1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps.git synced 2025-03-09 15:50:00 +00:00

Compare commits

...

371 commits

Author SHA1 Message Date
Ycarus (Yannick Chabanois)
fd55a16550 Update Shadowsocks to 1.13.0 2025-03-07 08:05:23 +00:00
Ycarus (Yannick Chabanois)
7aac683f4f Update omr-admin with XRay fixes, update kernel 6.12, various fix 2025-02-26 09:27:33 +00:00
Ycarus (Yannick Chabanois)
f8484dc742 Fix gre tunnel configuration 2025-02-26 09:26:38 +00:00
Ycarus (Yannick Chabanois)
efd7ffd1db Add tcp-nodelay option for OpenVPN TCP 2025-02-26 09:26:03 +00:00
Ycarus (Yannick Chabanois)
0091388ff2 Fix XRay API listening 2025-02-26 09:25:39 +00:00
Ycarus (Yannick Chabanois)
56a2c5f7ff Update iperf3 to 3.18 using source and update kernel to 6.12.12 2025-02-04 13:56:39 +00:00
Ycarus (Yannick Chabanois)
c942c30384 Update omr-admin API, disable fastOpen, add vpn1 management in omr-service,.. 2025-01-29 13:51:48 +00:00
Ycarus (Yannick Chabanois)
be6a17dcdd Fix omr-service OpenVPN route setting 2024-11-29 14:53:26 +00:00
Ycarus (Yannick Chabanois)
4b590a13eb Update omr-admin, add kernel 6.12 support 2024-11-29 14:52:55 +00:00
Ycarus (Yannick Chabanois)
2a0501172f Update XRay 2024-11-18 10:24:10 +00:00
Ycarus (Yannick Chabanois)
458b472a78 Update OMR-Admin, for update to Debian 12 and fix when IPv6 is disabled 2024-10-30 14:58:01 +00:00
Ycarus (Yannick Chabanois)
3b4f875051 Update OMR admin, omr-service and shadowsocks-go 2024-10-23 06:11:05 +00:00
Ycarus (Yannick Chabanois)
455f3c86d8 Enable FastOpen on Shadowsocks-go 2024-10-16 13:43:00 +00:00
Ycarus (Yannick Chabanois)
3ac858c56b Less output logs 2024-10-16 13:42:39 +00:00
Ycarus (Yannick Chabanois)
c635b0a1b6 Sync with server 2024-10-07 09:29:20 +00:00
Ycarus (Yannick Chabanois)
c0e0e19b6c No need for client-config-dir on OpenVPN UDP 2024-08-28 09:37:58 +00:00
Ycarus (Yannick Chabanois)
c06b6ac75f Better check if VPN are installed or not for OMR-Service 2024-08-28 09:37:31 +00:00
Ycarus (Yannick Chabanois)
93f9244e83 Update OMR-Admin API 2024-08-28 09:36:57 +00:00
Ycarus (Yannick Chabanois)
b76adb8a24 Update omr-admin API, add gre-tunnel and lan-routes as options, add OpenVPN to fail2ban 2024-08-09 15:35:17 +00:00
Ycarus (Yannick Chabanois)
5abd262382 Add missing files 2024-08-01 07:55:38 +00:00
Ycarus (Yannick Chabanois)
654e1a1335 Change in kernel settings 2024-07-31 11:02:21 +00:00
Ycarus (Yannick Chabanois)
6aa0d03888 Update URL for default update script 2024-07-31 11:01:55 +00:00
Ycarus (Yannick Chabanois)
4e16d813bf Add kernel 6.10 support and fail2ban 2024-07-31 11:00:49 +00:00
Ycarus (Yannick Chabanois)
70a240a396 Update to latest changes 2024-07-04 09:45:34 +00:00
Ycarus (Yannick Chabanois)
f713ebcc67 Merge branch 'master' into develop 2024-04-15 15:04:13 +00:00
Ycarus (Yannick Chabanois)
49390c7277 Fix buster backports for existing install 2024-04-15 15:03:24 +00:00
Ycarus (Yannick Chabanois)
1cc3bda158 Add support for a specific interface for IPv6 2024-04-15 15:02:32 +00:00
Ycarus (Yannick Chabanois)
172c0461be Add changes from master branch and create a new test script 2024-04-15 07:39:29 +00:00
Ycarus (Yannick Chabanois)
efdb9e3ef7 Fixes on script 2024-04-14 17:01:13 +00:00
Ycarus (Yannick Chabanois)
c13a84dc6b Update changelog 2024-04-10 17:35:43 +00:00
Ycarus (Yannick Chabanois)
fd2a3f1a27 Merge develop to master branch 2024-04-10 17:32:48 +00:00
Ycarus (Yannick Chabanois)
103e508dd7 Change in master branch 2024-04-10 17:28:22 +00:00
Ycarus (Yannick Chabanois)
90d327abbe Test for Debian 6.6 official kernel when not on x86_64 2024-04-09 12:58:45 +00:00
Ycarus (Yannick Chabanois)
1ab5d977de Fix route in openvpn MPTCP over VPN 2024-04-09 12:57:02 +00:00
Ycarus (Yannick Chabanois)
96775408d7 Update omr-admin script and fix on openvpn 2024-03-28 08:16:15 +00:00
Ycarus (Yannick Chabanois)
2b99a77d1a Update omr-admin 2024-03-01 19:03:24 +00:00
Ycarus (Yannick Chabanois)
b4d8f5551c Add some allow-downgrades to fix error in some install with kernel 6.1 2024-02-26 14:28:12 +00:00
Ycarus (Yannick Chabanois)
001aa3be4d Add kernel 6.6 support, allow to disable all proxy and VPNs, change IPv6 address in omr-pihole 2024-02-22 17:31:57 +00:00
Ycarus (Yannick Chabanois)
0bd93fb5c8 Update omr-admin API script 2024-02-13 14:08:52 +00:00
Ycarus (Yannick Chabanois)
a5fc57038b Update omr-admin API and fix omr-bypass rights 2024-02-09 10:52:04 +00:00
Ycarus (Yannick Chabanois)
a9e217fb7c Add omr-bypass service 2024-02-09 10:42:55 +00:00
Ycarus (Yannick Chabanois)
c0c9627007 Update script to latest version on server with vless-reality, iperf from distribution, updated API,... 2024-02-01 19:48:09 +00:00
Ycarus (Yannick Chabanois)
6e64c06325 Add management port on openvpn 2023-12-08 19:15:02 +00:00
Ycarus (Yannick Chabanois)
c708189fb9 Update omr-admin, fix Pi-Hole install, optimize OpenVPN 2023-12-08 07:59:01 +00:00
Ycarus (Yannick Chabanois)
c0af37c0c2 Fix dsvpn restart in omr-service, add VLESS-REALITY support 2023-10-26 14:29:51 +00:00
Ycarus (Yannick Chabanois)
0d9a766d28 Add shadowsocks-go and XRay 2023-10-10 14:38:56 +00:00
Ycarus (Yannick Chabanois)
0743e7c75a Fix omr-service 2023-09-23 06:46:50 +00:00
Ycarus (Yannick Chabanois)
8ac6293b58 Update API, add check for omr-service, fix v2ray service file 2023-09-14 09:31:45 +00:00
Ycarus (Yannick Chabanois)
8cef34ed5b Fix https://github.com/Ysurac/openmptcprouter/issues/2949 2023-09-07 12:25:38 +00:00
Ycarus (Yannick Chabanois)
afa31c4f03 Custom 6.1 sysctl kernel configuration 2023-09-07 07:56:25 +00:00
Ycarus (Yannick Chabanois)
a029915e39 Decrease timeout before restarting not working Glorytun TCP 2023-09-07 07:55:39 +00:00
Ycarus (Yannick Chabanois)
e9fd4192dc Update omr-admin, don't add TCP congestion control on kernel 6.1, remove 9000 MTU 2023-09-01 07:19:07 +00:00
Ycarus (Yannick Chabanois)
0ad22072a7 Increase nf_contrack_max and nf_conntrack_buckets values 2023-08-31 07:21:36 +00:00
Ycarus (Yannick Chabanois)
73cecfb6f9 Fix V2Ray update 2023-08-31 07:21:07 +00:00
Ycarus (Yannick Chabanois)
dfba574f7e Fix Ubuntu support 2023-08-30 09:28:03 +00:00
Ycarus (Yannick Chabanois)
450da26917 Fixes and add trojan, socks and vmess protocol support for V2Ray 2023-08-28 19:16:45 +00:00
Ycarus (Yannick Chabanois)
2204e080d3 Update omr admin 2023-08-23 18:01:37 +00:00
Ycarus (Yannick Chabanois)
4b349539f7 Set v2ray loglevel to error 2023-08-23 14:55:07 +00:00
Ycarus (Yannick Chabanois)
19bc566da6 Fix glorytun-udp repo to use fork 2023-08-23 14:54:48 +00:00
Ycarus (Yannick Chabanois)
178186002c Fixes on ARM64 support and some VPN changes 2023-08-22 12:56:05 +00:00
Ycarus (Yannick Chabanois)
cb5f138c4e Fix fastapi install on Debian 10 2023-07-11 19:11:16 +00:00
Ycarus (Yannick Chabanois)
c91411a621 Fix fastapi install on Debian 10 2023-07-11 19:10:46 +00:00
Ycarus (Yannick Chabanois)
039218a015 Set a better log message on omr-service 2023-07-11 17:07:47 +00:00
Ycarus (Yannick Chabanois)
2806a8078a Update omr-admin and use latest shadowsocks changes in fork 2023-07-11 17:07:18 +00:00
Ycarus (Yannick Chabanois)
8af0bed8c3 Update omr_admin 2023-07-11 17:05:46 +00:00
Ycarus (Yannick Chabanois)
3de88a211f Add Debian 12 support 2023-06-13 11:26:17 +00:00
Ycarus (Yannick Chabanois)
fdcd1c59f9 Use systemtap to force MPTCP on all applications 2023-06-13 11:24:22 +00:00
Ycarus (Yannick Chabanois)
56d3c8ae08 Fix fw patch 2023-04-23 05:40:20 +00:00
Ycarus (Yannick Chabanois)
8d1055668f Fix missing patch, update v2ray and update glorytun config 2023-04-23 05:37:23 +00:00
Ycarus (Yannick Chabanois)
dfdfaa2487 Optimize glorytun TCP 2023-03-10 18:59:45 +00:00
Ycarus (Yannick Chabanois)
cc756de52d Prepare for 0.1029 test 2023-03-01 19:26:13 +00:00
Ycarus (Yannick Chabanois)
9c3f955a61 Add 6.1.0 support 2023-02-19 17:53:04 +00:00
Ycarus (Yannick Chabanois)
838d1b69e5 Fix multipath 2023-02-19 17:52:37 +00:00
Ycarus (Yannick Chabanois)
4e09734f41 Set syn retries to 4 2023-02-19 17:52:12 +00:00
Ycarus (Yannick Chabanois)
44467085a7 Update changelog 2022-10-14 07:02:36 +00:00
Ycarus (Yannick Chabanois)
7a7a4a2778 Add current 0.1028 release 2022-10-14 07:01:41 +00:00
Ycarus (Yannick Chabanois)
cf8aa1dc03 Merge develop in master 2022-08-22 06:34:31 +00:00
Ycarus (Yannick Chabanois)
b3ef329cd0 Littles fixes on VPS script 2022-08-21 18:25:29 +00:00
Ycarus (Yannick Chabanois)
3dc18b63b8 Add Debian 11 symbolic link 2022-08-16 19:48:58 +00:00
Ycarus (Yannick Chabanois)
657c2b386c Add Ubuntu 22.04 support 2022-08-16 19:47:12 +00:00
Ycarus (Yannick Chabanois)
c232d34169 Fix WG client port 2022-08-14 04:45:44 +00:00
Ycarus (Yannick Chabanois)
ade517b142 Fix shorewall configuration on update 2022-08-12 05:56:12 +00:00
Ycarus (Yannick Chabanois)
4fbb8d08f3 Push latest scripts changes 2022-08-09 18:36:09 +00:00
Ycarus (Yannick Chabanois)
a8553ba64f Add missing package 2022-02-11 15:56:10 +00:00
Ycarus (Yannick Chabanois)
2b5afea3a1 Fix 2022-02-11 15:54:58 +00:00
Ycarus (Yannick Chabanois)
16e01d1120 Various fixes 2021-11-19 21:03:15 +00:00
Ycarus (Yannick Chabanois)
0fcb2c22f4 Merge branch 'master' into develop 2021-08-23 13:52:44 +00:00
Ycarus (Yannick Chabanois)
d7dacc3e72 Update ubond 2021-08-23 13:51:22 +00:00
Ycarus (Yannick Chabanois)
ce4516fac2 Commit latest small changes in script 2021-08-23 13:50:00 +00:00
Ycarus (Yannick Chabanois)
e063e29ff9 Fix vpspath for release 2021-06-15 05:04:25 +00:00
Ycarus (Yannick Chabanois)
bfe7d972b9 Update omr-service to 0.1026 2021-06-14 05:52:59 +00:00
Ycarus (Yannick Chabanois)
a5cf11a449 Update server script 2021-06-14 05:47:42 +00:00
Ycarus (Yannick Chabanois)
33cf1b4718 Update to 0.1026 2021-06-14 05:46:38 +00:00
Ycarus (Yannick Chabanois)
c19bade451 Add latest omr vps script changes 2021-06-08 17:42:39 +00:00
Ycarus (Yannick Chabanois)
a02b306243 Check wireguard ip 2021-05-09 08:35:55 +00:00
Ycarus (Yannick Chabanois)
4b8a9432cd Replace gitee by gitlab 2021-05-09 08:35:34 +00:00
Ycarus (Yannick Chabanois)
df637bb0c4 Fix VPS update via web and update omr-test-speed 2021-05-08 06:46:40 +00:00
Ycarus (Yannick Chabanois)
c39b07eaa5 Doesn't download each firewall file for update 2021-04-27 08:24:10 +00:00
Ycarus (Yannick Chabanois)
180a3fc0ac Remove bad dsvpn ipv6 route 2021-04-19 19:15:43 +00:00
Ycarus (Yannick Chabanois)
950b704495 Update server API 2021-04-14 19:16:45 +00:00
Ycarus (Yannick Chabanois)
db95630ef9 Disable TLS from let's encrypt in China 2021-03-29 14:32:39 +00:00
Ycarus (Yannick Chabanois)
fd915dfbb9 Update API version 2021-03-25 09:19:08 +00:00
Ycarus (Yannick Chabanois)
5023d5cf33 Fix 2021-03-24 14:02:18 +00:00
Ycarus (Yannick Chabanois)
1d2887c747 Add omr-test-speed 2021-03-23 19:58:37 +00:00
Ycarus (Yannick Chabanois)
07e23b7851 fix 2021-03-23 19:57:16 +00:00
Ycarus (Yannick Chabanois)
cedb65670e Add missing files and use localfiles for china 2021-03-23 19:53:25 +00:00
Ycarus (Yannick Chabanois)
31d4712c83 Fix 2021-03-23 19:49:12 +00:00
Ycarus (Yannick Chabanois)
dae3133a1d Fix 2021-03-23 19:44:43 +00:00
Ycarus (Yannick Chabanois)
98ee07f6a6 Add a test for a China compatible script 2021-03-23 19:41:26 +00:00
Ycarus (Yannick Chabanois)
9a764d0eaf Fix LAN default route, fix https://github.com/Ysurac/openmptcprouter-vps/pull/47 in an other way 2021-03-23 12:36:53 +00:00
Ycarus (Yannick Chabanois)
454046f830 Update API 2021-03-15 19:40:17 +00:00
Ycarus (Yannick Chabanois)
507f49413c Update API 2021-03-15 19:12:01 +00:00
Ycarus (Yannick Chabanois)
69df502cb9 Keep old config 2021-03-12 17:13:56 +00:00
Ycarus (Yannick Chabanois)
5291876fe6 Fix mlvpn source install and use binary by default 2021-03-12 16:57:04 +00:00
Ycarus (Yannick Chabanois)
fd10d9ac20 Force update repo key 2021-03-12 13:21:25 +00:00
Ycarus (Yannick Chabanois)
8e738a8f19 Fix https://github.com/Ysurac/openmptcprouter-vps/issues/46 2021-03-12 06:46:05 +00:00
Ycarus (Yannick Chabanois)
83e81cfd9f Go to openmptcprouter-vps-admin dir before creating key 2021-03-11 14:48:12 +00:00
Ycarus (Yannick Chabanois)
