#!/bin/sh # # Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3 or later. # See /LICENSE for more information. # KERNEL=${KERNEL:-5.4} UPSTREAM=${UPSTREAM:-no} [ "$UPSTREAM" = "yes" ] && KERNEL="5.15" UPSTREAM6=${UPSTREAM6:-no} [ "$UPSTREAM6" = "yes" ] && KERNEL="6.1" SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} DSVPN_PASS=${DSVPN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} #NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")} NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")} OBFS=${OBFS:-yes} V2RAY_PLUGIN=${V2RAY_PLUGIN:-no} V2RAY=${V2RAY:-yes} V2RAY_UUID=${V2RAY_UUID:-$(cat /proc/sys/kernel/random/uuid | tr -d "\n")} XRAY=${XRAY:-yes} XRAY_UUID=${XRAY_UUID:-$V2RAY_UUID} SHADOWSOCKS=${SHADOWSOCKS:-yes} SHADOWSOCKS_GO=${SHADOWSOCKS_GO:-yes} PSK=${PSK:-$(head -c 32 /dev/urandom | base64 -w0)} UPSK=${UPSK:-$(head -c 32 /dev/urandom | base64 -w0)} UPDATE_OS=${UPDATE_OS:-yes} UPDATE=${UPDATE:-yes} TLS=${TLS:-yes} OMR_ADMIN=${OMR_ADMIN:-yes} OMR_ADMIN_PASS=${OMR_ADMIN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} OMR_ADMIN_PASS_ADMIN=${OMR_ADMIN_PASS_ADMIN:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")} MLVPN=${MLVPN:-yes} MLVPN_PASS=${MLVPN_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} UBOND=${UBOND:-no} UBOND_PASS=${UBOND_PASS:-$(head -c 32 /dev/urandom | base64 -w0)} OPENVPN=${OPENVPN:-yes} DSVPN=${DSVPN:-yes} WIREGUARD=${WIREGUARD:-yes} SOURCES=${SOURCES:-no} if [ "$KERNEL" != "5.4" ]; then SOURCES="yes" fi NOINTERNET=${NOINTERNET:-no} REINSTALL=${REINSTALL:-yes} SPEEDTEST=${SPEEDTEST:-yes} IPERF=${IPERF:-yes} LOCALFILES=${LOCALFILES:-no} INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | grep -m 1 -Po '(?<=dev )(\S+)' | tr -d "\n")} KERNEL_VERSION="5.4.207" KERNEL_PACKAGE_VERSION="1.22" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" if [ "$KERNEL" = "5.15" ]; then KERNEL_VERSION="5.15.57" KERNEL_PACKAGE_VERSION="1.6" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_VERSION}-${KERNEL_PACKAGE_VERSION}" fi if [ "$KERNEL" = "6.1" ]; then KERNEL_VERSION="6.1.0" KERNEL_PACKAGE_VERSION="1.30" KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}" fi GLORYTUN_UDP=${GLORYTUN_UDP:-yes} GLORYTUN_UDP_VERSION="23100474922259d00a8c0c4b00a0c8de89202cf9" GLORYTUN_UDP_BINARY_VERSION="0.3.4-5" GLORYTUN_TCP=${GLORYTUN_TCP:-yes} GLORYTUN_TCP_BINARY_VERSION="0.0.35-6" #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2" MLVPN_VERSION="8aa1b16d843ea68734e2520e39a34cb7f3d61b2b" MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3" UBOND_VERSION="31af0f69ebb6d07ed9348dca2fced33b956cedee" OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4" OBFS_BINARY_VERSION="0.0.5-1" OMR_ADMIN_VERSION="f974719ddc902246ac0cd559372495ec23b262df" OMR_ADMIN_BINARY_VERSION="0.9+20240324" #OMR_ADMIN_BINARY_VERSION="0.3+20220827" DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a" DSVPN_BINARY_VERSION="0.1.4-2" V2RAY_VERSION="5.7.0" V2RAY_PLUGIN_VERSION="4.43.0" XRAY_VERSION="1.8.6" EASYRSA_VERSION="3.0.6" #SHADOWSOCKS_VERSION="7407b214f335f0e2068a8622ef3674d868218e17" #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then SHADOWSOCKS_VERSION="8fc18fcba3226e31f9f2bb9e60d6be6a1837862b" #fi IPROUTE2_VERSION="29da83f89f6e1fe528c59131a01f5d43bcd0a000" SHADOWSOCKS_BINARY_VERSION="3.3.5-3" SHADOWSOCKS_GO_VERSION="1.8.0" DEFAULT_USER="openmptcprouter" VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)} VPSPATH="server-test" VPS_PUBLIC_IP=${VPS_PUBLIC_IP:-$(wget -4 -qO- -T 2 http://ip.openmptcprouter.com)} VPSURL="https://www.openmptcprouter.com/" REPO="repo.openmptcprouter.com" CHINA=${CHINA:-no} OMR_VERSION="0.1029-test" DIR=$( pwd ) #" set -e umask 0022 export LC_ALL=C export PATH=$PATH:/sbin export DEBIAN_FRONTEND=noninteractive echo "Check user..." if [ "$(id -u)" -ne 0 ]; then echo 'Please run as root.' >&2; exit 1; fi # Check Kernel if [ "$KERNEL" != "5.4" ] && [ "$KERNEL" != "5.15" ] && [ "$KERNEL" != "6.1" ] && [ "$KERNEL" != "6.6" ]; then echo "Only kernels 5.4, 5.15, 6.1 and 6.6 are currently supported" exit 1 fi # Check Linux version echo "Check Linux version..." if test -f /etc/os-release ; then . /etc/os-release else . /usr/lib/os-release fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" != "9" ] && [ "$VERSION_ID" != "10" ] && [ "$VERSION_ID" != "11" ] && [ "$VERSION_ID" != "12" ]; then echo "This script only work with Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" exit 1 elif [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" != "18.04" ] && [ "$VERSION_ID" != "19.04" ] && [ "$VERSION_ID" != "20.04" ] && [ "$VERSION_ID" != "22.04" ]; then echo "This script only work with Ubuntu 18.04, 19.04, 20.04 or 22.04" echo "Use debian when possible" exit 1 elif [ "$ID" != "debian" ] && [ "$ID" != "ubuntu" ]; then echo "This script only work with Ubuntu 18.04, Ubuntu 19.04, Ubutun 20.04, Ubuntu 22.04, Debian Stretch (9.x), Debian Buster (10.x), Debian Bullseye (11.x) or Debian Bookworm (12.x)" echo "Use Debian when possible" exit 1 fi echo "Check architecture..." ARCH=$(dpkg --print-architecture | tr -d "\n") if ([ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]) && [ "$ARCH" != "amd64" ] && [ "$ID" != "debian" ]; then echo "Only x86_64 (amd64) is supported on this OS" exit 1 fi if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then echo "Check virtualized environment" VIRT="$(systemd-detect-virt 2>/dev/null || true)" if [ -z "$(uname -a | grep mptcp)" ] && [ -n "$VIRT" ] && ([ "$VIRT" = "openvz" ] || [ "$VIRT" = "lxc" ] || [ "$VIRT" = "docker" ]); then echo "Container are not supported: kernel can't be modified." exit 1 fi fi # Check if DPKG is locked and for broken packages #dpkg -i /dev/zero 2>/dev/null #if [ "$?" -eq 2 ]; then # echo "E: dpkg database is locked. Check that an update is not running in background..." # exit 1 #fi echo "Check about broken packages..." apt-get check >/dev/null 2>&1 if [ "$?" -ne 0 ]; then echo "E: \`apt-get check\` failed, you may have broken packages. Aborting..." exit 1 fi # Fix old string... if [ -f /etc/motd ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd ; then sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd fi if [ -f /etc/motd.head ] && grep --quiet 'OpenMPCTProuter VPS' /etc/motd.head ; then sed -i 's/OpenMPCTProuter/OpenMPTCProuter/g' /etc/motd.head fi # Check if OpenMPTCProuter VPS is already installed echo "Check if OpenMPTCProuter VPS is already installed..." update="0" if [ "$UPDATE" = "yes" ]; then if [ -f /etc/motd ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd ; then update="1" elif [ -f /etc/motd.head ] && grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head ; then update="1" elif [ -f /root/openmptcprouter_config.txt ]; then update="1" fi echo "Update mode" fi # Force update key #[ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { # echo "Update OpenMPTCProuter repo key" # #wget -O - http://repo.openmptcprouter.com/openmptcprouter.gpg.key | apt-key add - # wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg #} CURRENT_OMR="$(grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}')" if [ "$REINSTALL" = "no" ] && [ "$CURRENT_OMR" = "$OMR_VERSION" ]; then exit 1 fi # Force update key [ -f /etc/apt/sources.list.d/openmptcprouter.list ] && { echo "Update ${REPO} key" apt-key del '2FDF 70C8 228B 7F04 42FE 59F6 608F D17B 2B24 D936' 2>&1 >/dev/null if [ "$CHINA" = "yes" ]; then #wget -O - https://gitee.