACCEPT vpn fw ACCEPT
fw vpn ACCEPT fw vpn ACCEPT
fw net ACCEPT fw net ACCEPT
net all DROP info net all DROP
vpn vpn DROP vpn vpn DROP
vpncl vpn ACCEPT
vpn vpncl ACCEPT
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT info all all REJECT

View file

@ -149,13 +149,13 @@ BLACKLIST="NEW,INVALID,UNTRACKED"
CLAMPMSS=No CLAMPMSS=No
CLEAR_TC=Yes CLEAR_TC=No
COMPLETE=No COMPLETE=No
DEFER_DNS_RESOLUTION=Yes DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes DELETE_THEN_ADD=No
DETECT_DNAT_IPADDRS=No DETECT_DNAT_IPADDRS=No
@ -233,7 +233,7 @@ SAVE_ARPTABLES=No
SAVE_IPSETS=No SAVE_IPSETS=No
TC_ENABLED=Simple TC_ENABLED=No
TC_EXPERT=No TC_EXPERT=No

View file

@ -15,7 +15,14 @@
########################################################################################################################################### ###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY #ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
# #
MASQUERADE 10.255.0.0/16,\ MASQUERADE 10.255.247.0/24,\
10.255.248.0/24,\
10.255.250.0/24,\
10.255.251.0/24,\
10.255.252.0/24,\
10.255.253.0/24,\
10.255.254.0/24,\
10.255.255.0/24,\
169.254.0.0/16,\ 169.254.0.0/16,\
172.16.0.0/12,\ 172.16.0.0/12,\
192.168.0.0/16 $NET_IFACE 192.168.0.0/16 $NET_IFACE

View file

@ -23,4 +23,8 @@ ACCEPT dsvpn+ -
ACCEPT - dsvpn+ ACCEPT - dsvpn+
ACCEPT tun+ - ACCEPT tun+ -
ACCEPT - tun+ ACCEPT - tun+
ACCEPT wg+ -
ACCEPT - wg+
ACCEPT client-wg+ -
ACCEPT - client-wg+

View file

@ -1,3 +1,3 @@
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
$NET_IFACE External $NET_IFACE External
$VPS_IFACE Internal #$VPS_IFACE Internal

View file

@ -16,4 +16,5 @@
fw firewall fw firewall
net ipv4 net ipv4
vpn ipv4 vpn ipv4
vpncl ipv4

View file

@ -0,0 +1 @@
OMR_ADDR=fe80::a00:2

View file

@ -15,7 +15,7 @@
vpn all ACCEPT vpn all ACCEPT
fw all ACCEPT fw all ACCEPT
net all DROP info net all DROP
# THE FOLLOWING POLICY MUST BE LAST # THE FOLLOWING POLICY MUST BE LAST
all all REJECT info all all REJECT

View file

@ -138,7 +138,7 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED" BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes #CHAIN_SCRIPTS=Yes
CLAMPMSS=No CLAMPMSS=No
@ -168,7 +168,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No IMPLICIT_CONTINUE=No
INLINE_MATCHES=No #INLINE_MATCHES=No
IPSET_WARNINGS=Yes IPSET_WARNINGS=Yes
@ -176,7 +176,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=Yes KEEP_RT_TABLES=Yes
LOAD_HELPERS_ONLY=Yes #LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter MACLIST_TABLE=filter

View file

@ -1,6 +1,7 @@
PORT=65001 PORT=65001
HOST=0.0.0.0
DEV=tun0 DEV=tun0
SERVER=true SERVER=true
MPTCP=true MPTCP=true
IPV6=true IPV6=true
OPTIONS="chacha20 retry count -1 const 500000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 32768 multiqueue" OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue"

View file

@ -1,4 +1,6 @@
BIND=0.0.0.0 BIND=0.0.0.0
BIND_PORT=65001 BIND_PORT=65001
HOST=0.0.0.0
PORT=5000
DEV=tun0 DEV=tun0
OPTIONS="chacha persist" OPTIONS="chacha persist"

17
ubond.network Normal file
View file

@ -0,0 +1,17 @@
[Match]
Name=ubond*
[Network]
Description=UBOND tunnel
Address=10.255.248.1/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h