47df28fdc6 Fix symbolic link for v2ray config 2021-03-11 08:07:55 +00:00
Ycarus (Yannick Chabanois)
8856fece58 Use v2ray_plugin debian package 2021-03-10 14:38:35 +00:00
Ycarus (Yannick Chabanois)
e70303ba3f Change version 2021-03-10 14:11:54 +00:00
Ycarus (Yannick Chabanois)
a713d44645 No error if omr-server not installed 2021-03-10 13:46:55 +00:00
Ycarus (Yannick Chabanois)
7ce28a9481 Fix script for kernel binary install 2021-03-10 13:43:18 +00:00
Ycarus (Yannick Chabanois)
269b986cbe Install omr-server debian package at end of install script 2021-03-10 13:04:17 +00:00
Ycarus (Yannick Chabanois)
5bfd42770d Fix get previous pass for omr-admin 2021-03-10 13:00:54 +00:00
Ycarus (Yannick Chabanois)
8e795b035b Reboot not needed after install 2021-03-10 13:00:31 +00:00
Ycarus (Yannick Chabanois)
2dbc4e4f0f Fix output of omr-update 2021-03-10 10:31:20 +00:00
Ycarus (Yannick Chabanois)
f573c43ce0 Fix omr-update service script install 2021-03-10 10:30:32 +00:00
Ycarus (Yannick Chabanois)
382fc59a4f Fix v2ray 2021-03-10 10:30:05 +00:00
Ycarus (Yannick Chabanois)
95453a8013 Fix sed in debian package 2021-03-10 09:51:50 +00:00
Ycarus (Yannick Chabanois)
605acd1ffd Fix kernel package version in install script 2021-03-10 09:35:54 +00:00
Ycarus (Yannick Chabanois)
cf1eca052a Fix kernel package version 2021-03-10 09:33:15 +00:00
Ycarus (Yannick Chabanois)
bf160e67a6 Merge branch 'develop' of github.com:Ysurac/openmptcprouter-vps into develop 2021-03-10 09:30:38 +00:00
Ycarus (Yannick Chabanois)
96eb181b40 Use Debian package for kernel 2021-03-10 09:30:19 +00:00
Ycarus (Yannick Chabanois)
0ddc538c87 Add dependencie in debian package 2021-03-10 09:29:59 +00:00
Ycarus (Yannick Chabanois)
3c6e85e07f Add a service to do update after reboot 2021-03-10 10:23:46 +01:00
Ycarus (Yannick Chabanois)
c64bed8db5 Fix script name 2021-03-08 15:50:32 +00:00
Ycarus (Yannick Chabanois)
aacad49aa4 Update API and fix debian mlvpn depend 2021-03-08 14:53:06 +00:00
Ycarus (Yannick Chabanois)
ea0993c781 Add version and depends in Debian package 2021-03-08 14:02:06 +00:00
Ycarus (Yannick Chabanois)
8319728f56 Fix script 2021-03-08 08:12:51 +00:00
Ycarus (Yannick Chabanois)
2ae5602bca Merge branch 'develop' of github.com:Ysurac/openmptcprouter-vps into develop 2021-03-05 09:11:04 +00:00
Ycarus (Yannick Chabanois)
3cd9952c69 Force use of version for binaries, enable wireguard by default 2021-03-05 09:10:30 +00:00
Ycarus (Yannick Chabanois)
795c693d13 Add wireguard interface in firewall 2021-03-05 09:09:48 +00:00
Ycarus (Yannick Chabanois)
377ad59134 Fix debian package 2021-03-04 16:38:04 +00:00
Ycarus (Yannick Chabanois)
91116306a1 Add initial Debian packages files 2021-03-04 16:41:52 +01:00
Ycarus (Yannick Chabanois)
637e2ee08a Add symbolic link for ubuntu 2021-03-04 14:18:14 +00:00
Ycarus (Yannick Chabanois)
379b30a65e Add omr-admin-ipv6 2021-03-04 14:16:24 +00:00
Ycarus (Yannick Chabanois)
5cf11f2650 Server scripts update 2021-03-02 08:52:33 +00:00
Ycarus (Yannick Chabanois)
e87ff9af8e Update kernel, API and latest glorytun udp fix 2021-01-06 07:53:55 +00:00
Ycarus (Yannick Chabanois)
68ef21c679 Merge branch 'master' into develop 2021-01-05 14:12:17 +00:00
Ycarus (Yannick Chabanois)
e6d3bb7279 Update kernel 2021-01-05 14:11:09 +00:00
Ycarus (Yannick Chabanois)
6a0c3d3247 Fix glorytun UDP timeout 2020-12-30 11:44:54 +00:00
Ycarus (Yannick Chabanois)
960cf901fe Fix script and update API 2020-12-30 11:44:39 +00:00
Ycarus (Yannick Chabanois)
6e53e22761 Force fix previous error 2020-12-22 12:16:02 +00:00
Ycarus (Yannick Chabanois)
c0a99de20c Add openvpn-bonding 2020-12-22 11:32:08 +00:00
Ycarus (Yannick Chabanois)
19166a0c58 Fix v2ray update 2020-12-22 10:59:19 +00:00
Ycarus (Yannick Chabanois)
9af99ff2f5 Update 2020-12-22 09:34:13 +00:00
Ycarus (Yannick Chabanois)
deb52dba7f Fix for v2ray, for openvpn bonding and on some vps 2020-12-22 09:10:45 +00:00
Ycarus (Yannick Chabanois)
f5fc2cbc31 Update API and load BBRv2 module 2020-12-21 14:19:12 +00:00
Ycarus (Yannick Chabanois)
9c66b1ba5f Fix OpenVPN Bonding 2020-12-17 15:48:26 +00:00
Ycarus (Yannick Chabanois)
e0fbb8faa9 Update API, kernel and add OpenVPN Bonding support 2020-12-16 15:44:13 +00:00
Ycarus (Yannick Chabanois)
3a0fde41b4 Add a check to not restart glorytun tcp too often 2020-11-23 15:42:35 +00:00
Ycarus (Yannick Chabanois)
f89e40f9d9 Update glorytun UDP 2020-11-23 15:42:15 +00:00
Ycarus (Yannick Chabanois)
c1e2859ff3 Increase version number 2020-11-10 07:53:59 +00:00
Ycarus (Yannick Chabanois)
aed3ebe618 Merge branch 'develop' 2020-11-10 07:53:27 +00:00
Ycarus (Yannick Chabanois)
11eb98aa91 Changes needed to work on AWS EC2 with Ubuntu 2020-11-10 07:53:07 +00:00
Ycarus (Yannick Chabanois)
ae0e271b90 Merge branch 'master' of https://github.com/Ysurac/openmptcprouter-vps 2020-11-06 16:35:01 +00:00
Ycarus (Yannick Chabanois)
521a620e99 Update version 2020-11-06 16:34:22 +00:00
Ycarus (Yannick Chabanois)
2bc21c8828 Merge branch 'develop' 2020-11-06 16:30:14 +00:00
Ycarus (Yannick Chabanois)
ec22ebbf04 Update server kernel 2020-11-06 16:29:47 +00:00
Ycarus (Yannick Chabanois)
5cb79c7f77 Use latest API 2020-11-03 17:09:08 +00:00
Ycarus (Yannick Chabanois)
d068d14751 Fix on current-vpn file doesn't exist 2020-11-03 16:47:41 +00:00
Ycarus (Yannick Chabanois)
9b47f9b25b Fix IPv6 ULA problem 2020-11-03 16:47:24 +00:00
Ycarus (Yannick Chabanois)
68211f2033 Fix on current-vpn file doesn't exist 2020-11-03 16:45:29 +00:00
Ycarus (Yannick Chabanois)
f4beb2f5a5 Increase version 2020-10-31 11:53:25 +00:00
Ycarus (Yannick Chabanois)
633bb76902 Merge branch 'develop' 2020-10-31 11:52:49 +00:00
Ycarus (Yannick Chabanois)
ef69f2bfec Increase MLVPN reorder buffer size 2020-10-31 11:52:02 +00:00
Ycarus (Yannick Chabanois)
3ba380d2fe Check if Glorytun TCP client side answer, else restart it 2020-10-30 14:21:28 +00:00
Ycarus (Yannick Chabanois)
9e09d25e95 Update version 2020-10-29 07:48:48 +00:00
Ycarus (Yannick Chabanois)
e70500a91c Merge branch 'develop' 2020-10-29 07:48:03 +00:00
Ycarus (Yannick Chabanois)
956245a523 Update API 2020-10-29 07:47:31 +00:00
Ycarus (Yannick Chabanois)
b792232e72 Update API 2020-10-28 14:56:25 +00:00
Ycarus (Yannick Chabanois)
0b650ad217 Use cake for glorytun udp 2020-10-28 14:56:11 +00:00
Ycarus (Yannick Chabanois)
ad5bf18f71 Use cubic and bbr by default 2020-10-28 14:55:54 +00:00
Ycarus (Yannick Chabanois)
cba153e2d7 Use cubic and bbr by default 2020-10-28 14:55:21 +00:00
Ycarus (Yannick Chabanois)
3882b8f1c9 Merge branch 'master' of https://github.com/Ysurac/openmptcprouter-vps 2020-10-27 08:30:52 +00:00
Ycarus (Yannick Chabanois)
a218449b4a Set to 0.1018 2020-10-27 08:30:12 +00:00
Ycarus (Yannick Chabanois)
deb6350860 Update OMR API 2020-10-27 08:27:45 +00:00
Ycarus (Yannick Chabanois)
09792055fc Update v2ray config 2020-10-27 08:27:30 +00:00
Ycarus (Yannick Chabanois)
25b68f6228 Increase OMR API check 2020-10-27 08:26:54 +00:00
Ycarus (Yannick Chabanois)
52a1b8a8f0 Disable log martians in shorewall 2020-10-20 08:31:36 +00:00
Ycarus (Yannick Chabanois)
e527e52c70 Less errors in logs 2020-10-20 08:31:12 +00:00
Ycarus (Yannick Chabanois)
192ff0620b Update to latest API and add ubond as test 2020-10-20 08:30:17 +00:00
Ycarus (Yannick Chabanois)
d6bb43aceb Update API 2020-09-29 13:43:48 +00:00
Ycarus (Yannick Chabanois)
d87b58da11 Fix gre-tunnels creation when multiple users 2020-09-29 13:43:24 +00:00
Ycarus (Yannick Chabanois)
8fb17cef85 Fix v2ray config 2020-09-29 13:42:58 +00:00
Ycarus (Yannick Chabanois)
f957fafef1 Update v2ray plugin, kernel and omr API 2020-09-25 14:49:52 +00:00
Ycarus (Yannick Chabanois)
d6b3042be4 Fix typo in v2ray config 2020-09-15 12:27:28 +00:00
Ycarus (Yannick Chabanois)
d5a9321d65 Increase VPS API check timeout 2020-09-15 12:27:08 +00:00
Ycarus (Yannick Chabanois)
a3aaeac2d3 Increase shadowsocks timeout 2020-09-15 12:26:51 +00:00
Ycarus (Yannick Chabanois)
30d5d85184 Set txqlen to 100 for glorytun udp 2020-09-15 12:26:38 +00:00
Ycarus (Yannick Chabanois)
8267f6b2ff Update kernel, VPS API, and make VPS URL as setting 2020-09-15 12:25:59 +00:00
Ycarus (Yannick Chabanois)
df3f4ccaff Add v2ray support 2020-08-20 13:42:40 +00:00
Ycarus (Yannick Chabanois)
da1a6c3560 Run dsvpn and mlvpn after network online 2020-08-20 13:35:49 +00:00
Ycarus (Yannick Chabanois)
fd11069012 Check if user is root, fix error in omr-service 2020-08-14 08:18:13 +00:00
Ycarus (Yannick Chabanois)
b2cddfca38 Fix path 2020-08-10 17:12:38 +00:00
Ycarus (Yannick Chabanois)
4c2e6cdf0d Add v2ray support and add some color in terminal 2020-08-10 14:41:23 +02:00
Ycarus
53a50e015f Allow to use file in same directory as script for installation 2020-07-28 15:52:18 +02:00
Ycarus (Yannick Chabanois)
c11d4737e5 Update API and fix omr-service script 2020-07-28 15:51:00 +02:00
Ycarus (Yannick Chabanois)
129e6a9ae4 Update Linux Kernel and add gre-tunnels creation 2020-07-23 17:01:34 +02:00
Ycarus (Yannick Chabanois)
ff74a1b298 Update to latest API and scripts 2020-07-20 16:01:51 +02:00
Ycarus (Yannick Chabanois)
5b8b41326e Latest VPS script updates 2020-04-21 19:27:56 +02:00
Ycarus (Yannick Chabanois)
9840ccd202 Update to 5.4 kernel 2020-04-07 16:07:08 +02:00
Ycarus (Yannick Chabanois)
42c7489c23 Set VPN IP only when possible 2020-04-07 16:06:54 +02:00
Ycarus (Yannick Chabanois)
adabff20cb Add arch)amd64 keyword 2020-03-20 18:19:27 +01:00
Ycarus (Yannick Chabanois)
31bbbfb343 Merge branch 'develop' 2020-03-17 21:11:05 +01:00
Ycarus (Yannick Chabanois)
33fa9f4f26 Update to latest glorytun-UDP release 2020-03-17 21:10:23 +01:00
Ycarus (Yannick Chabanois)
d44ece14eb Increase version number 2020-03-16 19:53:53 +01:00
Ycarus (Yannick Chabanois)
757426fd7c Merge branch 'develop' 2020-03-16 19:52:46 +01:00
Ycarus (Yannick Chabanois)
b8ad59a11d Revert to a previous Glorytun UDP release 2020-03-16 19:52:20 +01:00
Ycarus (Yannick Chabanois)
895182fdfe Little changes 2020-03-15 23:41:24 +01:00
Ycarus (Yannick Chabanois)
e75c5e92a7 Update version to 0.1014 2020-03-12 19:39:49 +01:00
Ycarus (Yannick Chabanois)
2df3477cbc Merge branch 'develop' 2020-03-12 19:39:06 +01:00
Ycarus (Yannick Chabanois)
eaf506836a Fix issue with Glorytun-UDP 2020-03-12 19:38:43 +01:00
Ycarus (Yannick Chabanois)
11414b9ac6 Merge branch 'develop' 2020-03-10 18:16:16 +01:00
Ycarus (Yannick Chabanois)
dc621e8272 Fix DSVPN 2020-03-10 18:15:54 +01:00
Ycarus (Yannick Chabanois)
9699bfb621 Update to v0.1013 2020-03-10 10:47:28 +01:00
Ycarus (Yannick Chabanois)
4285efb8c7 Fixes 2020-03-10 10:45:06 +01:00
Ycarus (Yannick Chabanois)
61b4452941 Disable log martians 2020-03-05 13:37:27 +01:00
Ycarus (Yannick Chabanois)
54e516399e Add NOFILE to ss 2020-03-04 17:52:33 +01:00
Ycarus (Yannick Chabanois)
5def13947b Increase openvpn keepalive 2020-03-04 17:52:11 +01:00
Ycarus (Yannick Chabanois)
3f4bffd1ef Update shorewall4 to remove warnings in log 2020-03-03 15:48:10 +01:00
Ycarus (Yannick Chabanois)
62e01c46a6 Update omr-admin API 2020-03-03 15:09:42 +01:00
Ycarus (Yannick Chabanois)
1ec824f55a Set to v0.1012 2020-02-29 22:08:04 +01:00
Ycarus (Yannick Chabanois)
166495cdaf Fix multipath over tunnels 2020-02-29 22:06:43 +01:00
Ycarus (Yannick Chabanois)
2aee1e583e Tag to 0.1011 2020-02-28 17:01:42 +01:00
Ycarus (Yannick Chabanois)
30d082e417 Merge branch 'develop' 2020-02-28 11:44:48 +01:00
Ycarus (Yannick Chabanois)
a65915c84a Revert to a previous glorytun UDP release again 2020-02-28 11:44:30 +01:00
Ycarus (Yannick Chabanois)
fdc953a808 Fix shorewall for 6in4 2020-02-28 09:24:54 +01:00
Ycarus (Yannick Chabanois)
f15f4b333e Merge branch 'develop' 2020-02-28 09:24:08 +01:00
Ycarus (Yannick Chabanois)
02a66bec9a Fix shorewall for 6in4 2020-02-28 09:23:44 +01:00
Ycarus (Yannick Chabanois)
8aca616bd1 Revert to a previous glorytun UDP release 2020-02-28 09:23:05 +01:00
Ycarus (Yannick Chabanois)
9661a32943 Fix shorewall for 6in4 2020-02-28 08:25:12 +01:00
Ycarus (Yannick Chabanois)
0d76a95de8 Merge branch 'develop' 2020-02-27 11:38:41 +01:00