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key | apt-key add - wget https://gitlab.com/ysurac/openmptcprouter-vps-debian/raw/main/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg else #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg fi } echo "Remove lock and update packages list..." rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then apt-get update else apt-get update --allow-releaseinfo-change fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /var/cache/apt/archives/lock echo "Install apt-transport-https, gnupg and openssh-server..." apt-get -y install apt-transport-https gnupg openssh-server #if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_DEBIAN" = "yes" ] && [ "$update" = "0" ]; then if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Debian 9 Stretch to Debian 10 Buster" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:stretch:buster:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="10" fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 10 Stretch to Debian 11 Buster" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:buster:bullseye:g' /etc/apt/sources.list sed -i 's:bullseye/updates:bullseye-security:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="11" fi if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "11" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Debian 11 Buster to Debian 12" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:bullseye:bookworm:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="12" fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ]; then echo "Update Ubuntu 18.04 to Ubuntu 20.04" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:bionic:focal:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="20.04" fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes" ] && ([ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]); then echo "Update Ubuntu 20.04 to Ubuntu 22.04" apt-get -y -f --force-yes --allow-downgrades upgrade apt-get -y -f --force-yes --allow-downgrades dist-upgrade sed -i 's:focal:jammy:g' /etc/apt/sources.list apt-get update --allow-releaseinfo-change apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade VERSION_ID="22.04" fi # Add OpenMPTCProuter repo echo "Add OpenMPTCProuter repo..." if [ "$CHINA" = "yes" ]; then echo "Install git..." apt-get -y install git if [ ! -d /var/lib/openmptcprouter-vps-debian ]; then #git clone https://gitee.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian git clone https://gitlab.com/ysurac/openmptcprouter-vps-debian.git /var/lib/openmptcprouter-vps-debian fi cd /var/lib/openmptcprouter-vps-debian git pull # if [ "$VPSPATH" = "server-test" ]; then # git checkout develop # else # git checkout main # fi echo "deb [arch=amd64] file:/var/lib/openmptcprouter-vps-debian ./" > /etc/apt/sources.list.d/openmptcprouter.list cat /var/lib/openmptcprouter-vps-debian/openmptcprouter.gpg.key | apt-key add - if [ ! -d /usr/share/omr-server-git ]; then #git clone https://gitee.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git git clone https://gitlab.com/ysurac/openmptcprouter-vps.git /usr/share/omr-server-git fi cd /usr/share/omr-server-git git pull if [ "$VPSPATH" = "server-test" ]; then git checkout develop else git checkout master fi LOCALFILES="yes" TLS="no" DIR="/usr/share/omr-server-git" else echo "deb [arch=amd64] https://${REPO} buster main" > /etc/apt/sources.list.d/openmptcprouter.list cat <<-EOF | tee /etc/apt/preferences.d/openmptcprouter.pref Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones Package: * Pin: origin ${REPO} Pin-Priority: 1001 EOF if [ -n "$(echo $OMR_VERSION | grep test)" ]; then echo "deb [arch=amd64] https://${REPO} next main" > /etc/apt/sources.list.d/openmptcprouter-test.list # cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref # Explanation: Prefer OpenMPTCProuter provided packages over the Debian native ones # Package: * # Pin: origin ${REPO} # Pin-Priority: 1002 # EOF else rm -f /etc/apt/sources.list.d/openmptcprouter-test.list fi if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then cat <<-EOF | tee -a /etc/apt/preferences.d/openmptcprouter.pref Explanation: Prefer libuv1 Debian native package Package: libuv1 Pin: version * Pin-Priority: 1003 EOF fi #wget -O - https://${REPO}/openmptcprouter.gpg.key | apt-key add - wget https://${REPO}/openmptcprouter.gpg.key -O /etc/apt/trusted.gpg.d/openmptcprouter.gpg fi #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61 if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then #echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list fi # Add buster-backports repo echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list if [ "$VERSION_ID" = "12" ]; then echo 'deb http://deb.debian.org/debian bullseye main' > /etc/apt/sources.list.d/bullseye.list fi elif [ "$ID" = "ubuntu" ]; then echo 'deb http://archive.ubuntu.com/ubuntu bionic-backports main' > /etc/apt/sources.list.d/bionic-backports.list echo 'deb http://archive.ubuntu.com/ubuntu bionic universe' > /etc/apt/sources.list.d/bionic-universe.list [ "$VERSION_ID" = "22.04" ] && { apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32 echo 'deb http://old-releases.ubuntu.com/ubuntu impish main universe' > /etc/apt/sources.list.d/impish-universe.list } fi # Install mptcp kernel and shadowsocks echo "Install mptcp kernel and shadowsocks..." apt-get update --allow-releaseinfo-change sleep 2 apt-get -y install dirmngr patch rename curl libcurl4 unzip pkg-config ipset if [ -z "$(dpkg-query -l | grep grub)" ]; then if [ -d /boot/grub2 ]; then apt-get -y install grub2 elif [ -d /boot/grub ]; then apt-get -y install grub-legacy fi [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub } fi if [ -z "$(dpkg-query -l | grep grub)" ]; then if [ -d /boot/grub2 ]; then apt-get -y install grub2 elif [ -d /boot/grub ]; then apt-get -y install grub-legacy fi [ -n "$(grep 'net.ifnames=0' /boot/grub/grub.cfg)" ] && [ ! -f /etc/default/grub ] && { echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"' > /etc/default/grub } fi if [ "$KERNEL" = "5.4" ] || [ "$KERNEL" = "5.15" ]; then if [ "$SOURCES" = "yes" ]; then wget -O /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-image-${KERNEL_RELEASE}_amd64.deb wget -O /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb ${VPSURL}kernel/linux-headers-${KERNEL_RELEASE}_amd64.deb # Rename bzImage to vmlinuz, needed when custom kernel was used cd /boot apt-get -y install git rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 #apt-get -y install linux-mptcp #dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp #dpkg --remove --force-remove-reinstreq linux-headers-${KERNEL_VERSION}-mptcp if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then echo "Install kernel linux-image-${KERNEL_RELEASE} source release" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" dpkg --force-all -i -B /tmp/linux-headers-${KERNEL_RELEASE}_amd64.deb dpkg --force-all -i -B /tmp/linux-image-${KERNEL_RELEASE}_amd64.deb fi else cd /boot rename 's/^bzImage/vmlinuz/s' * >/dev/null 2>&1 if [ "$(dpkg -l | grep linux-image-${KERNEL_VERSION} | grep ${KERNEL_PACKAGE_VERSION})" = "" ]; then echo "Install kernel linux-image-${KERNEL_RELEASE}" echo "\033[1m !!! if kernel install fail run: dpkg --remove --force-remove-reinstreq linux-image-${KERNEL_VERSION}-mptcp !!! \033[0m" apt-get -y install linux-image-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} linux-headers-${KERNEL_VERSION}-mptcp=${KERNEL_PACKAGE_VERSION} fi fi # Check if mptcp kernel is grub default kernel echo "Set MPTCP kernel as grub default..." if [ "$LOCALFILES" = "no" ]; then wget -O /tmp/update-grub.sh ${VPSURL}${VPSPATH}/update-grub.sh cd /tmp else cd ${DIR} fi [ -f /boot/grub/grub.cfg ] && [ -z "$(grep ${KERNEL_VERSION}-mptcp /boot/grub/grub.cfg)" ] && [ -n "$(which grub-mkconfig)" ] && grub-mkconfig -o /boot/grub/grub.cfg rm -f /etc/grub.d/30_os-prober bash update-grub.sh ${KERNEL_VERSION}-mptcp bash update-grub.sh ${KERNEL_RELEASE} [ -f /boot/grub/grub.cfg ] && sed -i 's/default="1>0"/default="0"/' /boot/grub/grub.cfg 2>&1 >/dev/null elif [ "$KERNEL" = "6.6" ] && [ "$ARCH" = "amd64" ]; then wget https://dl.xanmod.org/archive.key -O /etc/apt/trusted.gpg.d/xanmod.gpg echo 'deb http://deb.xanmod.org releases main' > /etc/apt/sources.list.d/xanmod-release.list apt-get update apt-get -y install linux-xanmod-x64v3 [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 } elif [ "$KERNEL" = "6.6" ] && [ "$ID" = "debian" ]; then echo 'deb http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/bookworm-backports.list apt-get update apt-get -y install $(apt-cache search linux-image-amd64-6.6 | tail -n 1 | cut -d" " -f1) [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 } else if [ "$ID" = "ubuntu" ] && [ -z "$(uname -a | grep '6.1')" ]; then apt-get -y install $(apt-cache search linux-image-unsigned-6.1.0 | tail -n 1 | cut -d" " -f1) fi [ -f /etc/default/grub ] && { sed -i "s@^\(GRUB_DEFAULT=\).