42
ubond0.conf Normal file
View file

@ -0,0 +1,42 @@
[general]
tuntap = "tun"
mode = "server"
interface_name = "ubond0"
timeout = 30
password = "UBOND_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
loss_tolerence = 50
[wan1]
bindport = 65251
bindhost = "0.0.0.0"
[wan2]
bindport = 65252
bindhost = "0.0.0.0"
[wan3]
bindport = 65253
bindhost = "0.0.0.0"
[wan4]
bindport = 65254
bindhost = "0.0.0.0"
[wan5]
bindport = 65255
bindhost = "0.0.0.0"
[wan6]
bindport = 65256
bindhost = "0.0.0.0"
[wan7]
bindport = 65257
bindhost = "0.0.0.0"
[wan8]
bindport = 65258
bindhost = "0.0.0.0"

16
ubond@.service.in Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=UBOND connection to %i
PartOf=ubond.service
ReloadPropagatedFrom=ubond.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/ubond
Restart=always
[Install]
WantedBy=multi-user.target

1
ubuntu19.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
ubuntu20.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

View file

@ -1,6 +1,6 @@
{ {
"log": { "log": {
"loglevel": "debug", "loglevel": "error",
"error": "/tmp/v2rayError.log" "error": "/tmp/v2rayError.log"
}, },
"transport": { "transport": {
@ -34,6 +34,7 @@
}, },
"streamSettings": { "streamSettings": {
"sockopt": { "sockopt": {
"mptcp": true,
"mark": 0 "mark": 0
}, },
"network": "tcp", "network": "tcp",
@ -48,6 +49,98 @@
} }
} }
}, },
{
"tag": "omrin-vmess-tunnel",
"port": 65230,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65231,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65229,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{ {
"listen": "127.0.0.1", "listen": "127.0.0.1",
"port": 10085, "port": 10085,
@ -72,7 +165,10 @@
{ {
"type": "field", "type": "field",
"inboundTag": [ "inboundTag": [
"omrin-tunnel" "omrin-tunnel",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
], ],
"outboundTag": "OMRLan", "outboundTag": "OMRLan",
"domain": [ "domain": [

18
v2ray.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=V2Ray Service
Documentation=https://www.v2fly.org/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/v2ray run -config /etc/v2ray/v2ray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target

232
xray-server.json Normal file
View file

@ -0,0 +1,232 @@
{
"log": {
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"inbounds": [
{
"tag": "omrin-tunnel",
"port": 65248,
"protocol": "vless",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65250,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65251,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65249,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-shadowsocks-tunnel",
"port": 65252,
"protocol": "shadowsocks",
"settings": {
"password": "XRAY_PSK",
"method": "2022-blake3-aes-256-gcm",
"network": "tcp,udp",
"clients": [
{
"password": "XRAY_UPSK",
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"tcpMptcp": true,
"mark": 0
},
"network": "tcp"
}
},
{
"listen": "127.0.0.1",
"port": 10086,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-tunnel",
"omrin-vless-reality",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [
"full:omr.lan"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
"stats": {},
"api": {
"tag": "api",
"listen": "127.0.0.1:65080",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}

47
xray-vless-reality.json Normal file
View file

@ -0,0 +1,47 @@
{
"inbounds": [
{
"port": 443,
"tag": "omrin-vless-reality",
"protocol": "vless",
"settings": {
"clients": [
{
"id": "XRAY_UUID",
"flow": "xtls-rprx-vision"
}
],
"decryption": "none"
},
"streamSettings": {
"network": "tcp",
"security": "reality",
"realitySettings": {
"dest": "1.1.1.1:443",
"serverNames": [
""
],
"privateKey": "XRAY_X25519_PRIVATE_KEY",
"publicKey": "XRAY_X25519_PUBLIC_KEY",
"shortIds": [
""
]
},
"sockopt": {
"tcpMptcp": true,
"mark": 0
}
}
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-vless-reality"
]
}
]
}
}

18
xray.service Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=XRay Service
Documentation=https://xtls.github.io/
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
User=root
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=true
ExecStart=/usr/bin/xray run -config /etc/xray/xray-server.json
Restart=always
RestartPreventExitStatus=23
StartLimitInterval=0
[Install]
WantedBy=multi-user.target