Ycarus (Yannick Chabanois)
df71b8ce2f Fix 6in4 2020-02-27 11:38:21 +01:00
Ycarus (Yannick Chabanois)
868ea9de25 Fix DSVPN support 2020-02-26 10:38:43 +01:00
Ycarus (Yannick Chabanois)
9445e8e939 Merge branch 'develop' 2020-02-26 07:50:38 +01:00
Ycarus (Yannick Chabanois)
7baeacbc3b Fix 2020-02-26 07:50:21 +01:00
Ycarus (Yannick Chabanois)
d1cdfc29d9 Merge branch 'develop' 2020-02-25 21:22:59 +01:00
Ycarus (Yannick Chabanois)
fd7a7157e0 Fix typo 2020-02-25 21:22:46 +01:00
Ycarus (Yannick Chabanois)
c5564fca07 Merge branch 'develop' 2020-02-25 20:17:36 +01:00
Ycarus (Yannick Chabanois)
5684f0837c Remove again omr-service 2020-02-25 20:17:23 +01:00
Ycarus (Yannick Chabanois)
ce9d7369ab Merge branch 'develop' 2020-02-25 17:18:07 +01:00
Ycarus (Yannick Chabanois)
87d95f4299 Fix 2020-02-25 17:17:53 +01:00
Ycarus (Yannick Chabanois)
d50172140e Merge branch 'develop' 2020-02-25 15:31:41 +01:00
Ycarus (Yannick Chabanois)
7507484d7c Fix omr-service for latest release 2020-02-25 15:31:15 +01:00
Ycarus (Yannick Chabanois)
2554c6955d merge 2020-02-24 18:24:59 +01:00
Ycarus (Yannick Chabanois)
4e53facd7a Fix for ubuntu 2020-02-24 18:24:09 +01:00
Ycarus (Yannick Chabanois)
bdb785abea Merge branch 'develop' 2020-02-24 15:02:54 +01:00
Ycarus (Yannick Chabanois)
5ed1d71da5 Put back omr-service 2020-02-24 14:56:10 +01:00
Ycarus (Yannick Chabanois)
0d2e5cb9d9 Update 2020-02-24 12:21:17 +01:00
Ycarus (Yannick Chabanois)
366cb62a2a Merge branch 'develop' 2020-02-24 12:20:54 +01:00
Ycarus (Yannick Chabanois)
16b2df675f Update omr-admin 2020-02-24 12:20:38 +01:00
Ycarus (Yannick Chabanois)
f6e4b95f16 merge 2020-02-24 12:15:34 +01:00
Ycarus (Yannick Chabanois)
745205f7cc Update omr-admin 2020-02-24 12:14:32 +01:00
Ycarus (Yannick Chabanois)
7360af55c5 Merge branch 'develop' 2020-02-24 10:29:22 +01:00
Ycarus (Yannick Chabanois)
0ebc3a887f update omr-admin 2020-02-24 10:29:07 +01:00
Ycarus (Yannick Chabanois)
1cb16f2b18 Update glorytun UDP 2020-02-21 17:51:25 +01:00
Ycarus (Yannick Chabanois)
d9d6a88c77 Merge branch 'develop' 2020-02-21 17:48:42 +01:00
Ycarus (Yannick Chabanois)
e5976b3f61 Ajout de omr-6in4-run 2020-02-21 17:48:24 +01:00
Ycarus (Yannick Chabanois)
a6af7918e3 Merge branch 'develop' 2020-02-21 17:18:00 +01:00
Ycarus (Yannick Chabanois)
4b47717168 Add missing files 2020-02-21 17:17:51 +01:00
Ycarus (Yannick Chabanois)
0e9ccb525c Fix conflict 2020-02-21 17:13:54 +01:00
Ycarus (Yannick Chabanois)
ca9daabd14 Update omr-admin 2020-02-21 17:11:02 +01:00
Ycarus (Yannick Chabanois)
b403a27bd1 Update admin script and fix for Ubuntu 2020-02-14 21:48:06 +01:00
Ycarus (Yannick Chabanois)
526793f24e Disable lzo 2020-02-14 21:47:44 +01:00
Ycarus (Yannick Chabanois)
4c588eb74d Latest changes to VPS script 2020-02-08 19:46:57 +01:00
Ycarus (Yannick Chabanois)
33a9f4fd21 Update OMR server API 2020-01-09 22:21:27 +01:00
Ycarus (Yannick Chabanois)
11d8e11918 WIP: multi users VPN and FW 2020-01-09 22:00:50 +01:00
Ycarus (Yannick Chabanois)
3085b2e9a6 Check that update is not running 2020-01-07 08:01:34 +01:00
Ycarus (Yannick Chabanois)
d0b6fbb291 Merge branch 'develop' 2020-01-06 21:19:53 +01:00
Ycarus (Yannick Chabanois)
f46fd4d47a Update omr-admin 2020-01-06 21:19:46 +01:00
Ycarus (Yannick Chabanois)
a1166fc833 Set to release 0.1008 2020-01-06 12:46:20 +01:00
Ycarus (Yannick Chabanois)
67acbfb083 Merge branch 'develop' 2020-01-06 12:45:55 +01:00
Ycarus (Yannick Chabanois)
18f854de53 Update omr-admin script 2020-01-06 12:45:41 +01:00
Ycarus (Yannick Chabanois)
a9ccf1cbd7 Fix update key 2020-01-05 16:25:03 +01:00
Ycarus (Yannick Chabanois)
71dd094211 Merge branch 'develop' 2020-01-05 14:46:13 +01:00
Ycarus (Yannick Chabanois)
d8bdaf6608 Update admin API script 2020-01-05 14:45:50 +01:00
Ycarus (Yannick Chabanois)
dca76207a1 Merge branch 'develop' 2020-01-04 14:47:25 +01:00
Ycarus (Yannick Chabanois)
e55e23497d check if dh2048 exist else create it 2020-01-04 14:47:15 +01:00
Ycarus (Yannick Chabanois)
d6fa01fd86 Merge branch 'develop' 2020-01-03 13:37:29 +01:00
Ycarus (Yannick Chabanois)
2976a51dd8 fix dh2048 creation on ubuntu 2020-01-03 13:37:13 +01:00
Ycarus (Yannick Chabanois)
3b78f92411 Update release 2020-01-03 12:04:26 +01:00
Ycarus (Yannick Chabanois)
4e6e086497 Merge branch 'develop' 2020-01-03 12:03:51 +01:00
Ycarus (Yannick Chabanois)
5ba8f5acb3 Fix install script for openvpn and ubuntu 2020-01-03 12:03:29 +01:00
Ycarus (Yannick Chabanois)
6bec5f9239 Merge branch 'develop' 2020-01-01 17:00:48 +01:00
Ycarus (Yannick Chabanois)
5e9a5b1b81 Add server username 2020-01-01 17:00:41 +01:00
Ycarus (Yannick Chabanois)
fca5932708 Merge branch 'develop' 2020-01-01 11:32:25 +01:00
Ycarus (Yannick Chabanois)
8998e98279 Fix https://github.com/Ysurac/openmptcprouter/issues/774 2020-01-01 11:32:18 +01:00
Ycarus (Yannick Chabanois)
c0fa52505e Merge branch 'develop' 2019-12-31 18:41:19 +01:00
Ycarus (Yannick Chabanois)
ad982dc3c6 Really fix OpenVPN conf 2019-12-31 18:41:12 +01:00
Ycarus (Yannick Chabanois)
c790f85932 Merge branch 'develop' 2019-12-31 18:06:45 +01:00
Ycarus (Yannick Chabanois)
ae71ef4513 Fix script 2019-12-31 18:06:40 +01:00
Ycarus (Yannick Chabanois)
00bcb5f3ec Merge branch 'develop' 2019-12-31 17:56:59 +01:00
Ycarus (Yannick Chabanois)
b788d7f2cb fix create ca dir 2019-12-31 17:56:52 +01:00
Ycarus (Yannick Chabanois)
2238f164b8 Merge branch 'develop' 2019-12-31 17:23:04 +01:00
Ycarus (Yannick Chabanois)
c073b65358 Fix ca 2019-12-31 17:22:57 +01:00
Ycarus (Yannick Chabanois)
85f919ba7a Merge branch 'develop' 2019-12-31 16:29:37 +01:00
Ycarus (Yannick Chabanois)
e6a0074949 Fix OpenVPN config 2019-12-31 16:29:25 +01:00
Ycarus (Yannick Chabanois)
2b8d75cdf4 Merge branch 'develop' 2019-12-31 15:38:55 +01:00
Ycarus (Yannick Chabanois)
259bbdec7d Add v2ray in tracked files 2019-12-31 15:38:29 +01:00
Ycarus (Yannick Chabanois)
f1c6047689 Track some untracked files 2019-12-31 15:38:01 +01:00
Ycarus (Yannick Chabanois)
9da7d3e4aa Update openvpn conf 2019-12-31 15:37:01 +01:00
Ycarus (Yannick Chabanois)
bb4ddbff3b Add API word in config.txt 2019-12-31 14:58:41 +01:00
Ycarus (Yannick Chabanois)
f0c637d855 Update to 0.1006 2019-12-31 08:53:31 +01:00
Ycarus (Yannick Chabanois)
67406eefa1 Update to latest OMR API 2019-12-31 08:52:29 +01:00
Ycarus (Yannick Chabanois)
73b30072aa Use jq to parse json 2019-12-29 14:55:17 +01:00
Ycarus (Yannick Chabanois)
5a7d393247 Use latest OMR Admin Dev script 2019-12-27 21:59:27 +01:00
Ycarus (Yannick Chabanois)
9623aeba23 Use easyrsa in openvpn directly 2019-12-27 21:36:43 +01:00
Ycarus (Yannick Chabanois)
fdd987f147 Force interface for openvpn 2019-12-27 21:32:42 +01:00
Ycarus (Yannick Chabanois)
71ac240cac script to install pihole doesn't work on Debian9 2019-12-27 21:32:14 +01:00
Ycarus (Yannick Chabanois)
607df111af Force Debian10 and various changes 2019-12-27 21:31:32 +01:00
Ycarus (Yannick Chabanois)
6a19b616ff Various fix 2019-12-03 21:38:24 +01:00
Ycarus (Yannick Chabanois)
0d7145b516 OpenVPN changes and updates 2019-11-27 20:37:37 +01:00
Ycarus (Yannick Chabanois)
10ae7a15c8 Latest changes in scripts and configuration 2019-11-16 21:49:07 +01:00
Ycarus (Yannick Chabanois)
a3010bebcb Add latest admin script 2019-10-25 20:24:44 +02:00
Ycarus (Yannick Chabanois)
fe336f7f68 Add support for MPTCP over OpenVPN 2019-10-25 20:19:48 +02:00
Ycarus (Yannick Chabanois)
837a73a14e Fix shorewall6 iface 2019-10-22 21:59:18 +02:00
Ycarus (Yannick Chabanois)
99e8a92274 Update and change masquerade to 10.255.0.0/16 2019-10-22 21:55:58 +02:00
Ycarus (Yannick Chabanois)
3b7063139e VPS script 0.1001 2019-09-16 07:58:58 +02:00
Ycarus (Yannick Chabanois)
c63225bb37 VPS script 0.1000 2019-09-16 07:53:38 +02:00
Ycarus (Yannick Chabanois)
a393be77f2 Latest config changes 2019-08-02 17:35:32 +02:00
Ycarus (Yannick Chabanois)
e0fe620899 VPS script 0.999 2019-08-02 17:34:06 +02:00
Ycarus (Yannick Chabanois)
55ecf201d1 Add kernel 4.19 and debian10 support 2019-07-21 07:04:36 +00:00
Ycarus (Yannick Chabanois)
663d12d021 Update to latest kernel 2019-06-19 06:33:28 +00:00
Ycarus (Yannick Chabanois)
1ddba9805a Update 2019-05-26 14:36:58 +00:00
Ycarus (Yannick Chabanois)
3280bd3062 Fix pi hole interface listen on all network 2019-05-17 06:35:31 +00:00
Ycarus (Yannick Chabanois)
5cd78a9401 Update do VPS script 0.993 2019-05-12 02:45:49 +00:00
Ycarus (Yannick Chabanois)
616cb5c494 Force use of mptcp kernel in all case 2019-05-01 00:38:39 +00:00
Ycarus (Yannick Chabanois)
5d699da057 Fix using latest kernel 2019-04-30 04:14:41 +00:00
Ycarus (Yannick Chabanois)
cee6434234 Latest VPS script version, and debian bin experimental version 2019-04-05 08:23:35 +00:00
Ycarus (Yannick Chabanois)
504a373f16 Fix to work on both debian and ubuntu 2019-04-03 12:09:47 +00:00
Ycarus (Yannick Chabanois)
076975cb90 Update VPS script and add a debian binary script 2019-04-03 11:44:07 +00:00
Ycarus (Yannick Chabanois)
c945553248 Update to latest VPS script 2019-03-22 02:38:17 +00:00
Ycarus (Yannick Chabanois)
54b5379621 Update and fix https://github.com/Ysurac/openmptcprouter-vps/issues/18 2019-03-18 10:31:47 +00:00
Ycarus (Yannick Chabanois)
1e1270de67 Update all 2019-03-15 04:53:32 +00:00
Ycarus (Yannick Chabanois)
417741faed Update to latest kernel, shadowsocks-libev release and glorytun-udp commit 2019-03-12 00:35:49 +00:00
Ycarus (Yannick Chabanois)
c42d055602 Latest changes to VPS script 2019-02-10 07:46:29 +00:00
Ycarus (Yannick Chabanois)
65209b07c3 Add log to omr-service 2019-01-14 17:15:38 +00:00
Ycarus (Yannick Chabanois)
0a808c59b2 Update to latest VPS script version 2019-01-02 08:57:31 +00:00
Ycarus (Yannick Chabanois)
8f3d071b2a Use glorytun udp git and add variable for all versions 2018-11-30 09:31:36 +00:00
Ycarus (Yannick Chabanois)
6161468488 Update to shadowsocks 3.2.3 2018-11-29 18:17:03 +00:00
Ycarus (Yannick Chabanois)
1869f2da7d Display new omr-admin key even after an update 2018-11-29 08:10:52 +00:00
Ycarus (Yannick Chabanois)
5e46ec606d Put mlvpn install in the script and add omr admin script 2018-11-28 21:18:35 +00:00
Ycarus (Yannick Chabanois)
dc342613a6 Add Ubuntu Server 18.04 support 2018-11-12 18:27:32 +00:00
Ycarus (Yannick Chabanois)
2cc57519b6 Change command to get default interface 2018-11-02 08:03:59 +00:00
Ycarus (Yannick Chabanois)
91079cde73 Update to 4.14.77 kernel and fixes 2018-11-01 08:29:02 +00:00
Ycarus (Yannick Chabanois)
8b15c8a4f8 Update to latest MPTCP kernel 2018-10-26 13:43:57 +00:00
Ycarus (Yannick Chabanois)
683763e694 Update to latest VPS script with latest kernel and tuning 2018-10-19 07:31:13 +00:00
Ycarus (Yannick Chabanois)
26a5ac29e4 Increase glorytun TCP MTU 2018-09-02 17:51:27 +00:00
Ycarus (Yannick Chabanois)
f8842fed75 Modify glorytun param 2018-08-21 16:06:56 +00:00
Ycarus (Yannick Chabanois)
41bab147df Update to latest MPTCP 0.94 commit 2018-08-21 05:56:46 +00:00
Ycarus (Yannick Chabanois)
8bb96f4342 Set default UDP buffer 2018-08-21 05:56:30 +00:00
Ycarus (Yannick Chabanois)
4dfa9613ac Remove OpenVPN compression, change settings for glorytun 2018-08-19 12:05:09 +00:00
Ycarus (Yannick Chabanois)
f81944fb8c Use bbr by default 2018-08-02 15:35:15 +00:00
Ycarus (Yannick Chabanois)
0a711370c5 Update script to latest kernel and set chacha20 for ShadowSocks 2018-08-02 13:14:16 +00:00
Ycarus (Yannick Chabanois)
5db722da02 Fix MLVPN and OpenVPN support 2018-07-31 12:47:13 +00:00
Ycarus (Yannick Chabanois)
fafac4b8eb Fix update and mlvpn support 2018-07-31 06:41:43 +00:00
Ycarus (Yannick Chabanois)
eef5d97edd Fix 2018-07-28 19:43:25 +00:00
Ycarus (Yannick Chabanois)
3da17e9106 Fix eth0 in all shorewall files 2018-07-28 18:39:32 +00:00
Ycarus (Yannick Chabanois)
c1fa82ea32 Should fix https://github.com/Ysurac/openmptcprouter/issues/111 2018-07-28 18:34:00 +00:00
Ycarus (Yannick Chabanois)
fa84079875 Rename omr-6in4, add shorewall net interface in params.net and add multipath utility 2018-07-27 12:40:12 +00:00
104 changed files with 4396 additions and 511 deletions