*@\1\"0\"@" /etc/default/grub >/dev/null 2>&1 [ -f /boot/grub/grub.cfg ] && grub-mkconfig -o /boot/grub/grub.cfg >/dev/null 2>&1 } fi if [ "$ARCH" = "amd64" ]; then echo "Install tracebox OpenMPTCProuter edition" apt-get -y -o Dpkg::Options::="--force-overwrite" install tracebox fi if [ "$IPERF" = "yes" ]; then #echo "Install iperf3 OpenMPTCProuter edition" #apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-iperf3 #chmod 644 /lib/systemd/system/iperf3.service echo "Install iperf3" [ "$ARCH" = "amd64" ] && apt-get -y remove omr-iperf3 omr-libiperf0 2>&1 >/dev/null apt-get -y install iperf3 if [ ! -f "/etc/iperf3/private.pem" ]; then mkdir -p /etc/iperf3 openssl genrsa -out /etc/iperf3/private.pem 2048 openssl rsa -in /etc/iperf3/private.pem -outform PEM -pubout -out /etc/iperf3/public.pem IPERFPASS=$(echo -n "{openmptcprouter}openmptcprouter" | sha256sum | awk '{ print $1 }') echo "openmptcprouter,$IPERFPASS" > /etc/iperf3/users.csv fi chown -Rf iperf3 /etc/iperf3 || true systemctl enable iperf3.service || true mkdir -p /etc/systemd/system/iperf3.service.d if [ "$LOCALFILES" = "no" ]; then wget -O /etc/systemd/system/iperf3.service.d/override.conf ${VPSURL}${VPSPATH}/iperf3.override.conf else cp ${DIR}/iperf3.override.conf /etc/systemd/system/iperf3.service.d/override.conf fi fi if [ "$KERNEL" != "5.4" ]; then echo "Compile and install mptcpize..." apt-get -y install --no-install-recommends build-essential cd /tmp apt-get -y install git git clone https://github.com/Ysurac/mptcpize.git cd mptcpize make make install cd /tmp rm -rf /tmp/mptcpize if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then apt-get -y install iproute2 else echo "Compile and install iproute2..." apt-get -y install --no-install-recommends bison libbison-dev flex #wget https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-5.16.0.tar.gz #tar xzf iproute2-5.16.0.tar.gz #cd iproute2-5.16.0 git clone git://git.kernel.org/pub/scm/network/iproute2/iproute2.git cd iproute2 git checkout 29da83f89f6e1fe528c59131a01f5d43bcd0a000 make make install cd /tmp fi rm -rf iproute2 echo "MPTCPize iperf3..." mptcpize enable iperf3 2>&1 >/dev/null #if [ "$UPSTREAM6" = "yes" ]; then # apt-get -y install $(dpkg --get-selections | grep linux-image-6.1 | grep -v dbg | cut -f1)-dbg # apt-get -y install systemtap # mkdir -p /usr/share/systemtap-mptcp # wget -O /usr/share/systemtap-mptcp/mptcp-app.stap ${VPSURL}${VPSPATH}/mptcp-app.stap #fi fi apt-get -y remove shadowsocks-libev if [ "$SHADOWSOCKS" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then #apt -t stretch-backports -y install shadowsocks-libev ## Compile Shadowsocks #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} #wget -O /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v${SHADOWSOCKS_VERSION}/shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz cd /tmp rm -rf shadowsocks-libev git clone https://github.com/Ysurac/shadowsocks-libev.git cd shadowsocks-libev git checkout ${SHADOWSOCKS_VERSION} git submodule update --init --recursive #tar xzf shadowsocks-libev-${SHADOWSOCKS_VERSION}.tar.gz #cd shadowsocks-libev-${SHADOWSOCKS_VERSION} #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/020-NOCRYPTO.patch #patch -p1 < 020-NOCRYPTO.patch #wget https://github.com/Ysurac/shadowsocks-libev/commit/31b93ac2b054bc3f68ea01569649e6882d72218e.patch #patch -p1 < 31b93ac2b054bc3f68ea01569649e6882d72218e.patch #wget https://github.com/Ysurac/shadowsocks-libev/commit/2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch #patch -p1 < 2e52734b3bf176966e78e77cf080a1e8c6b2b570.patch #wget https://github.com/Ysurac/shadowsocks-libev/commit/dd1baa91e975a69508f9ad67d75d72624c773d24.patch #patch -p1 < dd1baa91e975a69508f9ad67d75d72624c773d24.patch # Shadowsocks eBPF support #wget https://raw.githubusercontent.com/Ysurac/openmptcprouter-feeds/master/shadowsocks-libev/patches/030-eBPF.patch #patch -p1 < 030-eBPF.patch #rm -f /var/lib/dpkg/lock #apt-get install -y --no-install-recommends build-essential git ca-certificates libcap-dev libelf-dev libpcap-dev #cd /tmp #rm -rf libbpf #git clone https://github.com/libbpf/libbpf.git #cd libbpf #if [ "$ID" = "debian" ]; then # rm -f /var/lib/dpkg/lock # apt -y -t stretch-backports install linux-libc-dev #elif [ "$ID" = "ubuntu" ]; then # rm -f /var/lib/dpkg/lock # apt-get -y install linux-libc-dev #fi #BUILD_SHARED=y make -C src CFLAGS="$CFLAGS -DCOMPAT_NEED_REALLOCARRAY" #cp /tmp/libbpf/src/libbpf.so /usr/lib #cp /tmp/libbpf/src/*.h /usr/include/bpf #cd /tmp #rm -rf /tmp/libbpf rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap libc-ares2 libc-ares-dev libev4 haveged libpcre3-dev apt-get -y install --no-install-recommends asciidoc-base asciidoc-common docbook-xml docbook-xsl libev-dev libmbedcrypto3 libmbedtls-dev libmbedtls12 libmbedx509-0 libxml2-utils libxslt1.1 pkg-config sgml-base sgml-data xml-core xmlto xsltproc sleep 1 rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend systemctl enable haveged if [ "$ID" = "debian" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend if [ "$VERSION_ID" = "9" ]; then apt -y -t stretch-backports install libsodium-dev else apt -y install libsodium-dev fi elif [ "$ID" = "ubuntu" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install libsodium-dev fi #cd /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" 2>&1 >/dev/null rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg-buildpackage -b -us -uc 2>&1 >/dev/null rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend cd /tmp #dpkg -i shadowsocks-libev_*.deb dpkg -i omr-shadowsocks-libev_*.deb 2>&1 >/dev/null #mkdir -p /usr/lib/shadowsocks-libev #cp -f /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION}/src/*.ebpf /usr/lib/shadowsocks-libev #rm -rf /tmp/shadowsocks-libev-${SHADOWSOCKS_VERSION} rm -rf /tmp/shadowsocks-libev else apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" install omr-shadowsocks-libev=${SHADOWSOCKS_BINARY_VERSION} fi fi # Load BBR Congestion module at boot time if ! grep -q bbr /etc/modules ; then echo tcp_bbr >> /etc/modules fi if [ "$KERNEL" = "5.4" ]; then # Load OLIA Congestion module at boot time if ! grep -q olia /etc/modules ; then echo mptcp_olia >> /etc/modules fi # Load WVEGAS Congestion module at boot time if ! grep -q wvegas /etc/modules ; then echo mptcp_wvegas >> /etc/modules fi # Load BALIA Congestion module at boot time if ! grep -q balia /etc/modules ; then echo mptcp_balia >> /etc/modules fi # Load BBRv2 Congestion module at boot time if ! grep -q bbr2 /etc/modules ; then echo tcp_bbr2 >> /etc/modules fi # Load mctcpdesync Congestion module at boot time if ! grep -q mctcp_desync /etc/modules ; then echo mctcp_desync >> /etc/modules fi # Load ndiffports module at boot time if ! grep -q mptcp_ndiffports /etc/modules ; then echo mptcp_ndiffports >> /etc/modules fi # Load redundant module at boot time if ! grep -q mptcp_redundant /etc/modules ; then echo mptcp_redundant >> /etc/modules fi # Load rr module at boot time if ! grep -q mptcp_rr /etc/modules ; then echo mptcp_rr >> /etc/modules fi # Load mctcp ECF scheduler at boot time if ! grep -q mptcp_ecf /etc/modules ; then echo mptcp_ecf >> /etc/modules fi # Load mctcp BLEST scheduler at boot time if ! grep -q mptcp_blest /etc/modules ; then echo mptcp_blest >> /etc/modules fi fi if systemctl -q is-active omr-admin.service; then systemctl -q stop omr-admin > /dev/null 2>&1 fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Install OpenMPTCProuter VPS Admin' if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then #echo 'deb http://ftp.de.debian.org/debian buster main' > /etc/apt/sources.list.d/buster.list #echo 'APT::Default-Release "stretch";' | tee -a /etc/apt/apt.conf.d/00local #apt-get update #apt-get -y -t buster install python3.7-dev #apt-get -y -t buster install python3-pip python3-setuptools python3-wheel if [ "$(whereis python3 | grep python3.7)" = "" ]; then apt-get -y install libffi-dev build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev wget wget -O /tmp/Python-3.7.2.tgz https://www.python.org/ftp/python/3.7.2/Python-3.7.2.tgz cd /tmp tar xzf Python-3.7.2.tgz cd Python-3.7.2 ./configure --enable-optimizations make make altinstall cd /tmp rm -rf /tmp/Python-3.7.2 update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.7 1 update-alternatives --install /usr/bin/pip3 pip3 /usr/local/bin/pip3.7 1 sed -i 's:/usr/bin/python3 :/usr/bin/python3\.7 :g' /usr/bin/lsb_release fi pip3 -q install setuptools wheel pip3 -q install pyopenssl else apt-get -y install python3-openssl python3-pip python3-setuptools python3-wheel python3-dev fi #apt-get -y install unzip gunicorn python3-flask-restful python3-openssl python3-pip python3-setuptools python3-wheel #apt-get -y install unzip python3-openssl python3-pip python3-setuptools python3-wheel if [ "$ID" = "ubuntu" ]; then apt-get -y install python3-passlib python3-netaddr apt-get -y remove python3-jwt pip3 -q install pyjwt else if [ "$ID" = "debian" ] && ([ "$VERSION_ID" = "10" ] || [ "$VERSION_ID" = "11" ] || [ "$VERSION_ID" = "12" ]); then if [ "$VERSION_ID" = "12" ]; then apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 pip3 -q install uvloop --break-system-packages else apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 pip3 -q install uvloop fi else apt-get -y --allow-downgrades install python3-passlib python3-jwt python3-netaddr libuv1 python3-uvloop fi fi apt-get -y --allow-downgrades install python3-uvicorn jq ipcalc python3-netifaces python3-aiofiles python3-psutil python3-requests pwgen echo '-- pip3 install needed python modules' echo "If you see any error here, I really don't care: it's about a module not used for home users" #pip3 install pyjwt passlib uvicorn fastapi netjsonconfig python-multipart netaddr #pip3 -q install fastapi netjsonconfig python-multipart uvicorn -U if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "12" ]; then pip3 -q install netjsonconfig --break-system-packages pip3 -q install fastapi -U --break-system-packages pip3 -q install jsonschema -U --break-system-packages pip3 -q install python-multipart jinja2 -U --break-system-packages pip3 -q install starlette --break-system-packages pip3 -q install starlette --break-system-packages else pip3 -q install netjsonconfig if [ "$ID" = "ubuntu" ] || ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]); then pip3 -q install fastapi==0.99.1 -U else pip3 -q install fastapi -U fi pip3 -q install fastapi -U pip3 -q install jsonschema -U pip3 -q install python-multipart jinja2 -U pip3 -q install starlette pip3 -q install starlette fi mkdir -p /etc/openmptcprouter-vps-admin/omr-6in4 mkdir -p /etc/openmptcprouter-vps-admin/intf #[ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "glorytun_tcp" > /etc/openmptcprouter-vps-admin/current-vpn [ ! -f "/etc/openmptcprouter-vps-admin/current-vpn" ] && echo "openvpn" > /etc/openmptcprouter-vps-admin/current-vpn mkdir -p /var/opt/openmptcprouter if [ "$SOURCES" = "yes" ]; then wget -O /lib/systemd/system/omr-admin.service ${VPSURL}${VPSPATH}/omr-admin.service.in wget -O /lib/systemd/system/omr-admin-ipv6.service ${VPSURL}${VPSPATH}/omr-admin-ipv6.service.in wget -O /tmp/openmptcprouter-vps-admin.zip https://github.com/Ysurac/openmptcprouter-vps-admin/archive/${OMR_ADMIN_VERSION}.zip cd /tmp unzip -q -o openmptcprouter-vps-admin.zip cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ if [ -f /usr/local/bin/omr-admin.py ] || [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 else cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin fi if [ "$(grep user_password /etc/openmptcprouter-vps-admin/omr-admin-config.json)" = "" ]; then cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin-config.json /etc/openmptcprouter-vps-admin/ cp /tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION}/omr-admin.py /usr/local/bin/ cd /etc/openmptcprouter-vps-admin fi rm -rf /tmp/tmp/openmptcprouter-vps-admin-${OMR_ADMIN_VERSION} chmod u+x /usr/local/bin/omr-admin.py else if [ -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then OMR_ADMIN_PASS2=$(grep -Po '"'"pass"'"\s*:\s*"\K([^"]*)' /etc/openmptcprouter-vps-admin/omr-admin-config.json | tr -d "\n") [ -z "$OMR_ADMIN_PASS2" ] && OMR_ADMIN_PASS2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS2" ] && [ "$OMR_ADMIN_PASS2" != "MySecretKey" ] && OMR_ADMIN_PASS=$OMR_ADMIN_PASS2 OMR_ADMIN_PASS_ADMIN2=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") [ -n "$OMR_ADMIN_PASS_ADMIN2" ] && [ "$OMR_ADMIN_PASS_ADMIN2" != "AdminMySecretKey" ] && OMR_ADMIN_PASS_ADMIN=$OMR_ADMIN_PASS_ADMIN2 fi apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y --allow-downgrades install omr-vps-admin=${OMR_ADMIN_BINARY_VERSION} if [ ! -f /etc/openmptcprouter-vps-admin/omr-admin-config.json ]; then cp /usr/share/omr-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/ fi #OMR_ADMIN_PASS=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].openmptcprouter.user_password | tr -d "\n") #OMR_ADMIN_PASS_ADMIN=$(cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -r .users[0].admin.user_password | tr -d "\n") fi if [ ! -f /etc/openmptcprouter-vps-admin/key.pem ]; then cd /etc/openmptcprouter-vps-admin openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout key.pem -out cert.pem -subj "/C=US/ST=Oregon/L=Portland/O=OpenMPTCProuterVPS/OU=Org/CN=www.openmptcprouter.vps" fi sed -i "s:openmptcptouter:${DEFAULT_USER}:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json sed -i "s:AdminMySecretKey:$OMR_ADMIN_PASS_ADMIN:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json sed -i "s:MySecretKey:$OMR_ADMIN_PASS:g" /etc/openmptcprouter-vps-admin/omr-admin-config.json [ "$NOINTERNET" = "yes" ] && { sed -i 's/"port": 65500,/"port": 65500,\n "internet": false,/' /etc/openmptcprouter-vps-admin/omr-admin-config.json } chmod 644 /lib/systemd/system/omr-admin.service chmod 644 /lib/systemd/system/omr-admin-ipv6.service #[ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /usr/local/bin/omr-admin.py [ "$(ip -6 a)" != "" ] && { systemctl enable omr-admin-ipv6.service } systemctl enable omr-admin.service if [ "$KERNEL" != "5.4" ]; then mptcpize enable omr-admin.service 2>&1 >/dev/null [ "$(ip -6 a)" != "" ] && mptcpize enable omr-admin-ipv6.service 2>&1 >/dev/null fi fi # Get shadowsocks optimization if [ "$LOCALFILES" = "no" ]; then if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.6.1.conf else wget -O /etc/sysctl.d/90-shadowsocks.conf ${VPSURL}${VPSPATH}/shadowsocks.conf fi else if [ "$KERNEL" = "6.1" ] || [ "$KERNEL" = "6.6" ]; then cp ${DIR}/shadowsocks.6.1.conf /etc/sysctl.d/90-shadowsocks.conf else cp ${DIR}/shadowsocks.conf /etc/sysctl.d/90-shadowsocks.conf fi fi if [ "$SHADOWSOCKS" = "yes" ]; then if [ "$update" != 0 ]; then if [ ! -f /etc/shadowsocks-libev/manager.json ]; then SHADOWSOCKS_PASS=$(grep -Po '"'"key"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-libev/config.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') elif [ -f /etc/shadowsocks-libev/manager.json ]; then SHADOWSOCKS_PASS=$(grep -Po '"'"65101"'":\s*"\K([^"]*)' /etc/shadowsocks-libev/manager.json | tr -d "\n" | sed 's/-/+/g; s/_/\//g;') fi fi # Install shadowsocks config and add a shadowsocks by CPU if [ "$update" = "0" ] || [ ! -f /etc/shadowsocks-libev/manager.json ]; then if [ "$LOCALFILES" = "no" ]; then wget -O /etc/shadowsocks-libev/manager.json ${VPSURL}${VPSPATH}/manager.json else cp ${DIR}/manager.json /etc/shadowsocks-libev/manager.json fi SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;') if [ "$NBCPU" -gt "1" ]; then for i in $(seq 2 NBCPU); do sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json done fi #sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/manager.json [ "$(ip -6 a)" = "" ] && sed -i '/"\[::0\]"/d' /etc/shadowsocks-libev/manager.json elif [ "$update" != "0" ] && [ -f /etc/shadowsocks-libev/manager.json ] && [ "$(grep -c '65101' /etc/shadowsocks-libev/manager.json | tr -d '\n')" != "$NBCPU" ] && [ -z "$(grep port_conf /etc/shadowsocks-libev/manager.json)" ]; then for i in $(seq 2 $NBCPU); do sed -i '0,/65101/ s/ "65101.*/&\n&/' /etc/shadowsocks-libev/manager.json done sed -i 's/ "65101.