Binary file not shown.

View file

@ -4,11 +4,13 @@
"local_port":1081,
"mode":"tcp_and_udp",
"key":"MySecretKey",
"timeout":400,
"method":"aes-256-cfb",
"timeout":600,
"method":"chacha20-ietf-poly1305",
"verbose":0,
"prefer_ipv6": false,
"fast_open": true,
"no_delay": true,
"reuse_port": true,
"ipv6_first": true,
"mptcp": true
}

1
debian-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

23
debian/changelog vendored Normal file
View file

@ -0,0 +1,23 @@
omr-server (0.1030) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Wed, 10 Apr 2024 19:35:34 +0200
omr-server (0.1028) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Fri, 14 Oct 2022 09:02:22 +0200
omr-server (0.1026) unstable; urgency=medium
* Many changes
-- OpenMPTCProuter <contact@openmptcprouter.com> Mon, 14 Jun 2021 07:43:42 +0200
omr-server (0.1025-test) unstable; urgency=medium
* Wireguard support and fixed
-- OpenMPTCProuter <contact@openmptcprouter.com> Thu, 04 Mar 2021 14:36:12 +0200

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
10

37
debian/control vendored Normal file
View file

@ -0,0 +1,37 @@
Source: omr-server
Section: net
Priority: optional
Maintainer: OpenMPTCProuter <contact@openmptcprouter.com>
Build-Depends: debhelper (>= 10)
X-Python-Version: >= 3.2
Standards-Version: 0.0.1
Homepage: https://github.com/ysurac/openmptcprouter-vps
Package: omr-server
Architecture: all
Multi-Arch: foreign
Depends:
curl,
rename,
libcurl4,
unzip,
tracebox,
omr-iperf3,
omr-shadowsocks-libev (= 3.3.5-2),
omr-vps-admin (= 0.3+20210508),
omr-simple-obfs,
omr-mlvpn (= 3.0.0+20201216.git.2263bab),
omr-glorytun (= 0.3.4-4),
omr-glorytun-tcp (= 0.0.35-3),
omr-dsvpn (= 0.1.4-2),
shorewall,
shorewall6,
iptables,
v2ray-plugin (= 4.35.1),
v2ray (=4.35.1),
linux-image-5.4.100-mptcp (= 1.18+9d3f35b),
${misc:Depends}
Provides: omr-server
Conflicts: omr-server
Replaces: omr-server
Description: OpenMPTCProuter Server script

16
debian/postinst vendored Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x
# use debconf
. /usr/share/debconf/confmodule
sed -i -e "s/^LOCALFILES=.*$/LOCALFILES=no/" -e "s/^SOURCES=.*$/SOURCES=no/" /usr/share/omr-server/debian9-x86_64.sh
systemctl daemon-reload
systemctl restart omr-update
db_stop
#DEBHELPER#
exit 0
# vim:set ai et sts=2 sw=2 tw=0:

18
debian/rules vendored Executable file
View file

@ -0,0 +1,18 @@
#!/usr/bin/make -f
#export DH_VERBOSE = 1
# Security Hardening
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
%:
dh $@
override_dh_auto_install:
mkdir -p $(CURDIR)/debian/omr-server/usr/share/omr-server
find . -type f -xtype f -not -iname '*/debian/*' -not -iname '*/.git/*' -exec cp '{}' "$(CURDIR)/debian/omr-server/usr/share/omr-server/{}" ';'
cp -r ./shorewall4 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./shorewall6 $(CURDIR)/debian/omr-server/usr/share/omr-server/
cp -r ./bin $(CURDIR)/debian/omr-server/usr/share/omr-server/
mkdir -p $(CURDIR)/debian/etc/openmptcprouter-vps-admin
touch $(CURDIR)/debian/etc/openmptcprouter-vps-admin/update-bin

1
debian10-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian11-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
debian12-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

55
debian9-x86_64-bin.sh Normal file
View file

@ -0,0 +1,55 @@
#!/bin/sh
set -e
umask 0022
export LC_ALL=C
#rm -f /var/lib/dpkg/lock
#rm -f /var/cache/apt/archives/lock
# Check Linux version
if test -f /etc/os-release ; then
. /etc/os-release
else
. /usr/lib/os-release
fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ]; then
echo "This script only work with Debian Stretch (9.x)"
exit 1
elif [ "$ID" != "debian" ]; then
echo "This script only work with Debian Stretch (9.x)"
exit 1
fi
apt-get update
apt-get -y install apt-transport-https
echo 'deb https://repo.openmptcprouter.com stretch main' > /etc/apt/sources.list.d/openmptcprouter.list
cat <<EOF | tee /etc/apt/preferences.d/openmptcprouter.pref
Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones
Package: *
Pin: origin repo.openmptcprouter.com
Pin-Priority: 1001
EOF
echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add -
apt-get update
apt-get -y install dirmngr patch rename curl
# Rename bzImage to vmlinuz, needed when custom kernel was used
cd /boot
rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1
#rm -f /var/lib/dpkg/lock
#rm -f /var/cache/apt/archives/lock
rm -f /etc/kernel-img.conf
echo "Install all"
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-overwrite" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install omr-vps
systemctl -q enable shorewall
systemctl -q enable shorewall6
# Change SSH port to 65222
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
echo "OpenMPTCProuter VPS is now installed !"
cat /root/openmptcprouter_config.txt

View file

@ -1,137 +0,0 @@
#!/bin/sh
MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | awk '{print $5}' | tr -d "\n")}
DEBIAN_VERSION=$(sed 's/\..*//' /etc/debian_version)
set -e
umask 0022
update="0"
if [ $DEBIAN_VERSION -ne 9 ]; then
echo "This script only work with Debian Stretch (9.x)"
exit 1
fi
if [ -f "/etc/mlvpn/mlvpn0.conf" ] ; then
update="1"
fi
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
fi
# Install MLVPN
if systemctl -q is-active mlvpn@mlvpn0.service; then
systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1
fi
apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip
rm -rf /tmp/MLVPN-new-reorder
cd /tmp
#wget -O /tmp/mlvpn-2.3.2.tar.gz https://github.com/zehome/MLVPN/archive/2.3.2.tar.gz
wget -O /tmp/new-reorder.zip https://github.com/markfoodyburton/MLVPN/archive/new-reorder.zip
cd /tmp
#tar xzf mlvpn-2.3.2.tar.gz
#cd MLVPN-2.3.2
unzip new-reorder.zip
cd MLVPN-new-reorder
./autogen.sh
./configure --sysconfdir=/etc
make
make install
wget -O /lib/systemd/network/mlvpn.network http://www.openmptcprouter.com/server/mlvpn.network
mkdir -p /etc/mlvpn
if [ "$update" = "0" ]; then
wget -O /etc/mlvpn/mlvpn0.conf http://www.openmptcprouter.com/server/mlvpn0.conf
sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf
fi
chmod 0600 /etc/mlvpn/mlvpn0.conf
adduser --quiet --system --home /var/run/mlvpn --shell /usr/sbin/nologin mlvpn
systemctl enable mlvpn@mlvpn0.service
systemctl enable systemd-networkd.service
cd /tmp
#rm -rf /tmp/MLVPN-2.3.2
rm -rf /tmp/MLVPN-new-reorder
# Add 6in4 support
wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
chmod 755 /usr/local/bin/omr-6in4
wget -O /usr/local/bin/omr-6in4-service http://www.openmptcprouter.com/server/omr-6in4-service
chmod 755 /usr/local/bin/omr-6in4-service
wget -O /lib/systemd/system/omr-6in4.service http://www.openmptcprouter.com/server/omr-6in4.service.in
systemctl enable omr-6in4.service
# Change SSH port to 65222
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
# Remove Bind9 if available
#systemctl -q disable bind9
# Remove fail2ban if available
#systemctl -q disable fail2ban
if [ "$update" = "0" ]; then
# Install and configure the firewall using shorewall
apt-get -y install shorewall shorewall6
wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall.tar.gz
tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
systemctl enable shorewall
wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall6.tar.gz
tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
systemctl enable shorewall6
else
# Update only needed firewall files
wget -O /etc/shorewall/interfaces http://www.openmptcprouter.com/server/shorewall4/interfaces
wget -O /etc/shorewall/snat http://www.openmptcprouter.com/server/shorewall4/snat
wget -O /etc/shorewall/stoppedrules http://www.openmptcprouter.com/server/shorewall4/stoppedrules
wget -O /etc/shorewall/params.vpn http://www.openmptcprouter.com/server/shorewall4/params.vpn
wget -O /etc/shorewall/params http://www.openmptcprouter.com/server/shorewall4/params
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules
wget -O /etc/shorewall6/interfaces http://www.openmptcprouter.com/server/shorewall6/interfaces
wget -O /etc/shorewall6/stoppedrules http://www.openmptcprouter.com/server/shorewall6/stoppedrules
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
fi
if [ "$update" = "0" ]; then
# Display important info
echo '=========================================================================================='
echo 'OpenMPTCProuter VPS MLVPN is now configured !'
echo 'SSH port: 65222 (instead of port 22)'
echo 'MLVPN first port: 65201'
echo 'Your MLVPN password: '
echo $MLVPN_PASS
echo '=========================================================================================='
echo 'Keys are also saved in /root/openmptcprouter_mlvpn_config.txt, you are free to remove them'
echo '=========================================================================================='
# Save info in file
cat > /root/openmptcprouter_mlvpn_config.txt <<-EOF
SSH port: 65222 (instead of port 22)
MLVPN first port: 65201
Your MLVPN password:
${MLVPN_PASS}
EOF
if [ -f "/root/openmptcprouter_config.txt" ]; then
cat >> /root/openmptcprouter_config.txt <<-EOF
MLVPN first port: 65201
Your MLVPN password:
${MLVPN_PASS}
EOF
fi
else
echo '===================================================================================='
echo 'OpenMPTCProuter VPS MLVPN is now updated !'
echo 'Keys are not changed, shorewall rules files preserved'
echo '===================================================================================='
echo 'Restarting mlvpn and omr-6in4...'
systemctl -q start mlvpn@mlvpn0
systemctl -q restart omr-6in4
echo 'done'
echo 'Restarting shorewall...'
systemctl -q restart shorewall
systemctl -q restart shorewall6
echo 'done'
fi

2345
debian9-x86_64.sh Normal file → Executable file

File diff suppressed because it is too large Load diff

19
dsvpn-run Normal file
View file

@ -0,0 +1,19 @@
#!/bin/sh
set -e
if [ ! -f "$1" ]; then
echo "usage: $(basename "$0") FILE"
exit 1
fi
. "$(readlink -f "$1")"
exec dsvpn \
${MODE} \
"$1".key \
${HOST:-auto} \
${PORT} \
${DEV} \
${LOCALTUNIP} \
${REMOTETUNIP}

11
dsvpn-server.service.in Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Dead Simple VPN - Server
After=network.target network-online.target
[Service]
ExecStart=/usr/local/sbin/dsvpn server /etc/dsvpn/dsvpn.key auto 65011 dsvpn0 10.255.251.1 10.255.251.2
Restart=always
RestartSec=15
[Install]
WantedBy=network.target

11
dsvpn-server@.service.in Normal file
View file

@ -0,0 +1,11 @@
[Unit]
Description=Dead Simple VPN - Server on %I
After=network.target network-online.target
[Service]
ExecStart=/usr/local/bin/dsvpn-run /etc/dsvpn/%i
Restart=always
RestartSec=15
[Install]
WantedBy=network.target

6
dsvpn0-config Normal file
View file

@ -0,0 +1,6 @@
PORT=65401
HOST=0.0.0.0
DEV=dsvpn0
MODE=server
LOCALTUNIP=10.255.251.1
REMOTETUNIP=10.255.251.2

View file

@ -0,0 +1,10 @@
[INCLUDES]
before = common.conf
[Definition]
_daemon = ovpn-server
failregex =%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Auth Error:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} VERIFY ERROR:.*
%(__prefix_line)s<HOST>:[0-9]{4,5} TLS Error: TLS handshake failed.*
%(__prefix_line)sTLS Error: cannot locate HMAC in incoming packet from \[AF_INET\]<HOST>:[0-9]{4,5}
maxlines = 1

View file

@ -0,0 +1,21 @@
[DEFAULT]
backend = systemd
banaction = shorewall
[sshd]
enabled = true
[openvpn_tcp]
enabled = true
port = 65301
protocol = tcp
filter = openvpn
maxretry = 5
[openvpn_udp]
enabled = true
port = 65301
protocol = udp
filter = openvpn
maxretry = 5

14
glorytun-tcp-post.sh Normal file
View file

@ -0,0 +1,14 @@
#!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")"
INTF=gt-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.255.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.255.3"
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}

View file

@ -9,7 +9,7 @@ fi
. "$(readlink -f "$1")"
DEV="gt${HOST:+c}-$(basename "$1")"
DEV="gt-$(basename "$1")"
exec glorytun-tcp \
${SERVER:+listener} \

View file

@ -6,6 +6,7 @@ After=network.target network-online.target
Type=simple
Restart=always
ExecStart=/usr/local/bin/glorytun-tcp-run /etc/glorytun-tcp/%i
ExecStartPost=-/etc/glorytun-tcp/post.sh /etc/glorytun-tcp/%i
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]

17
glorytun-udp-post.sh Normal file
View file

@ -0,0 +1,17 @@
#!/bin/sh
[ ! -f $(readlink -f "$1") ] && exit 1
. "$(readlink -f "$1")"
INTF=gt-udp-${DEV}
[ -z "$LOCALIP" ] && LOCALIP="10.255.254.1"
[ -z "$BROADCASTIP" ] && BROADCASTIP="10.255.254.3"
while [ -z "$(ip link show $INTF 2>/dev/null)" ]; do
sleep 2
done
[ "$(ip addr show dev $INTF | grep -o 'inet [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*' | grep -o '[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*')" != "$LOCALIP" ] && {
ip link set dev ${INTF} up 2>&1 >/dev/null
ip addr add ${LOCALIP}/30 brd ${BROADCASTIP} dev ${INTF} 2>&1 >/dev/null
}
tc qdisc replace dev $INTF root cake
ip link set $INTF txqlen 100
glorytun set dev gt-udp-tun0 kxtimeout 7d 2>&1 >/dev/null

View file

@ -9,11 +9,10 @@ fi
. "$(readlink -f "$1")"
DEV="gt${HOST:+c}-udp-$(basename "$1")"
DEV="gt-udp-$(basename "$1")"
exec glorytun \
bind $BIND $BIND_PORT \
bind to addr ${HOST:-::} port ${PORT:-5000} from addr $BIND port $BIND_PORT \
keyfile "$1".key \
${DEV:+dev "$DEV"} \
${HOST:+to "$HOST" "$PORT"} \
${OPTIONS:+$OPTIONS}

View file

@ -1,5 +1,5 @@
[Match]
Name=gt-udp-*
Name=gt-udp-tun*
[Network]
Description=Glorytun server device
@ -9,9 +9,9 @@ IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=1
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h
DefaultLeaseTimeSec=2h
MaxLeaseTimeSec=4h

View file

@ -7,6 +7,7 @@ Type=simple
Restart=always
EnvironmentFile=/etc/glorytun-udp/%i
ExecStart=/usr/local/bin/glorytun-udp-run /etc/glorytun-udp/%i
ExecStartPost=-/etc/glorytun-udp/post.sh /etc/glorytun-udp/%i
CapabilityBoundingSet=CAP_NET_ADMIN
[Install]

View file

@ -1,8 +1,8 @@
[Match]
Name=gt-*
Name=gt-tun*
[Link]
MTUBytes=1400
MTUBytes=1500
[Network]
Description=Glorytun server device
@ -12,9 +12,9 @@ IPMasquerade=yes
[DHCPServer]
PoolOffset=1
PoolSize=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h
DefaultLeaseTimeSec=2h
MaxLeaseTimeSec=4h

3
iperf3.override.conf Normal file
View file

@ -0,0 +1,3 @@
[Service]
ExecStart=
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem

10
iperf3.service.in Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=iperf3
Requires=network.target
[Service]
ExecStart=/usr/bin/iperf3 -s -p 65400 --authorized-users-path /etc/iperf3/users.csv --rsa-private-key-path /etc/iperf3/private.pem
Restart=on-failure
[Install]
WantedBy=multi-user.target

22
manager.json Normal file
View file

@ -0,0 +1,22 @@
{
"mptcp": true,
"ipv6_first": true,
"no_delay": true,
"ebpf": false,
"server": [
"[::0]",
"0.0.0.0"
],
"method": "chacha20-ietf-poly1305",
"fast_open": true,
"timeout": 1000,
"port_key": {
"65101": "MySecretKey",
},
"local_port": 1081,
"verbose": 0,
"acl": "/etc/shadowsocks-libev/local.acl",
"mode": "tcp_and_udp",
"reuse_port": true,
"prefer_ipv6": false
}

View file

@ -9,7 +9,7 @@ IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=1
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9

View file

@ -5,7 +5,7 @@ interface_name = "mlvpn0"
timeout = 30
password = "MLVPN_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
reorder_buffer_size = 128
loss_tolerence = 50
[wan1]

18
mlvpn@.service.in Normal file
View file

@ -0,0 +1,18 @@
[Unit]
Description=MLVPN connection to %i
PartOf=mlvpn.service
ReloadPropagatedFrom=mlvpn.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/mlvpn --config /etc/mlvpn/%i.conf --name %i --user mlvpn --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/mlvpn
Restart=always
[Install]
WantedBy=multi-user.target

177
multipath Executable file
View file

@ -0,0 +1,177 @@
#!/bin/sh
#
# Update the MP-TCP flags without the pached iproute2
#
# Author: Mario Krueger <openwrt at xedp3x.de>
# Released under GPL 3 or later
if [ -d "/proc/sys/net/mptcp" ]; then
if ([ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]) || ([ -f /proc/sys/net/mptcp/enabled ] && [ `cat /proc/sys/net/mptcp/enabled` = 0 ]); then
echo "MPTCP is disabled!"
exit 1
fi
else
echo "Your device don't support multipath-TCP."
echo "You have to install the pached kernel to use MPTCP."
echo "See http://multipath-tcp.org/ for details"
exit 1
fi
case $1 in
"-h")
echo " Multipath-TCP configuration tool"
echo "show/update flags:"
echo " multipath [device]"
echo " multipath device {on | off | backup | handover}"
echo
echo "show established conections: -c"
echo "show fullmesh info: -f"
echo "show kernel config: -k"
echo
echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
echo "will allow a subflow to be established across this interface, but only be used"
echo "as backup. Handover-flag indicates that his interface is not used at all (even "
echo "no subflow being established), as long as there are other interfaces available."
echo "See http://multipath-tcp.org/ for details"
echo
exit 0 ;;
"-c")
cat /proc/net/mptcp_net/mptcp
exit 0;;
"-f")
cat /proc/net/mptcp_fullmesh
exit 0;;
"-k")
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
elif [ -f /proc/sys/net/mptcp/enabled ]; then
echo Enabled: `cat /proc/sys/net/mptcp/enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_path_manager ]; then
echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
fi
if [ -f /proc/sys/net/mptcp/mptcp_checksum ]; then
echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
else
echo Use checksum: `cat /proc/sys/net/mptcp/checksum_enabled`
fi
if [ -f /proc/sys/net/mptcp/mptcp_scheduler ]; then
echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
fi
if [ -f /proc/sys/net/mptcp/mptcp_syn_retries ]; then
echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
fi
if [ -f /proc/sys/net/mptcp/mptcp_debug ]; then
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo
echo See http://multipath-tcp.org/ for details
exit 0 ;;
"")
for ifpath in /sys/class/net/*; do
$0 ${ifpath##*/}
done
exit 0;;
*);;
esac
DEVICE="$1"
TYPE="$2"
#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
[ -d "/sys/class/net/$DEVICE/" ] || {
#echo "Device '$DEVICE' can't found!"
#echo "Use the hardware name like in ifconfig"
exit 1
}
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
FLAG_PATH="/sys/class/net/$DEVICE/flags"
IFF=`cat $FLAG_PATH`
IFF_OFF="0x80000"
IFF_ON="0x00"
IFF_BACKUP="0x100000"
IFF_HANDOVER="0x200000"
IFF_MASK="0x380000"
case $TYPE in
"off") FLAG=$IFF_OFF;;
"on") FLAG=$IFF_ON;;
"backup") FLAG=$IFF_BACKUP;;
"handover") FLAG=$IFF_HANDOVER;;
"")
IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
case "$IFF" in
$IFF_OFF) echo $DEVICE is deactivated;;
$IFF_ON) echo $DEVICE is in default mode;;
$IFF_BACKUP) echo $DEVICE is in backup mode;;
$IFF_HANDOVER) echo $DEVICE is in handover mode;;
*) echo "Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
else
ID=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $3}')
IFF=$(ip mptcp endpoint show | grep -m 1 "dev $DEVICE" | awk '{print $4}')
#IP=$(ip a show $DEVICE | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
[ -f /usr/bin/jsonfilter ] && IP=$(ip -j a show $DEVICE | jsonfilter -e '@[0].addr_info[*].local')
[ -f /usr/bin/jq ] && IP=$(ip -j a show $DEVICE | jq -r '.[0].addr_info[].local')
RMID=$(ip mptcp endpoint show | grep '::ffff' | awk '{ print $3 }')
[ -n "$RMID" ] && ip mptcp endpoint delete id $RMID 2>&1 >/dev/null
case $TYPE in
"off")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
exit 0;;
"on")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE subflow fullmesh
done
exit 0;;
"signal")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE signal
done
exit 0;;
"backup")
[ -n "$ID" ] && {
for i in $ID; do
ip mptcp endpoint delete id $i 2>&1 >/dev/null
done
}
for i in $IP; do
ip mptcp endpoint add $i dev $DEVICE backup fullmesh
done
exit 0;;
"")
case "$IFF" in
"") echo $DEVICE is deactivated;;
"subflow") echo $DEVICE is in default mode;;
"backup") echo $DEVICE is in backup mode;;
"signal") echo $DEVICE is in signal mode;;
"fullmesh") echo $DEVICE is in fullmesh mode;;
*) echo "$DEVICE Unkown state!" && exit 1;;
esac
exit 0;;
*) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
esac
fi