*"$/&,/' /etc/shadowsocks-libev/manager.json fi [ ! -f /etc/shadowsocks-libev/local.acl ] && touch /etc/shadowsocks-libev/local.acl #sed -i 's:aes-256-cfb:chacha20:g' /etc/shadowsocks-libev/config.json #sed -i 's:json:json --no-delay:g' /lib/systemd/system/shadowsocks-libev-server@.service if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/shadowsocks-libev-manager@.service ${VPSURL}${VPSPATH}/shadowsocks-libev-manager@.service.in else cp ${DIR}/shadowsocks-libev-manager@.service.in /lib/systemd/system/shadowsocks-libev-manager@.service fi if systemctl -q is-enabled shadowsocks-libev; then systemctl -q disable shadowsocks-libev fi [ -f /etc/shadowsocks-libev/config.json ] && systemctl disable shadowsocks-libev-server@config.service systemctl enable shadowsocks-libev-manager@manager.service if [ $NBCPU -gt 1 ]; then for i in $(seq 1 $NBCPU); do [ -f /etc/shadowsocks-libev/config$i.json ] && systemctl is-enabled shadowsocks-libev && systemctl disable shadowsocks-libev-server@config$i.service done fi if systemctl -q is-active shadowsocks-libev-manager@manager; then systemctl -q stop shadowsocks-libev-manager@manager > /dev/null 2>&1 fi fi if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/omr-update.service ${VPSURL}${VPSPATH}/omr-update.service.in wget -O /usr/bin/omr-update ${VPSURL}${VPSPATH}/omr-update chmod 755 /usr/bin/omr-update else cp ${DIR}/omr-update.service.in /lib/systemd/system/omr-update.service cp ${DIR}/omr-update /usr/bin/omr-update chmod 755 /usr/bin/omr-update fi chmod 644 /lib/systemd/system/omr-update.service # Install simple-obfs if [ "$OBFS" = "yes" ]; then echo "Install OBFS" if [ "$SOURCES" = "yes" ]; then rm -rf /tmp/simple-obfs cd /tmp rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then #apt-get install -y --no-install-recommends -t buster libssl-dev apt-get install -y --no-install-recommends libssl-dev apt-get install -y --no-install-recommends build-essential autoconf libtool libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates else apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates fi git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs cd /tmp/simple-obfs git checkout ${OBFS_VERSION} git submodule update --init --recursive ./autogen.sh ./configure && make make install cd /tmp rm -rf /tmp/simple-obfs else rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION} fi #sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json fi # Install v2ray-plugin if [ "$V2RAY_PLUGIN" = "yes" ]; then echo "Install v2ray plugin" if [ "$SOURCES" = "yes" ]; then rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/shadowsocks/v2ray-plugin/releases/download/${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz #wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz ${VPSURL}${VPSPATH}/bin/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz wget -O /tmp/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz https://github.com/teddysun/v2ray-plugin/releases/download/v${V2RAY_PLUGIN_VERSION}/v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cd /tmp tar xzvf v2ray-plugin-linux-amd64-v${V2RAY_PLUGIN_VERSION}.tar.gz cp -f v2ray-plugin_linux_amd64 /usr/local/bin/v2ray-plugin cd /tmp rm -rf /tmp/v2ray-plugin_linux_amd64 rm -rf /tmp/v2ray-plugin-linux-amd64-${V2RAY_PLUGIN_VERSION}.tar.gz #rm -rf /tmp/v2ray-plugin #cd /tmp #rm -f /var/lib/dpkg/lock #apt-get install -y --no-install-recommends git ca-certificates golang-go #git clone https://github.com/shadowsocks/v2ray-plugin.git /tmp/v2ray-plugin #cd /tmp/v2ray-plugin #git checkout ${V2RAY_PLUGIN_VERSION} #git submodule update --init --recursive #CGO_ENABLED=0 go build -o v2ray-plugin #cp v2ray-plugin /usr/local/bin/v2ray-plugin #cd /tmp #rm -rf /tmp/simple-obfs else rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION} fi fi if [ "$OBFS" = "no" ] && [ "$V2RAY_PLUGIN" = "no" ] && [ -f /etc/shadowsocks-libev/config.json ]; then sed -i -e '/plugin/d' -e 's/,,//' /etc/shadowsocks-libev/config.json fi if systemctl -q is-active shadowsocks-go.service; then systemctl -q stop shadowsocks-go > /dev/null 2>&1 systemctl -q disable shadowsocks-go > /dev/null 2>&1 fi if [ "$SHADOWSOCKS_GO" = "yes" ]; then if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then if [ "$ARCH" = "amd64" ]; then wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-amd64.deb elif [ "$ARCH" = "arm64" ]; then wget -O /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb ${VPSURL}/debian/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb rm -f /tmp/shadowsocks-go-${SHADOWSOCKS_GO_VERSION}-arm64.deb fi else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install shadowsocks-go=${SHADOWSOCKS_GO_VERSION} fi if [ -f /etc/shadowsocks-go/server.json ]; then PSK2=$(grep -Po '"'"psk"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/server.json | head -n 1 | tr -d "\n") [ -n "$PSK2" ] && [ "$PSK2" != "PSK" ] && [ "$PSK2" != "null" ] && PSK="$PSK2" UPSK2=$(grep -Po '"'"openmptcprouter"'"\s*:\s*"\K([^"]*)' /etc/shadowsocks-go/upsks.json | head -n 1 | tr -d "\n") [ -n "$UPSK2" ] && [ "$UPSK2" != "UPSK" ] && [ "$UPSK2" != "null" ] && UPSK="$UPSK2" fi wget -O /etc/shadowsocks-go/server.json ${VPSURL}${VPSPATH}/shadowsocks-go.server.json sed -i "s:\"PSK\":\"$PSK\":g" /etc/shadowsocks-go/server.json sed -i "s:UPSK:$UPSK:g" /etc/shadowsocks-go/upsks.json jq -M 'del(.users[0].openmptcprouter."shadowsocks-go")' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json chmod 644 /lib/systemd/system/shadowsocks-go.service systemctl daemon-reload systemctl enable shadowsocks-go.service fi if systemctl -q is-active v2ray.service; then systemctl -q stop v2ray > /dev/null 2>&1 systemctl -q disable v2ray > /dev/null 2>&1 fi if [ "$V2RAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install v2ray if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then if [ "$ARCH" = "amd64" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-amd64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-amd64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-amd64.deb elif [ "$ARCH" = "arm64" ]; then wget -O /tmp/v2ray-${V2RAY_VERSION}-arm64.deb ${VPSURL}/debian/v2ray-${V2RAY_VERSION}-arm64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/v2ray-${V2RAY_VERSION}-arm64.deb rm -f /tmp/v2ray-${V2RAY_VERSION}-arm64.deb fi # else # [ "$ARCH" = "i386" ] && V2RAY_FILENAME="v2ray-linux-32.zip" # [ "$ARCH" = "amd64" ] && V2RAY_FILENAME="v2ray-linux-64.zip" # [ "$ARCH" = "armel" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" # [ "$ARCH" = "armhf" ] && V2RAY_FILENAME="v2ray-linux-arm32-v7a.zip" # [ "$ARCH" = "arm64" ] && V2RAY_FILENAME="v2ray-linux-arm64-v8a.zip" # [ "$ARCH" = "mips64el" ] && V2RAY_FILENAME="v2ray-linux-mips64le.zip" # [ "$ARCH" = "mipsel" ] && V2RAY_FILENAME="v2ray-linux-mips32le.zip" # [ "$ARCH" = "riscv64" ] && V2RAY_FILENAME="v2ray-linux-riscv64.zip" # wget -O /tmp/v2ray-${V2RAY_VERSION}.zip https://github.com/v2fly/v2ray-core/releases/download/v${V2RAY_VERSION}/${V2RAY_FILENAME} # cd /tmp # rm -rf v2ray # mkdir -p v2ray # cd v2ray # unzip /tmp/v2ray-${V2RAY_VERSION}.zip # cp v2ray /usr/bin/ # cp geoip.dat /usr/bin/ # cp geosite.dat /usr/bin/ # wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service # fi else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install v2ray=${V2RAY_VERSION} fi if [ -f /etc/v2ray/v2ray-server.json ]; then V2RAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/v2ray/v2ray-server.json | head -n 1 | tr -d "\n") [ -n "$V2RAY_UUID2" ] && V2RAY_UUID="$V2RAY_UUID2" fi #if [ ! -f /etc/v2ray/v2ray-server.json ]; then wget -O /etc/v2ray/v2ray-server.json ${VPSURL}${VPSPATH}/v2ray-server.json sed -i "s:V2RAY_UUID:$V2RAY_UUID:g" /etc/v2ray/v2ray-server.json #fi if [ "$KERNEL" != "5.4" ] && [ -z "$(grep mptcp /etc/v2ray/v2ray-server.json | grep true)" ]; then sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/v2ray/v2ray-server.json fi rm -f /etc/v2ray/config.json ln -s /etc/v2ray/v2ray-server.json /etc/v2ray/config.json #if [ -f /etc/systemd/system/v2ray.service.dpkg-dist ]; then # mv -f /etc/systemd/system/v2ray.service.dpkg-dist /etc/systemd/system/v2ray.service #fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/v2ray.service ${VPSURL}${VPSPATH}/v2ray.service else cp ${DIR}/v2ray.service /lib/systemd/system/v2ray.service fi chmod 644 /lib/systemd/system/v2ray.service systemctl daemon-reload systemctl enable v2ray.service #if [ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]; then # mptcpize enable v2ray #fi fi if systemctl -q is-active xray.service; then systemctl -q stop xray > /dev/null 2>&1 systemctl -q disable xray > /dev/null 2>&1 fi if [ "$XRAY" = "yes" ]; then #apt-get -y -o Dpkg::Options::="--force-overwrite" install xray if [ "$SOURCES" = "yes" ] || [ "$ARCH" = "arm64" ]; then if [ "$ARCH" = "amd64" ]; then wget -O /tmp/xray-${XRAY_VERSION}-amd64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-amd64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-amd64.deb rm -f /tmp/xray-${XRAY_VERSION}-amd64.deb elif [ "$ARCH" = "arm64" ]; then wget -O /tmp/xray-${XRAY_VERSION}-arm64.deb ${VPSURL}/debian/xray-${XRAY_VERSION}-arm64.deb rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend dpkg --force-all -i -B /tmp/xray-${XRAY_VERSION}-arm64.deb rm -f /tmp/xray-${XRAY_VERSION}-arm64.deb fi else apt-get -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-overwrite" -y install xray=${XRAY_VERSION} fi if [ -f /etc/xray/xray-server.json ]; then XRAY_UUID2=$(grep -Po '"'"id"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-server.json | head -n 1 | tr -d "\n") [ -n "$XRAY_UUID2" ] && [ "$XRAY_UUID2" != "XRAY_UUID" ] && [ "$XRAY_UUID2" != "V2RAY_UUID" ] && XRAY_UUID="$XRAY_UUID2" PSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.password' /etc/xray/xray-server.json | tr -d "\n") [ "$PSK2" != "null" ] && [ -n "$PSK2" ] && [ "$PSK2" != "XRAY_PSK" ] && PSK="$PSK2" UPSK2=$(jq -r '.inbounds[] | select(.tag=="omrin-shadowsocks-tunnel") | .settings.clients[] | select(.email=="openmptcprouter") | .password' /etc/xray/xray-server.json | tr -d "\n") [ "$UPSK2" != "null" ] && [ -n "$UPSK2" ] && [ "$UPSK2" != "XRAY_UPSK" ] && UPSK="$UPSK2" XRAY_X25519_PRIVATE_KEY2=$(grep -Po '"'"privateKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") [ -n "$XRAY_X25519_PRIVATE_KEY2" ] && [ "$XRAY_X25519_PRIVATE_KEY2" != "XRAY_X25519_PRIVATE_KEY" ] && XRAY_X25519_PRIVATE_KEY="$XRAY_X25519_PRIVATE_KEY2" XRAY_X25519_PUBLIC_KEY2=$(grep -Po '"'"publicKey"'"\s*:\s*"\K([^"]*)' /etc/xray/xray-vless_reality.json | head -n 1 | tr -d "\n") [ -n "$XRAY_X25519_PUBLIC_KEY2" ] && [ "$XRAY_X25519_PUBLIC_KEY2" != "XRAY_X25519_PUBLIC_KEY" ] && XRAY_X25519_PUBLIC_KEY="$XRAY_X25519_PUBLIC_KEY2" fi jq -M 'del(.users[0].openmptcprouter.xray)' /etc/openmptcprouter-vps-admin/omr-admin-config.json > /etc/openmptcprouter-vps-admin/omr-admin-config.json.new mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json /etc/openmptcprouter-vps-admin/omr-admin-config.json.bak mv -f /etc/openmptcprouter-vps-admin/omr-admin-config.json.new /etc/openmptcprouter-vps-admin/omr-admin-config.json #if [ ! -f /etc/xray/xray-server.json ]; then wget -O /etc/xray/xray-server.json ${VPSURL}${VPSPATH}/xray-server.json sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json sed -i "s:V2RAY_UUID:$XRAY_UUID:g" /etc/xray/xray-server.json sed -i "s:XRAY_PSK:$PSK:g" /etc/xray/xray-server.json sed -i "s:XRAY_UPSK:$UPSK:g" /etc/xray/xray-server.json wget -O /etc/xray/xray-vless-reality.json ${VPSURL}${VPSPATH}/xray-vless-reality.json if [ -z "$XRAY_X25519_PRIVATE_KEY" ]; then XRAY_X25519_KEYS=$(/usr/bin/xray x25519) XRAY_X25519_PRIVATE_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Private | awk '{ print $3 }' | tr -d "\n") XRAY_X25519_PUBLIC_KEY=$(echo "${XRAY_X25519_KEYS}" | grep Public | awk '{ print $3 }' | tr -d "\n") fi sed -i "s:XRAY_UUID:$XRAY_UUID:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PRIVATE_KEY:$XRAY_X25519_PRIVATE_KEY:g" /etc/xray/xray-vless-reality.json sed -i "s:XRAY_X25519_PUBLIC_KEY:$XRAY_X25519_PUBLIC_KEY:g" /etc/xray/xray-vless-reality.json #fi #if ([ "$UPSTREAM" = "yes" ] || [ "$UPSTREAM6" = "yes" ]) && [ -z "$(grep mptcp /etc/xray/xray-server.json | grep true)" ]; then # sed -i 's/"sockopt": {/&\n "mptcp": true,/' /etc/xray/xray-server.json #fi rm -f /etc/xray/config.json ln -s /etc/xray/xray-server.json /etc/xray/config.json #if [ -f /etc/systemd/system/xray.service.dpkg-dist ]; then # mv -f /etc/systemd/system/xray.service.dpkg-dist /etc/systemd/system/xray.service #fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/xray.service ${VPSURL}${VPSPATH}/xray.service else cp ${DIR}/xray.service /lib/systemd/system/xray.service fi chmod 644 /lib/systemd/system/xray.service systemctl daemon-reload systemctl enable xray.service fi if systemctl -q is-active mlvpn@mlvpn0.service; then systemctl -q stop mlvpn@mlvpn0 > /dev/null 2>&1 systemctl -q disable mlvpn@mlvpn0 > /dev/null 2>&1 fi echo "install mlvpn" # Install MLVPN if [ "$MLVPN" = "yes" ]; then echo 'Install MLVPN' mlvpnupdate="0" if [ -f /etc/mlvpn/mlvpn0.conf ]; then mlvpnupdate="1" fi mkdir -p /etc/mlvpn if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/mlvpn cd /tmp #git clone https://github.com/markfoodyburton/MLVPN.git /tmp/mlvpn #git clone https://github.com/flohoff/MLVPN.git /tmp/mlvpn git clone https://github.com/zehome/MLVPN.git /tmp/mlvpn #git clone https://github.com/link4all/MLVPN.git /tmp/mlvpn cd /tmp/mlvpn git checkout ${MLVPN_VERSION} ./autogen.sh ./configure --sysconfdir=/etc make make install cd /tmp rm -rf /tmp/mlvpn if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/network/mlvpn.network ${VPSURL}${VPSPATH}/mlvpn.network wget -O /lib/systemd/system/mlvpn@.service ${VPSURL}${VPSPATH}/mlvpn@.service.in else cp ${DIR}/mlvpn.network /lib/systemd/network/mlvpn.network cp ${DIR}/mlvpn@.service.in /lib/systemd/system/mlvpn@.service fi if [ "$mlvpnupdate" = "0" ]; then if [ "$LOCALFILES" = "no" ]; then wget -O /etc/mlvpn/mlvpn0.conf ${VPSURL}${VPSPATH}/mlvpn0.conf else cp ${DIR}/mlvpn0.conf /etc/mlvpn/mlvpn0.conf fi fi else rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" install omr-mlvpn=${MLVPN_BINARY_VERSION} fi if [ "$mlvpnupdate" = "0" ]; then sed -i "s:MLVPN_PASS:$MLVPN_PASS:" /etc/mlvpn/mlvpn0.conf fi chmod 0600 /etc/mlvpn/mlvpn0.conf adduser --quiet --system --home /var/opt/mlvpn --shell /usr/sbin/nologin mlvpn mkdir -p /var/opt/mlvpn usermod -d /var/opt/mlvpn mlvpn chown mlvpn /var/opt/mlvpn systemctl enable mlvpn@mlvpn0.service systemctl enable systemd-networkd.service echo "install mlvpn done" fi if systemctl -q is-active ubond@ubond0.service; then systemctl -q stop ubond@ubond0 > /dev/null 2>&1 systemctl -q disable ubond@ubond0 > /dev/null 2>&1 fi echo "install ubond" # Install UBOND if [ "$UBOND" = "yes" ]; then echo 'Install UBOND' ubondupdate="0" if [ -f /etc/ubond/ubond0.conf ]; then ubondupdate="1" fi # if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install build-essential pkg-config autoconf automake libpcap-dev unzip git rm -rf /tmp/ubond cd /tmp git clone https://github.com/markfoodyburton/ubond.git /tmp/ubond cd /tmp/ubond git checkout ${UBOND_VERSION} ./autogen.sh ./configure --sysconfdir=/etc make make install cd /tmp rm -rf /tmp/ubond # else # apt-get -y -o Dpkg::Options::="--force-overwrite" install ubond # fi if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/network/ubond.network ${VPSURL}${VPSPATH}/ubond.network wget -O /lib/systemd/system/ubond@.service ${VPSURL}${VPSPATH}/ubond@.service.in else cp ${DIR}/ubond.network /lib/systemd/network/ubond.network cp ${DIR}/ubond@.service.in /lib/systemd/system/ubond@.service fi mkdir -p /etc/ubond if [ "$ubondupdate" = "0" ]; then if [ "$LOCALFILES" = "no" ]; then wget -O /etc/ubond/ubond0.conf ${VPSURL}${VPSPATH}/ubond0.conf else cp ${DIR}/ubond0.conf /etc/ubond/ubond0.conf fi sed -i "s:UBOND_PASS:$UBOND_PASS:" /etc/ubond/ubond0.conf fi chmod 0600 /etc/ubond/ubond0.conf adduser --quiet --system --home /var/opt/ubond --shell /usr/sbin/nologin ubond mkdir -p /var/opt/ubond usermod -d /var/opt/ubond ubond chown ubond /var/opt/ubond systemctl enable ubond@ubond0.service systemctl enable systemd-networkd.service echo "install ubond done" fi if systemctl -q is-active wg-quick@wg0.service; then