25
old-v2ray.service Normal file
View file

@ -0,0 +1,25 @@
[Unit]
Description=V2Ray - A unified platform for anti-censorship
Documentation=https://v2ray.com https://guide.v2fly.org
After=network.target nss-lookup.target
Wants=network-online.target
[Service]
# If the version of systemd is 240 or above, then uncommenting Type=exec and commenting out Type=simple
#Type=exec
Type=simple
# Runs as root or add CAP_NET_BIND_SERVICE ability can bind 1 to 1024 port.
# This service runs as root. You may consider to run it as another user for security concerns.
# By uncommenting User=v2ray and commenting out User=root, the service will run as user v2ray.
# More discussion at https://github.com/v2ray/v2ray-core/issues/1011
User=root
#User=v2ray
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_RAW
NoNewPrivileges=yes
ExecStart=/usr/bin/v2ray -config /etc/v2ray/config.json
Restart=on-failure
# Don't restart in the case of configuration error
RestartPreventExitStatus=23
[Install]
WantedBy=multi-user.target

23
omr-6in4-run Executable file
View file

@ -0,0 +1,23 @@
#!/bin/sh
set -e
if [ ! -f "$2" ]; then
echo "usage: $(basename "$0") start FILE"
exit 1
fi
. "$(readlink -f "$2")"
DEV="omr-6in4-$(basename "$2")"
if [ "$1" = "start" ]; then
[ -n "$(ip tunnel show ${DEV})" ] && ip tunnel del ${DEV} 2>&1 >/dev/null
ip tunnel add ${DEV} mode sit remote ${REMOTEIP} local ${LOCALIP}
ip -6 addr add ${LOCALIP6} dev ${DEV}
ip link set ${DEV} up
[ -n "$ULA" ] && [ "$ULA" != "auto" ] && ip route replace ${ULA} via $(echo ${REMOTEIP6} | cut -d/ -f1) dev ${DEV}
fi
if [ "$1" = "stop" ]; then
ip tunnel del ${DEV}
fi

View file

@ -1,74 +0,0 @@
#!/bin/bash
# OpenMPTCProuter VPS 6in4 service script
if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
ip link set omr-6in4 down
ip tunnel del omr-6in4
exit 0
fi
# Add IPv6 tunnel
if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
else
ip tunnel add omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1
ip addr add fe80::a00:1/64 dev omr-6in4 >/dev/null 2>&1
fi
ip link set omr-6in4 up
ip route replace fd00::/8 via fe80::a00:2 dev omr-6in4
_ping() {
local host=$1
ret=$(ping -4 "${host}" \
-W 5 \
-c 1 \
-q
) && echo "$ret" | grep -sq "0% packet loss" && {
return
}
false
}
while true; do
source /etc/shorewall/params.vpn
iface=""
currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n")
currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n")
if [ -n "$currentpeer" ]; then
_ping $currentpeer
status=$?
if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then
allip_tcp=$(ip -4 addr show gt-tun0 2>/dev/null | grep inet)
allip_udp=$(ip -4 addr show gt-udp-tun0 2>/dev/null | grep inet)
allip_mlvpn=$(ip -4 addr show mlvpn0 2>/dev/null | grep inet)
allip_openvpn=$(ip -4 addr show tun0 2>/dev/null | grep inet)
allip="$allip_tcp
$allip_udp
$allip_openvpn
$allip_mlvpn"
while IFS= read -r inet; do
ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
ipd=$(echo $ip | sed 's/.1/.2/' | tr -d "\n")
if [ "$ipd" != "" ]; then
_ping $ipd
statusp=$?
if $(exit $statusp); then
ip tunnel change omr-6in4 mode sit remote $ipd local $ip
echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn
echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn
iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n")
echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn
systemctl reload shorewall
break
fi
fi
done < <(printf '%s\n' "$allip")
[ -z "$iface" ] && {
systemctl -q restart systemd-networkd
sleep 10
}
fi
fi
sleep 5
done

12
omr-admin-ipv6.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-Admin IPv6
After=network.target network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-admin.py --host="::"
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install]
WantedBy=multi-user.target

12
omr-admin.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-Admin
After=network.target network-online.target
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-admin.py
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN CAP_IPC_LOCK CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_FOWNER CAP_SETFCAP
[Install]
WantedBy=multi-user.target

82
omr-bypass Executable file
View file

@ -0,0 +1,82 @@
#!/bin/sh
# Copyright (C) 2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Released under GPL 3. See LICENSE for the full terms.
[ ! -f /etc/openmptcprouter-vps-admin/omr-bypass.json ] && exit 0
# Configuration
INTERFACE="$(jq -M -r .bypass_intf /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$INTERFACE" = "null" ] && INTERFACE="vpn1"
GATEWAY="$(ip r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
GATEWAY6="$(ip -6 r show dev ${INTERFACE} | awk '/via/ {print $3}' | tr -d '\n')"
TABLE="991337"
MARK="0x539"
CHECKSUM="$(md5sum /etc/openmptcprouter-vps-admin/omr-bypass.json | awk '{print $1}' | tr -d '\n')"
PREVIOUS_CHECKSUM="$(jq -M -r .bypass_checksum /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d '\n')"
[ "$CHECKSUM" = "$PREVIOUS_CHECKSUM" ] && exit 0
jq -M --arg c "$CHECKSUM" '.bypass_checksum = $c' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp
mv /etc/openmptcprouter-vps-admin/omr-admin-config.json.tmp /etc/openmptcprouter-vps-admin/omr-admin-config.json
# Action
ipset -q flush omr_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q flush omr6_dst_bypass_srv_${INTERFACE} 2>&1 > /dev/null
ipset -q --exist restore <<-EOF
create omr_dst_bypass_srv_${INTERFACE} hash:net hashsize 64
create omr6_dst_bypass_srv_${INTERFACE} hash:net family inet6 hashsize 64
EOF
ipv4=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv4[])
for ip in $ipv4; do
ipset -q add omr_dst_bypass_srv_${INTERFACE} $ip
done
ipv6=$(cat /etc/openmptcprouter-vps-admin/omr-bypass.json | jq -r .${INTERFACE}.ipv6[])
for ip in $ipv6; do
ipset -q add omr6_dst_bypass_srv_${INTERFACE} $ip
done
iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
iptables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY} dev ${INTERFACE} table ${TABLE}
ip6tables-save --counters 2>/dev/null | grep -v omr-bypass | ip6tables-restore -w --counters 2>/dev/null
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass -m mark --mark ${MARK} -j RETURN
-A omr-bypass-local -m set --match-set omr6_dst_bypass_srv_${INTERFACE} dst -j MARK --set-mark ${MARK}
-A omr-bypass-local -m mark --mark ${MARK} -j RETURN
COMMIT
EOF
if [ -n "$GATEWAY6" ]; then
ip rule add prio 1 fwmark ${MARK} lookup ${TABLE} > /dev/null 2>&1
ip route replace default via ${GATEWAY6} dev ${INTERFACE} table ${TABLE}
fi

12
omr-bypass.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR-ByPass
After=network.target network-online.target shorewall.service
[Service]
Type=simple
ExecStart=/usr/local/bin/omr-bypass
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target

8
omr-bypass.timer.in Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Timer for omr-bypass
[Timer]
OnUnitActiveSec=300
[Install]
WantedBy=timers.target

59
omr-pihole.sh Normal file
View file

@ -0,0 +1,59 @@
#!/bin/sh
if [ -f /etc/os-release ]; then
. /etc/os-release
else
. /usr/lib/os-release
fi
if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
echo "This script doesn't work with Debian Stretch (9.x)"
exit 1
fi
if [ "$(id -u)" -ne 0 ]; then
echo "You must run the script as root"
exit 1
fi
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
echo "Don't apply Pi-hole firewall rules."
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
[ "`tty`" != "not a tty" ] && read -n 1 -s -r -p "Press any key to continue" || sleep 5
echo "Run Pi-hole install script..."
curl -sSL https://install.pi-hole.net | bash
echo "Done"
echo "-------------------------------------------------------------------------------------------------------------------------------"
echo "OMR Pi-hole configuration..."
cat > /etc/lighttpd/external.conf << 'EOF'
server.bind="10.255.255.1"
$SERVER["socket"] == "10.255.254.1:80" { }
$SERVER["socket"] == "10.255.252.1:80" { }
$SERVER["socket"] == "10.255.251.1:80" { }
$SERVER["socket"] == "10.255.253.1:80" { }
EOF
systemctl list-unit-files lighttpd.service &>/dev/null && systemctl -q restart lighttpd
grep -v -e PIHOLE_INTERFACE -e IPV4_ADDRESS -e IPV6_ADDRESS /etc/pihole/setupVars.conf > /etc/pihole/setupVars.new.conf
mv /etc/pihole/setupVars.new.conf /etc/pihole/setupVars.conf
cat >> /etc/pihole/setupVars.conf <<-EOF
PIHOLE_INTERFACE=gt-tun0
IPV4_ADDRESS=10.255.0.0/16
IPV6_ADDRESS=fd00::a00:/106
RATE_LIMIT=0/0
EOF
grep -v interface /etc/dnsmasq.d/01-pihole.conf > /etc/dnsmasq.d/01-pihole.new.conf
mv /etc/dnsmasq.d/01-pihole.new.conf /etc/dnsmasq.d/01-pihole.conf
cat > /etc/dnsmasq.d/99-omr.conf <<-EOF
interface=gt-tun0
interface=gt-udp-tun0
interface=tun0
interface=mlvpn0
interface=dsvpn0
EOF
systemctl -q restart pihole-FTL
echo "Done"
echo "======================================================================================================================================"
echo "To use Pi-hole in OpenMPTCProuter, you need to 'Save & Apply' the wizard again in System->OpenMPTCProuter then reboot OpenMPTCProuter."
echo "Web interface will be available on 10.255.255.1 if you use Glorytun TCP, 10.255.254.1 if you use Glorytun UDP."
echo "======================================================================================================================================"
exit 0

232
omr-service Executable file
View file

@ -0,0 +1,232 @@
#!/bin/bash
# OpenMPTCProuter VPS service script
_multipath() {
# Force multipath status
source /etc/shorewall/params.net
for intf in `ls -1 /sys/class/net`; do
if [ "$intf" != "bonding_masters" ]; then
if ([ "$(ip a show dev lo | grep -v inet6 | grep global)" != "" ] && [ "$intf" = "lo" ]) || ([ "$intf" = "$NET_IFACE" ] && [ "$(ip a show dev lo | grep -v inet6 | grep global)" = "" ]); then
[ -f /proc/sys/net/mptcp/mptcp_enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in default mode" ] && multipath $intf on >/dev/null 2>&1
[ -f /proc/sys/net/mptcp/enabled ] && [ "$(multipath $intf | tr -d '\n')" != "$intf is in signal mode" ] && {
multipath $intf signal >/dev/null 2>&1
ip mptcp limits set subflows 8 add_addr_accepted 8 >/dev/null 2>&1
}
else
[ "$(multipath $intf | tr -d '\n')" != "$intf is deactivated" ] && multipath $intf off >/dev/null 2>&1
fi
fi
done
}
_glorytun_udp() {
#if [ -n "$(systemctl -a | grep 'glorytun-udp')" ]; then
if systemctl list-unit-files glorytun-udp@.service >/dev/null; then
[ -z "$(glorytun show dev gt-udp-tun0 2>/dev/null | grep tunnel)" ] && {
logger -t "OMR-Service" "Restart Glorytun-UDP"
systemctl -q restart 'glorytun-udp@*'
sleep 10
}
for intf in /etc/glorytun-udp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && /etc/glorytun-udp/post.sh ${intf}
done
#ip link set mtu 9000 dev gt-udp-tun0 >/dev/null 2>&1
fi
}
_glorytun_tcp() {
#if [ -n "$(systemctl -a | grep 'glorytun-tcp')" ]; then
if systemctl list-unit-files glorytun-tcp@.service >/dev/null; then
for intf in /etc/glorytun-tcp/tun*; do
[ "$(echo $intf | grep key)" = "" ] && timeout 10 /etc/glorytun-tcp/post.sh ${intf}
done
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "glorytun_tcp" ]; then
localip="$(cat /etc/glorytun-tcp/tun0 | grep LOCALIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.255.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 3 -w 10 $remoteip | grep '100%')" != "" ] && ([ -z "$(pgrep glorytun-tcp)" ] || [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep glorytun-tcp)/exe ))" -gt "300" ]); then
logger -t "OMR-Service" "No answer from VPN client end, restart Glorytun-TCP"
systemctl restart glorytun-tcp@tun0
sleep 10
fi
fi
#ip link set mtu 9000 dev gt-tun0 >/dev/null 2>&1
fi
}
_dsvpn() {
#if [ -n "$(systemctl -a | grep 'dsvpn')" ]; then
if systemctl list-unit-files dsvpn-server@.service >/dev/null; then
[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 >/dev/null 2>&1
if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
[ -z "$localip" ] && localip="10.255.251.1"
remoteip="$(echo $localip | sed 's/\.1/\.2/')"
if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
systemctl restart dsvpn-server@dsvpn0
fi
#ip link set mtu 9000 dev dsvpn0 >/dev/null 2>&1
fi
fi
}
_shadowsocks() {
if systemctl list-unit-files shadowsocks-libev-manager@.service >/dev/null; then
[ -z "$(pgrep ss-server)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks libev"
systemctl restart shadowsocks-libev-manager@manager
}
fi
}
_shadowsocks_go() {
if systemctl list-unit-files shadowsocks-go.service >/dev/null; then
[ -z "$(pgrep shadowsocks-go)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart Shadowsocks go"
systemctl restart shadowsocks-go
}
fi
}
_xray() {
if systemctl list-unit-files xray.service >/dev/null; then
[ -z "$(pgrep xray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart XRay"
systemctl restart xray
}
fi
}
_v2ray() {
if systemctl list-unit-files v2ray.service >/dev/null; then
[ -z "$(pgrep v2ray)" ] && {
logger -t "OMR-Service" "ss-server not detected, restart V2Ray"
systemctl restart v2ray
}
fi
}
_wireguard() {
#if [ -n "$(systemctl -a | grep 'wg')" ]; then
if systemctl list-unit-files wg-quick@.service >/dev/null; then
[ -z "$(ip a show dev wg0 | grep '10.255.247.1')" ] && ip a add 10.255.247.1/24 dev wg0 >/dev/null 2>&1
[ -z "$(ip a show dev client-wg0 | grep '10.255.246.1')" ] && ip a add 10.255.246.1/24 dev client-wg0 >/dev/null 2>&1
fi
}
_omr_api() {
[ -z "$(pgrep curl)" ] && [ -z "$(curl -s -k -m 30 https://127.0.0.1:65500/)" ] && {
logger -t "OMR-Service" "Can't contact API, restart OMR-Admin"
systemctl -q restart omr-admin
}
}
_lan_route() {
jq -c '.users[0][]?' /etc/openmptcprouter-vps-admin/omr-admin-config.json |
while IFS=$"\n" read -r c; do
if [ -n "$c" ]; then
vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
username=$(echo "$c" | jq -r '.username')
if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
echo "$c" | jq -c -r '.lanips[]? //empty' |
while IFS=$"\n" read -r d; do
if [ "$d" != "" ]; then
network=$(ipcalc -n $d | grep Network | awk '{print $2}')
networkonly=$(ipcalc -n $d | grep Network | awk '{print $2}' | cut -d/ -f1)
netmask=$(ipcalc -n $d | grep Netmask | awk '{print $2}')
[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip >/dev/null 2>&1
[ -n "$networkonly" ] && [ -n "$netmask" ] && ([ ! -f /etc/openvpn/ccd/${username} ] || [ -z "$(grep $networkonly /etc/openvpn/ccd/${username})" ]) && echo "iroute $networkonly $netmask" >> /etc/openvpn/ccd/${username}
fi
done
fi
fi
done
}
_gre_tunnels() {
. "$(readlink -f "/etc/shorewall/params.vpn")"
if [ -n "$OMR_ADDR" ]; then
for intf in /etc/openmptcprouter-vps-admin/intf/*; do
if [ -f "$intf" ]; then
. "$(readlink -f "$intf")"
iface="$(basename $intf)"
if [ "$(ip tunnel show $iface 2>/dev/null | awk '{print $4}')" != "$OMR_ADDR" ]; then
[ -n "$(ip tunnel show $iface 2>/dev/null)" ] && ip tunnel del $iface >/dev/null 2>&1
ip tunnel add $iface mode gre local $INTFADDR remote $OMR_ADDR >/dev/null 2>&1
ip link set $iface up >/dev/null 2>&1
ip addr add $LOCALIP dev $iface >/dev/null 2>&1
ip route add $NETWORK dev $iface >/dev/null 2>&1
fi
fi
done
fi
}
_openvpn_bonding() {
if [ "$(ip link show ovpnbonding1 2>/dev/null)" != "" ] && ([ "$(ip link show ovpnbonding1 2>/dev/null | grep SLAVE)" = "" ] || [ "$(ip link show omr-bonding 2>/dev/null | grep DOWN)" != "" ] || [ "$(ip link show | grep ovpnbonding | grep -c SLAVE | tr -d '\n')" != "8" ]); then
echo 0 > /sys/class/net/omr-bonding/bonding/mode >/dev/null 2>&1
ip link set ovpnbonding1 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding1 up >/dev/null 2>&1
ip link set ovpnbonding2 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding2 up >/dev/null 2>&1
ip link set ovpnbonding3 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding3 up >/dev/null 2>&1
ip link set ovpnbonding4 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding4 up >/dev/null 2>&1
ip link set ovpnbonding5 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding5 up >/dev/null 2>&1
ip link set ovpnbonding6 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding6 up >/dev/null 2>&1
ip link set ovpnbonding7 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding7 up >/dev/null 2>&1
ip link set ovpnbonding8 master omr-bonding >/dev/null 2>&1
ip link set ovpnbonding8 up >/dev/null 2>&1
ip link set omr-bonding up mtu 1440 >/dev/null 2>&1
ip a add 10.255.248.1 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.0/24 dev omr-bonding >/dev/null 2>&1
ip r add 10.255.248.2 dev omr-bonding src 10.255.248.1 >/dev/null 2>&1
fi
}
_vpn1() {
vpn1route=$(ip r show dev vpn1 2>/dev/null | grep '0.0.0.0')
[ -z "$vpn1route" ] && vpn1route=$(ip r show dev vpn1 2>/dev/null | grep 'default')
if [ -n "$vpn1route" ]; then
ip r del $vpn1route
vpn1gw="$(echo \"$vpn1route\" | awk '{ print $3 }')"
ip r a default via $vpngw dev vpn1 table 991337
for route in $(ip r show dev vpn1); do
ip r a $route table 991337
done
fi
}
sysctl -p /etc/sysctl.d/90-shadowsocks.conf >/dev/null 2>&1
modprobe bonding >/dev/null 2>&1
ip link add omr-bonding type bond >/dev/null 2>&1
#[ -n "$(uname -r | grep '6.1')" ] && {
# stap -g /usr/share/systemtap-mptcp/mptcp-app.stap 2>&1 &
#}
gre_tunnels="$(jq -c '.gre_tunnels' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
lan_routes="$(jq -c '.lan_routes' /etc/openmptcprouter-vps-admin/omr-admin-config.json)"
while true; do
_glorytun_udp
_glorytun_tcp
_shadowsocks
_shadowsocks_go
_xray
_v2ray
_dsvpn
_wireguard
_multipath
_omr_api
[ "$lan_routes" != "false" ] && _lan_route
[ "$gre_tunnels" != "false" ] && _gre_tunnels
_openvpn_bonding
_vpn1
sleep 10
done

55
omr-test-speed Normal file
View file

@ -0,0 +1,55 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -4 -o /dev/null $HOST || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
fi
curl -4 -o /dev/null --interface $INTERFACE $HOST || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
fi
fi

56
omr-test-speedv6 Normal file
View file

@ -0,0 +1,56 @@
#!/bin/sh
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
HETZNER=false
if [ "$1" = "hetzner" ]; then
HETZNER=true
INTERFACE="$2"
else
INTERFACE="$1"
fi
[ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && {
echo "You must use a real interface. You wan find them using 'ip a' for example"
exit 0
}
if [ "$HETZNER" = false ]; then
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="9999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
bestping=$ping
HOST=$pinghost
fi
done
fi
[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
echo "Best server is $HOST, running test:"
trap : HUP INT TERM
if [ -z "$INTERFACE" ]; then
curl -6 $HOST >/dev/null || echo
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

11
omr-update Executable file
View file

@ -0,0 +1,11 @@
#!/bin/sh
if [ -f /etc/openmptcprouter-vps-admin/update ]; then
wget -O - http://www.openmptcprouter.com/server/debian.sh | sh
rm -f /etc/openmptcprouter-vps-admin/update
reboot
fi
if [ -f /etc/openmptcprouter-vps-admin/update-bin ]; then
LOCALFILES=yes SOURCES=yes REINSTALL=no /usr/share/omr-server/debian9-x86_64.sh
rm -f /etc/openmptcprouter-vps-admin/update-bin
#reboot
fi

15
omr-update.service.in Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=OMR Update
After=network.target network-online.target
[Service]
Type=simple
Restart=no
ExecStart=/usr/bin/omr-update
#ExecStart=/usr/share/omr-server/debian9-x86_64.sh
AmbientCapabilities=
StandardOutput=file:/var/log/omr-update.log
StandardError=file:/var/log/omr-update.log
[Install]
WantedBy=multi-user.target

View file

@ -1,12 +1,12 @@
[Unit]
Description=OMR-6in4
After=network.target network-online.target glorytun-tcp@.service
Description=OMR
After=network.target network-online.target glorytun-tcp@.service glorytun-udp@.service shorewall.service
[Service]
Type=simple
Restart=always
ExecStart=/usr/local/bin/omr-6in4-service
ExecStop=/usr/local/bin/omr-6in4-service stop
ExecStart=/usr/local/bin/omr-service
KillSignal=9
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
[Install]

12
omr6in4@.service.in Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=OMR6IN4 on %I
After=network.target network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/omr-6in4-run start /etc/openmptcprouter-vps-admin/omr-6in4/%i
RemainAfterExit=true
ExecStop=/usr/local/bin/omr-6in4-run stop /etc/openmptcprouter-vps-admin/omr-6in4/%i
[Install]
WantedBy=multi-user.target

Binary file not shown.

Binary file not shown.

18
openvpn-bonding1.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding1
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65351
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding2.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding2
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65352
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding3.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding3
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65353
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding4.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding4
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65354
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding5.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding5
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65355
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding6.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding6
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65356
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding7.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding7
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65357
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

18
openvpn-bonding8.conf Normal file
View file

@ -0,0 +1,18 @@
dev ovpnbonding8
dev-type tap
cipher AES-256-CBC
proto udp
proto udp6
port 65358
persist-tun
persist-key
reneg-sec 0
verb 3
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 100 2400
mode server
tls-server

34
openvpn-tun0.6.1.conf Normal file
View file

@ -0,0 +1,34 @@
topology subnet
dev tun0
user nobody
group nogroup
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
disable-dco
proto tcp-server
proto tcp6-server
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
#push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
ifconfig-pool-persist ccd/ipp_tcp.txt
passtos
management 127.0.0.1 65302
tcp-nodelay

View file

@ -1,9 +1,29 @@
dev tun
secret /etc/openvpn/server/static.key
dev tun0
user nobody
group nogroup
cipher AES-256-CBC
compress lz4
proto tcp-server
proto tcp
port 65301
persist-tun
persist-key
reneg-sec 0
duplicate-cn
verb 3
server 10.255.252.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
sndbuf 0
rcvbuf 0
txqueuelen 2000
tun-mtu 1400
mssfix 1360
tls-server
tls-version-min 1.2
#compress lzo
#push "route 10.255.252.1 255.255.255.255"
client-config-dir ccd
management localhost 65302

30
openvpn-tun1.6.1.conf Normal file
View file

@ -0,0 +1,30 @@
topology subnet
dev tun1
data-ciphers AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
proto udp
proto udp6
port 65301
persist-tun
persist-key
duplicate-cn
verb 3
server 10.255.250.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240
txqueuelen 1000
sndbuf 262144
push "sndbuf 262144"
rcvbuf 262144
push "rcvbuf 262144"
tun-mtu 1420
tls-server
tls-version-min 1.2
push "route 10.255.250.1 255.255.255.255"
#client-config-dir ccd
#ifconfig-pool-persist ccd/ipp_udp.txt
#fast-io
passtos

18
openvpn-tun1.conf Normal file
View file

@ -0,0 +1,18 @@
dev tun1
cipher AES-256-CBC
proto udp
port 65301
persist-tun
persist-key
reneg-sec 0
duplicate-cn
#ncp-disable
#mssfix 1300
verb 3
server 10.255.250.0 255.255.255.0
ca /etc/openvpn/ca/pki/ca.crt
cert /etc/openvpn/ca/pki/issued/server.crt
key /etc/openvpn/ca/pki/private/server.key
dh /etc/openvpn/server/dh2048.pem
crl-verify /etc/openvpn/ca/pki/crl.pem
keepalive 10 240

View file

@ -1,5 +1,5 @@
[Match]
Name=tun*
Name=tun0
[Network]
Description=OpenVPN tunnel
@ -9,7 +9,7 @@ IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=1
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9

View file

@ -0,0 +1,37 @@
{
"servers": [
{
"name": "ss-2022",
"protocol": "2022-blake3-aes-256-gcm",
"tcpListeners": [
{
"network": "tcp",
"address": ":65280",
"fastOpen": false,
"reusePort": false,
"multipath": true
}
],
"enableTCP": true,
"listenerTFO": true,
"enableUDP": true,
"mtu": 1500,
"psk": "PSK",
"uPSKStorePath": "/etc/shadowsocks-go/upsks.json"
}
],
"stats": {
"enabled": true
},
"api": {
"enabled": true,
"debugPprof": false,
"trustedProxies": [],
"listeners": [
{
"network": "tcp",
"address": "127.0.0.1:65279"
}
]
}
}

View file

@ -0,0 +1,15 @@
[Unit]
Description=Shadowsocks-Libev Custom Manager Service for %I
After=network-online.target
[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
LimitNOFILE=99999
LimitNPROC=99999
ExecStart=/usr/bin/ss-manager -c /etc/shadowsocks-libev/%i.json --manager-address 127.0.0.1:8839
Restart=always
[Install]
WantedBy=multi-user.target

77
shadowsocks.6.1.conf Normal file
View file

@ -0,0 +1,77 @@
# local sysctl settings can be stored in this directory
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 7500000
# max write buffer
net.core.wmem_max = 7500000
#net.core.optmem_max = 33554432
# default read buffer
#net.core.rmem_default = 16777216
# default write buffer
#net.core.wmem_default = 16777216
# max processor input queue
net.core.netdev_max_backlog = 10000
# max backlog
net.core.somaxconn = 16384
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 16384
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 409600 819200 1638400
# UDP buffer
net.ipv4.udp_mem = 4096 87380 16777216
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 16777216
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 16777216
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# 1/8 * available memory in receive buffer
net.ipv4.tcp_adv_win_scale=-3
# limits the size of unsent bytes in the write queue
net.ipv4.tcp_notsent_lowat = 131072
# for low-latency network, use cubic instead
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.ipv4.tcp_ecn = 2
net.mptcp.checksum_enabled = 0
net.mptcp.add_addr_timeout = 120
net.mptcp.allow_join_initial_addr_port = 1
net.mptcp.enabled = 1
net.mptcp.pm_type = 0
net.mptcp.stale_loss_cnt = 4
net.mptcp.mptcp_checksum=0
net.mptcp.mptcp_path_manager=fullmesh
net.mptcp.mptcp_scheduler=mptcp_burst
net.mptcp.mptcp_syn_retries=4
net.mptcp.mptcp_version=1
net.mptcp.checksum_enabled=0
net.ipv4.tcp_congestion_control=bbr

View file

@ -2,13 +2,14 @@
# max open files
fs.file-max = 512000
# max read buffer
net.core.rmem_max = 134217728
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 134217728
net.core.wmem_max = 67108864
net.core.optmem_max = 33554432
# default read buffer
net.core.rmem_default = 65536
net.core.rmem_default = 131072
# default write buffer
net.core.wmem_default = 65536
net.core.wmem_default = 131072
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
@ -19,34 +20,45 @@ net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
#net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_fin_timeout = 30
# Increase max orphans
net.ipv4.tcp_max_orphans = 16384
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_time = 7200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.ip_local_port_range = 9999 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_max_syn_backlog = 10240
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 10000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP buffer
net.ipv4.tcp_mem = 134217728 134277728 134217728
net.ipv4.tcp_mem = 8092 131072 67108864
# UDP buffer
net.ipv4.udp_mem = 8092 131072 67108864
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 134217728
net.ipv4.tcp_rmem = 4096 87380 33554432
# TCP write buffer
net.ipv4.tcp_wmem = 4096 87380 134217728
net.ipv4.tcp_wmem = 4096 65536 33554432
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 0
# for low-latency network, use cubic instead
net.ipv4.tcp_congestion_control = olia
net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq
# Default conntrack is too small
net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_max = 524288
net.netfilter.nf_conntrack_buckets=131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
# MPTCP settings
net.mptcp.mptcp_checksum = 0
net.mptcp.mptcp_syn_retries = 20
net.mptcp.mptcp_syn_retries = 4
net.mptcp.mptcp_scheduler = blest
net.ipv4.tcp_ecn = 2

View file

@ -14,9 +14,13 @@
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net eth0 dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
vpn gt-tun0 nosmurfs,routefilter,logmartians,tcpflags
vpn gt-udp-tun0 nosmurfs,routefilter,logmartians,tcpflags
vpn mlvpn0 nosmurfs,routefilter,logmartians,tcpflags
vpn tun0 nosmurfs,routefilter,logmartians,tcpflags
net $NET_IFACE dhcp,tcpflags,routefilter,nosmurfs,sourceroute=0
vpn gt-tun+ nosmurfs,tcpflags
vpn gt-udp-tun+ nosmurfs,tcpflags
vpn mlvpn+ nosmurfs,tcpflags
vpn tun+ nosmurfs,tcpflags
vpn wg+ nosmurfs,tcpflags
vpncl client-wg+ nosmurfs,tcpflags
vpn dsvpn+ nosmurfs,tcpflags
vpn gre-user+ nosmurfs,tcpflags
vpn omr-bonding nosmurfs,tcpflags

View file

@ -22,4 +22,5 @@
# net eth0 130.252.100.255 routefilter,norfc1918
#
###############################################################################
INCLUDE params.net
INCLUDE params.vpn

1
shorewall4/params.net Normal file
View file

@ -0,0 +1 @@
NET_IFACE=eth0

View file

@ -1,3 +1,3 @@
VPS_ADDR=10.255.255.1
OMR_ADDR=10.255.255.2
VPS_IFACE=gt-tun0
VPS_ADDR=10.255.252.1
OMR_ADDR=10.255.252.2
VPS_IFACE=tun0

View file

@ -17,7 +17,10 @@ vpn net ACCEPT
vpn fw ACCEPT
fw vpn ACCEPT
fw net ACCEPT
net all DROP info
net all DROP
vpn vpn DROP
vpncl vpn ACCEPT
vpn vpncl ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
all all REJECT

View file

@ -39,7 +39,7 @@ INVALID_LOG_LEVEL=
LOG_BACKEND=
LOG_MARTIANS=Yes
LOG_MARTIANS=No
LOG_VERBOSITY=2
@ -108,10 +108,11 @@ TC=
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
BLACKLIST_DEFAULT="Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S
@ -144,17 +145,17 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
#CHAIN_SCRIPTS=Yes
CLAMPMSS=No
CLEAR_TC=Yes
CLEAR_TC=No
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DELETE_THEN_ADD=No
DETECT_DNAT_IPADDRS=No
@ -180,7 +181,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
INLINE_MATCHES=No
#INLINE_MATCHES=No
IPSET_WARNINGS=Yes
@ -188,7 +189,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=No
LOAD_HELPERS_ONLY=Yes
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter
@ -196,13 +197,13 @@ MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
#MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MODULE_SUFFIX=ko
#MODULE_SUFFIX=ko
MULTICAST=No
@ -232,7 +233,7 @@ SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_ENABLED=No
TC_EXPERT=No

View file

@ -15,9 +15,16 @@
###########################################################################################################################################
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
#
MASQUERADE 10.0.0.0/8,\
MASQUERADE 10.255.247.0/24,\
10.255.248.0/24,\
10.255.250.0/24,\
10.255.251.0/24,\
10.255.252.0/24,\
10.255.253.0/24,\
10.255.254.0/24,\
10.255.255.0/24,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16 eth0
192.168.0.0/16 $NET_IFACE
# SNAT from VPN server for all VPN clients
#SNAT($VPS_ADDR) 0.0.0.0/0 $VPS_IFACE

View file

@ -13,12 +13,18 @@
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
# PORT(S) PORT(S)
ACCEPT gt-tun0 -
ACCEPT - gt-tun0
ACCEPT gt-udp-tun0 -
ACCEPT - gt-udp-tun0
ACCEPT mlvpn0 -
ACCEPT - mlvpn0
ACCEPT tun0 -
ACCEPT - tun0
ACCEPT gt-tun+ -
ACCEPT - gt-tun+
ACCEPT gt-udp-tun+ -
ACCEPT - gt-udp-tun+
ACCEPT mlvpn+ -
ACCEPT - mlvpn+
ACCEPT dsvpn+ -
ACCEPT - dsvpn+
ACCEPT tun+ -
ACCEPT - tun+
ACCEPT wg+ -
ACCEPT - wg+
ACCEPT client-wg+ -
ACCEPT - client-wg+

3
shorewall4/tcinterfaces Normal file
View file

@ -0,0 +1,3 @@
#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
$NET_IFACE External
#$VPS_IFACE Internal

View file

@ -16,4 +16,5 @@
fw firewall
net ipv4
vpn ipv4
vpncl ipv4

View file

@ -14,6 +14,6 @@
?FORMAT 2
###############################################################################
#ZONE INTERFACE OPTIONS
net eth0 dhcp,tcpflags,rpfilter,forward=1
vpn omr-6in4 tcpflags,forward=1
net $NET_IFACE dhcp,tcpflags,rpfilter,forward=1,routeback
vpn omr-6in4-user+ tcpflags,forward=1,routeback

View file

@ -21,3 +21,5 @@
# net eth0 - dhcp,nosmurfs
#
###############################################################################
INCLUDE params.net
INCLUDE params.vpn

1
shorewall6/params.net Normal file
View file

@ -0,0 +1 @@
NET_IFACE=eth0

1
shorewall6/params.vpn Normal file
View file

@ -0,0 +1 @@
OMR_ADDR=fe80::a00:2

View file

@ -13,9 +13,9 @@
###############################################################################
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
vpn all ACCEPT info
vpn all ACCEPT
fw all ACCEPT
net all DROP info
net all DROP
# THE FOLLOWING POLICY MUST BE LAST
all all REJECT info
all all REJECT

View file

@ -30,18 +30,18 @@ DNS(ACCEPT) $FW net
#
# Allow Ping from/to the VPN
#
Ping(ACCEPT) vpn $FW
Ping(ACCEPT) vpn net
Ping(ACCEPT) $FW vpn
ACCEPT vpn $FW ipv6-icmp
ACCEPT vpn net ipv6-icmp
ACCEPT $FW vpn ipv6-icmp
#
# Allow Ping from the firewall to the network
#
Ping(ACCEPT) $FW net
ACCEPT $FW net ipv6-icmp
#
# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
#
#Ping(DROP) net $FW
Ping(ACCEPT) net $FW
#DROP net $FW ipv6-icmp
ACCEPT net $FW ipv6-icmp
#
# Accept connection from port > 65000 for shadowsocks and glorytun on the firewall
#
@ -54,7 +54,8 @@ ACCEPT net $FW tcp 65222
#
# DHCP forward to the VPN from the firewall
#
DHCPfwd(ACCEPT) $FW vpn
ACCEPT $FW vpn udp 53
ACCEPT vpn net udp 53
#
# Redirect all port from 1 to 64999 to the VPN client from the network
#

View file

@ -105,10 +105,11 @@ TC=
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
BLACKLIST_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP),dropNotSyn:$LOG_LEVEL,dropInvalid:$LOG_LEVEL,DropDNSrep:$LOG_LEVEL"
DROP_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
REJECT_DEFAULT="AllowICMPs,Broadcast(DROP),Multicast(DROP)"
###############################################################################
# R S H / R C P C O M M A N D S
@ -137,7 +138,7 @@ BASIC_FILTERS=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
#CHAIN_SCRIPTS=Yes
CLAMPMSS=No
@ -167,7 +168,7 @@ IGNOREUNKNOWNVARIABLES=No
IMPLICIT_CONTINUE=No
INLINE_MATCHES=No
#INLINE_MATCHES=No
IPSET_WARNINGS=Yes
@ -175,7 +176,7 @@ IP_FORWARDING=On
KEEP_RT_TABLES=Yes
LOAD_HELPERS_ONLY=Yes
#LOAD_HELPERS_ONLY=Yes
MACLIST_TABLE=filter

View file

@ -16,6 +16,6 @@
#ACTION SOURCE DEST PROTO PORT IPSEC MARK USER SWITCH ORIGDEST PROBABILITY
#
MASQUERADE fe80::/10,\
fd00::/8 eth0
fd00::/8 $NET_IFACE
# SNAT from VPN server for all VPN clients
SNAT(fe80::a00:1) ::/0 omr-6in4
#SNAT(fe80::a00:1) ::/0 omr-6in4-user+

View file

@ -13,6 +13,6 @@
###############################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE
# PORT(S) PORT(S)
ACCEPT omr-6in4 -
ACCEPT - omr-6in4
#ACCEPT omr-6in4 -
#ACCEPT - omr-6in4

View file

@ -1,6 +1,7 @@
PORT=65001
HOST=0.0.0.0
DEV=tun0
SERVER=true
MPTCP=true
IPV6=true
OPTIONS="chacha20 multiqueue keepalive"
OPTIONS="chacha20 retry count -1 const 5000000 timeout 5000 keepalive count 5 idle 20 interval 2 buffer-size 65536 multiqueue"

View file

@ -1,4 +1,6 @@
BIND=0.0.0.0
BIND_PORT=65001
HOST=0.0.0.0
PORT=5000
DEV=tun0
OPTIONS="chacha persist"

17
ubond.network Normal file
View file

@ -0,0 +1,17 @@
[Match]
Name=ubond*
[Network]
Description=UBOND tunnel
Address=10.255.248.1/24
DHCPServer=yes
IPMasquerade=yes
[DHCPServer]
PoolOffset=2
PoolSize=50
EmitDNS=no
EmitNTP=no
DNS=9.9.9.9
DefaultLeaseTimeSec=12h
MaxLeaseTimeSec=24h

42
ubond0.conf Normal file
View file

@ -0,0 +1,42 @@
[general]
tuntap = "tun"
mode = "server"
interface_name = "ubond0"
timeout = 30
password = "UBOND_PASS"
reorder_buffer = yes
reorder_buffer_size = 64
loss_tolerence = 50
[wan1]
bindport = 65251
bindhost = "0.0.0.0"
[wan2]
bindport = 65252
bindhost = "0.0.0.0"
[wan3]
bindport = 65253
bindhost = "0.0.0.0"
[wan4]
bindport = 65254
bindhost = "0.0.0.0"
[wan5]
bindport = 65255
bindhost = "0.0.0.0"
[wan6]
bindport = 65256
bindhost = "0.0.0.0"
[wan7]
bindport = 65257
bindhost = "0.0.0.0"
[wan8]
bindport = 65258
bindhost = "0.0.0.0"

16
ubond@.service.in Normal file
View file

@ -0,0 +1,16 @@
[Unit]
Description=UBOND connection to %i
PartOf=ubond.service
ReloadPropagatedFrom=ubond.service
After=network.target network-online.target
[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/local/sbin/ubond --config /etc/ubond/%i.conf --name %i --user ubond --quiet
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/ubond
Restart=always
[Install]
WantedBy=multi-user.target

1
ubuntu18.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
ubuntu19.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

1
ubuntu20.04-x86_64.sh Symbolic link
View file

@ -0,0 +1 @@
debian9-x86_64.sh

View file

@ -8,15 +8,17 @@ config_file="$(find /boot/grub* -maxdepth 1 -name grub.cfg 2>/dev/null)"
deflt_file="$(find /etc/default \( -name grub -o -name grub2 \) 2>/dev/null)"
[ $deflt_file ] || exit 0
if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
#if [ -z "$(grep -m 1 vmlinuz $config_file | grep $kernel)" ]; then
x=0
sed -n -e 's@\([^'\"\'']*\)['\"\'']\([^'\"\'']*\).*@\1\2@' -e '/\(menuentry\) /p' <$config_file | \
while IFS= read ln
do
if [ -n "$(echo $ln | grep $kernel)" ]; then
sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"$x\"@" $deflt_file
x=$(expr $x - 1)
sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"1>$x\"@" $deflt_file
[ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1
exit 0
fi
x=$(expr $x + 1)
done | sed 's@\(menuentry\) @@'
fi
#fi

220
v2ray-server.json Normal file
View file

@ -0,0 +1,220 @@
{
"log": {
"loglevel": "error",
"error": "/tmp/v2rayError.log"
},
"transport": {
"tcpSettings": {},
"wsSettings": {},
"kcpSettings": {
"mtu": 1460,
"tti": 10,
"uplinkCapacity": 100,
"downlinkCapacity": 100,
"congestion": false,
"readBufferSize": 8,
"writeBufferSize": 8
}
},
"inbounds": [
{
"tag": "omrin-tunnel",
"port": 65228,
"protocol": "vless",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-vmess-tunnel",
"port": 65230,
"protocol": "vmess",
"settings": {
"decryption": "none",
"clients": [
{
"id": "V2RAY_UUID",
"level": 0,
"alterId": 0,
"email": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-socks-tunnel",
"port": 65231,
"protocol": "socks",
"settings": {
"auth": "password",
"accounts": [
{
"pass": "V2RAY_UUID",
"user": "openmptcprouter"
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"tag": "omrin-trojan-tunnel",
"port": 65229,
"protocol": "trojan",
"settings": {
"clients": [
{
"password": "V2RAY_UUID",
"email": "openmptcprouter",
"level": 0
}
]
},
"streamSettings": {
"sockopt": {
"mptcp": true,
"mark": 0
},
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certificates": [
{
"certificateFile": "/etc/openvpn/ca/pki/issued/server.crt",
"keyFile": "/etc/openvpn/ca/pki/private/server.key"
}
]
}
}
},
{
"listen": "127.0.0.1",
"port": 10085,
"protocol": "dokodemo-door",
"settings": {
"address": "127.0.0.1"
},
"tag": "api"
}
],
"outbounds": [
{
"protocol": "freedom",
"settings": {
"userLevel": 0
},
"tag": "direct"
}
],
"routing": {
"rules": [
{
"type": "field",
"inboundTag": [
"omrin-tunnel",
"omrin-vmess-tunnel",
"omrin-socks-tunnel",
"omrin-trojan-tunnel"
],
"outboundTag": "OMRLan",
"domain": [
"full:omr.lan"
]
},
{
"inboundTag": [
"api"
],
"outboundTag": "api",
"type": "field"
}
]
},
"reverse": {
"portals": [
{
"tag": "OMRLan",
"domain": "omr.lan"
}
]
},
"stats": {},
"api": {
"tag": "api",
"services": [
"HandlerService",
"LoggerService",
"StatsService"
]
},
"policy": {
"levels": {
"0": {
"uplinkOnly": 0,
"downlinkOnly": 0,
"bufferSize": 512,
"connIdle": 2400,
"statsUserUplink": true,
"statsUserDownlink": true
}
},
"system": {
"statsInboundUplink": true,
"statsInboundDownlink": true
}
}
}

Some files were not shown because too many files have changed in this diff Show more