systemctl -q stop wg-quick@wg0 > /dev/null 2>&1 systemctl -q disable wg-quick@wg0 > /dev/null 2>&1 fi if [ "$WIREGUARD" = "yes" ]; then echo "Install WireGuard" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install wireguard-tools --no-install-recommends if [ ! -f /etc/wireguard/wg0.conf ]; then cd /etc/wireguard umask 077; wg genkey | tee vpn-server-private.key | wg pubkey > vpn-server-public.key cat > /etc/wireguard/wg0.conf <<-EOF [Interface] PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") ListenPort = 65311 Address = 10.255.247.1/24 SaveConfig = true EOF fi systemctl enable wg-quick@wg0 if [ ! -f /etc/wireguard/client-wg0.conf ]; then cd /etc/wireguard umask 077; wg genkey | tee vpn-client-private.key | wg pubkey > vpn-client-public.key cat > /etc/wireguard/client-wg0.conf <<-EOF [Interface] PrivateKey = $(cat /etc/wireguard/vpn-server-private.key | tr -d "\n") ListenPort = 65312 Address = 10.255.246.1/24 SaveConfig = true [Peer] PublicKey = $(cat /etc/wireguard/vpn-client-public.key | tr -d "\n") AllowedIPs = 10.255.246.2/32 EOF fi if [ ! -f /root/wireguard-client.conf ]; then cat > /root/wireguard-client.conf <<-EOF [Interface] Address = 10.255.246.2/24 PrivateKey = $(cat /etc/wireguard/vpn-client-private.key | tr -d "\n") [Peer] PublicKey = $(cat /etc/wireguard/vpn-server-public.key | tr -d "\n") Endpoint = ${VPS_PUBLIC_IP}:65312 AllowedIPs = 0.0.0.0/0, ::/0, 192.168.100.0/24 EOF fi systemctl enable wg-quick@client-wg0 echo "Install wireguard done" fi if systemctl -q is-active openvpn-server@tun0.service; then systemctl -q stop openvpn-server@tun0 > /dev/null 2>&1 systemctl -q disable openvpn-server@tun0 > /dev/null 2>&1 fi if [ "$OPENVPN" = "yes" ]; then echo "Install OpenVPN" rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get -y install openvpn easy-rsa #wget -O /lib/systemd/network/openvpn.network ${VPSURL}${VPSPATH}/openvpn.network rm -f /lib/systemd/network/openvpn.network #if [ ! -f "/etc/openvpn/server/static.key" ]; then # wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf # cd /etc/openvpn/server # openvpn --genkey --secret static.key #fi if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ ! -d /etc/openvpn/ca ]; then wget -O /tmp/EasyRSA-unix-v${EASYRSA_VERSION}.tgz https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.6/EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp tar xzvf EasyRSA-unix-v${EASYRSA_VERSION}.tgz cd /tmp/EasyRSA-v${EASYRSA_VERSION} mkdir -p /etc/openvpn/ca cp easyrsa /etc/openvpn/ca/ cp openssl-easyrsa.cnf /etc/openvpn/ca/ cp vars.example /etc/openvpn/ca/vars cp -r x509-types /etc/openvpn/ca/ #mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued #./easyrsa init-pki #./easyrsa --batch build-ca nopass #EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-server-full server nopass #EASYRSA_CERT_EXPIRE=3650 EASYRSA_REQ_CN=openmptcprouter ./easyrsa build-client-full "openmptcprouter" nopass #EASYRSA_CRL_DAYS=3650 ./easyrsa gen-crl #mv pki/ca.crt /etc/openvpn/ca/pki/ca.crt #mv pki/private/ca.key /etc/openvpn/ca/pki/private/ca.key #mv pki/issued/server.crt /etc/openvpn/ca/pki/issued/server.crt #mv pki/private/server.key /etc/openvpn/ca/pki/private/server.key #mv pki/crl.pem /etc/openvpn/ca/pki/crl.pem #mv pki/issued/openmptcprouter.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt #mv pki/private/openmptcprouter.key /etc/openvpn/ca/pki/private/openmptcprouter.key fi if [ -f "/etc/openvpn/server/server.crt" ]; then if [ ! -d /etc/openvpn/ca ]; then make-cadir /etc/openvpn/ca fi mkdir -p /etc/openvpn/ca/pki/private /etc/openvpn/ca/pki/issued mv /etc/openvpn/server/ca.crt /etc/openvpn/ca/pki/ca.crt mv /etc/openvpn/server/ca.key /etc/openvpn/ca/pki/private/ca.key mv /etc/openvpn/server/server.crt /etc/openvpn/ca/pki/issued/server.crt mv /etc/openvpn/server/server.key /etc/openvpn/ca/pki/private/server.key mv /etc/openvpn/server/crl.pem /etc/openvpn/ca/pki/crl.pem mv /etc/openvpn/client/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt mv /etc/openvpn/client/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key fi if [ ! -f "/etc/openvpn/ca/pki/issued/server.crt" ]; then if [ ! -d /etc/openvpn/ca ]; then make-cadir /etc/openvpn/ca fi cd /etc/openvpn/ca ./easyrsa --batch init-pki 2>&1 >/dev/null ./easyrsa --batch build-ca nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-server-full server nopass EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "openmptcprouter" nopass EASYRSA_CRL_DAYS=3650 ./easyrsa --batch gen-crl fi if [ ! -f "/etc/openvpn/ca/pki/issued/openmptcprouter.crt" ]; then mv /etc/openvpn/ca/pki/issued/client.crt /etc/openvpn/ca/pki/issued/openmptcprouter.crt mv /etc/openvpn/ca/pki/private/client.key /etc/openvpn/ca/pki/private/openmptcprouter.key fi if [ ! -f "/etc/openvpn/server/dh2048.pem" ]; then openssl dhparam -out /etc/openvpn/server/dh2048.pem 2048 fi if [ "$LOCALFILES" = "no" ]; then if [ "$KERNEL" != "5.4" ]; then wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.6.1.conf wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.6.1.conf else wget -O /etc/openvpn/tun0.conf ${VPSURL}${VPSPATH}/openvpn-tun0.conf wget -O /etc/openvpn/tun1.conf ${VPSURL}${VPSPATH}/openvpn-tun1.conf fi wget -O /etc/openvpn/bonding1.conf ${VPSURL}${VPSPATH}/openvpn-bonding1.conf wget -O /etc/openvpn/bonding2.conf ${VPSURL}${VPSPATH}/openvpn-bonding2.conf wget -O /etc/openvpn/bonding3.conf ${VPSURL}${VPSPATH}/openvpn-bonding3.conf wget -O /etc/openvpn/bonding4.conf ${VPSURL}${VPSPATH}/openvpn-bonding4.conf wget -O /etc/openvpn/bonding5.conf ${VPSURL}${VPSPATH}/openvpn-bonding5.conf wget -O /etc/openvpn/bonding6.conf ${VPSURL}${VPSPATH}/openvpn-bonding6.conf wget -O /etc/openvpn/bonding7.conf ${VPSURL}${VPSPATH}/openvpn-bonding7.conf wget -O /etc/openvpn/bonding8.conf ${VPSURL}${VPSPATH}/openvpn-bonding8.conf else if [ "$KERNEL" != "5.4" ]; then cp ${DIR}/openvpn-tun0.6.1.conf /etc/openvpn/tun0.conf cp ${DIR}/openvpn-tun1.6.1.conf /etc/openvpn/tun1.conf else cp ${DIR}/openvpn-tun0.conf /etc/openvpn/tun0.conf cp ${DIR}/openvpn-tun1.conf /etc/openvpn/tun1.conf fi cp ${DIR}/openvpn-bonding1.conf /etc/openvpn/bonding1.conf cp ${DIR}/openvpn-bonding2.conf /etc/openvpn/bonding2.conf cp ${DIR}/openvpn-bonding3.conf /etc/openvpn/bonding3.conf cp ${DIR}/openvpn-bonding4.conf /etc/openvpn/bonding4.conf cp ${DIR}/openvpn-bonding5.conf /etc/openvpn/bonding5.conf cp ${DIR}/openvpn-bonding6.conf /etc/openvpn/bonding6.conf cp ${DIR}/openvpn-bonding7.conf /etc/openvpn/bonding7.conf cp ${DIR}/openvpn-bonding8.conf /etc/openvpn/bonding8.conf fi mkdir -p /etc/openvpn/ccd if [ ! -f /etc/openvpn/ccd/ipp_tcp.txt ]; then echo 'openmptcprouter,10.255.250.2,' > /etc/openvpn/ccd/ipp_tcp.txt fi if [ ! -f /etc/openvpn/ccd/ipp_udp.txt ]; then echo 'openmptcprouter,10.255.252.2,' > /etc/openvpn/ccd/ipp_udp.txt fi chmod 644 /lib/systemd/system/openvpn*.service systemctl enable openvpn@tun0.service systemctl enable openvpn@tun1.service if [ "$KERNEL" != "5.4" ]; then mptcpize enable openvpn@tun0 2>&1 >/dev/null fi systemctl enable openvpn@bonding1.service systemctl enable openvpn@bonding2.service systemctl enable openvpn@bonding3.service systemctl enable openvpn@bonding4.service systemctl enable openvpn@bonding5.service systemctl enable openvpn@bonding6.service systemctl enable openvpn@bonding7.service systemctl enable openvpn@bonding8.service fi echo 'Glorytun UDP' # Install Glorytun UDP if systemctl -q is-active glorytun-udp@tun0.service; then systemctl -q stop 'glorytun-udp@*' > /dev/null 2>&1 fi if [ "$GLORYTUN_UDP" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /usr/bin/glorytun apt-get install -y --no-install-recommends build-essential git ca-certificates meson pkg-config rm -rf /tmp/glorytun-udp cd /tmp git clone https://github.com/Ysurac/glorytun.git /tmp/glorytun-udp cd /tmp/glorytun-udp git checkout ${GLORYTUN_UDP_VERSION} git submodule update --init --recursive meson build ninja -C build install sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network rm /lib/systemd/system/glorytun* rm /lib/systemd/network/glorytun* if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/glorytun-udp-run ${VPSURL}${VPSPATH}/glorytun-udp-run else cp ${DIR}/glorytun-udp-run /usr/local/bin/glorytun-udp-run fi chmod 755 /usr/local/bin/glorytun-udp-run if [ "$LOCALFILES" = "no" ]; then wget -O /lib/systemd/system/glorytun-udp@.service ${VPSURL}${VPSPATH}/glorytun-udp%40.service.in else cp ${DIR}/glorytun-udp@.service.in /lib/systemd/system/glorytun-udp@.service fi chmod 644 /lib/systemd/system/glorytun-udp@.service #wget -O /lib/systemd/network/glorytun-udp.network ${VPSURL}${VPSPATH}/glorytun-udp.network rm -f /lib/systemd/network/glorytun-udp.network mkdir -p /etc/glorytun-udp if [ "$LOCALFILES" = "no" ]; then wget -O /etc/glorytun-udp/post.sh ${VPSURL}${VPSPATH}/glorytun-udp-post.sh wget -O /etc/glorytun-udp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun-udp else cp ${DIR}/glorytun-udp-post.sh /etc/glorytun-udp/post.sh cp ${DIR}/tun0.glorytun-udp /etc/glorytun-udp/tun0 fi chmod 755 /etc/glorytun-udp/post.sh if [ "$update" = "0" ] || [ ! -f /etc/glorytun-udp/tun0.key ]; then echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key elif [ ! -f /etc/glorytun-udp/tun0.key ] && [ -f /etc/glorytun-tcp/tun0.key ]; then cp /etc/glorytun-tcp/tun0.key /etc/glorytun-udp/tun0.key fi systemctl enable glorytun-udp@tun0.service systemctl enable systemd-networkd.service cd /tmp rm -rf /tmp/glorytun-udp else rm -f /usr/local/bin/glorytun apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun=${GLORYTUN_UDP_BINARY_VERSION} chmod 644 /lib/systemd/system/glorytun-udp@.service GLORYTUN_PASS="$(cat /etc/glorytun-udp/tun0.key | tr -d '\n')" fi [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-udp/tun0 fi # Add chrony for time sync apt-get install -y chrony systemctl enable chrony if [ "$DSVPN" = "yes" ]; then echo 'A Dead Simple VPN' # Install A Dead Simple VPN if systemctl -q is-active dsvpn-server.service; then systemctl -q disable dsvpn-server > /dev/null 2>&1 systemctl -q stop dsvpn-server > /dev/null 2>&1 fi if [ "$SOURCES" = "yes" ]; then rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend apt-get install -y --no-install-recommends build-essential git ca-certificates rm -rf /tmp/dsvpn cd /tmp git clone https://github.com/ysurac/dsvpn.git /tmp/dsvpn cd /tmp/dsvpn git checkout ${DSVPN_VERSION} make CFLAGS='-DNO_DEFAULT_ROUTES -DNO_DEFAULT_FIREWALL' make install rm -f /lib/systemd/system/dsvpn/* wget -O /usr/local/bin/dsvpn-run ${VPSURL}${VPSPATH}/dsvpn-run chmod 755 /usr/local/bin/dsvpn-run wget -O /lib/systemd/system/dsvpn-server@.service ${VPSURL}${VPSPATH}/dsvpn-server%40.service.in chmod 644 /lib/systemd/system/dsvpn-server@.service mkdir -p /etc/dsvpn wget -O /etc/dsvpn/dsvpn0 ${VPSURL}${VPSPATH}/dsvpn0-config if [ -f /etc/dsvpn/dsvpn.key ]; then mv /etc/dsvpn/dsvpn.key /etc/dsvpn/dsvpn0.key fi if [ "$update" = "0" ] || [ ! -f /etc/dsvpn/dsvpn0.key ]; then echo "$DSVPN_PASS" > /etc/dsvpn/dsvpn0.key fi systemctl enable dsvpn-server@dsvpn0.service cd /tmp rm -rf /tmp/dsvpn else apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install omr-dsvpn=${DSVPN_BINARY_VERSION} chmod 644 /lib/systemd/system/dsvpn-server@.service DSVPN_PASS=$(cat /etc/dsvpn/dsvpn0.key | tr -d "\n") fi if [ "$KERNEL" != "5.4" ]; then mptcpize enable dsvpn-server@dsvpn0 2>&1 >/dev/null fi fi # Install Glorytun TCP if systemctl -q is-active glorytun-tcp@tun0.service; then systemctl -q stop 'glorytun-tcp@*' > /dev/null 2>&1 fi if [ "$GLORYTUN_TCP" = "yes" ]; then if [ "$SOURCES" = "yes" ]; then if [ "$ID" = "debian" ]; then if [ "$VERSION_ID" = "9" ]; then apt -t stretch-backports -y install libsodium-dev else apt -y install libsodium-dev fi elif [ "$ID" = "ubuntu" ]; then apt-get -y install libsodium-dev fi rm -f /var/lib/dpkg/lock rm -f /var/lib/dpkg/lock-frontend rm -f /usr/bin/glorytun-tcp apt-get -y install build-essential pkg-config autoconf automake rm -rf /tmp/glorytun-0.0.35 cd /tmp if [ "$KERNEL" != "5.4" ]; then wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/Ysurac/glorytun/archive/refs/heads/tcp.tar.gz else wget -O /tmp/glorytun-0.0.35.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz fi tar xzf glorytun-0.0.35.tar.gz if [ "$KERNEL" != "5.4" ]; then mv /tmp/glorytun-tcp /tmp/glorytun-0.0.35 fi cd glorytun-0.0.35 ./autogen.sh ./configure make cp glorytun /usr/local/bin/glorytun-tcp wget -O /usr/local/bin/glorytun-tcp-run ${VPSURL}${VPSPATH}/glorytun-tcp-run chmod 755 /usr/local/bin/glorytun-tcp-run wget -O /lib/systemd/system/glorytun-tcp@.service ${VPSURL}${VPSPATH}/glorytun-tcp%40.service.in #wget -O /lib/systemd/network/glorytun-tcp.network ${VPSURL}${VPSPATH}/glorytun.network chmod 644 /lib/systemd/system/glorytun-tcp@.service rm -f /lib/systemd/network/glorytun-tcp.network mkdir -p /etc/glorytun-tcp wget -O /etc/glorytun-tcp/post.sh ${VPSURL}${VPSPATH}/glorytun-tcp-post.sh chmod 755 /etc/glorytun-tcp/post.sh wget -O /etc/glorytun-tcp/tun0 ${VPSURL}${VPSPATH}/tun0.glorytun if [ "$update" = "0" ]; then echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key fi systemctl enable glorytun-tcp@tun0.service #systemctl enable systemd-networkd.service cd /tmp rm -rf /tmp/glorytun-0.0.35 else rm -f /usr/local/bin/glorytun-tcp apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-overwrite" install --reinstall omr-glorytun-tcp=${GLORYTUN_TCP_BINARY_VERSION} fi [ "$(ip -6 a)" != "" ] && sed -i 's/0.0.0.0/::/g' /etc/glorytun-tcp/tun0 fi # Load tun module at boot time if ! grep -q tun /etc/modules ; then echo tun >> /etc/modules fi # Add multipath utility if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/multipath ${VPSURL}${VPSPATH}/multipath else cp ${DIR}/multipath /usr/local/bin/multipath fi chmod 755 /usr/local/bin/multipath # Add omr-test-speed utility if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/omr-test-speed ${VPSURL}${VPSPATH}/omr-test-speed else cp ${DIR}/omr-test-speed /usr/local/bin/omr-test-speed fi chmod 755 /usr/local/bin/omr-test-speed # Add OpenMPTCProuter service if [ "$LOCALFILES" = "no" ]; then wget -O /usr/local/bin/omr-service ${VPSURL}${VPSPATH}/omr-service wget -O /lib/systemd/system/omr.service ${VPSURL}${VPSPATH}/omr.service.in wget -O /usr/local/bin/omr-6in4-run ${VPSURL}${VPSPATH}/omr-6in4-run wget -O /lib/systemd/system/omr6in4@.service ${VPSURL}${VPSPATH}/omr6in4%40.service.in wget -O /usr/local/bin/omr-bypass ${VPSURL}${VPSPATH}/omr-bypass wget -O /lib/systemd/system/omr-bypass.service ${VPSURL}${VPSPATH}/omr-bypass.service.in wget -O /lib/systemd/system/omr-bypass.timer ${VPSURL}${VPSPATH}/omr-bypass.timer.in else cp ${DIR}/omr-service /usr/local/bin/omr-service cp ${DIR}/omr.service.in /lib/systemd/system/omr.service cp ${DIR}/omr-6in4-run /usr/local/bin/omr-6in4-run cp ${DIR}/omr6in4@.service.in /lib/systemd/system/omr6in4@.service cp ${DIR}/omr-bypass /usr/local/bin/omr-bypass cp ${DIR}/omr-bypass.service.in /lib/systemd/system/omr-bypass.service cp ${DIR}/omr-bypass.timer.in /lib/systemd/system/omr-bypass.timer fi chmod 644 /lib/systemd/system/omr.service chmod 644 /lib/systemd/system/omr6in4@.service chmod 755 /usr/local/bin/omr-service chmod 755 /usr/local/bin/omr-bypass chmod 755 /usr/local/bin/omr-6in4-run chmod 644 /lib/systemd/system/omr-bypass.service chmod 644 /lib/systemd/system/omr-bypass.timer systemctl daemon-reload if systemctl -q is-active omr-6in4.service; then systemctl -q stop omr-6in4 > /dev/null 2>&1 systemctl -q disable omr-6in4 > /dev/null 2>&1 fi systemctl enable omr6in4@user0.service systemctl enable omr.service systemctl enable omr-bypass.timer systemctl enable omr-bypass.service # Change SSH port to 65222 sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config # Remove Bind9 if available #systemctl -q disable bind9 # Remove fail2ban if available #systemctl -q disable fail2ban if [ "$update" = "0" ]; then # Install and configure the firewall using shorewall apt-get -y install shorewall shorewall6 if [ "$LOCALFILES" = "no" ]; then wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz else cp ${DIR}/openmptcprouter-shorewall.tar.gz /etc/shorewall/openmptcprouter-shorewall.tar.gz fi tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall rm /etc/shorewall/openmptcprouter-shorewall.tar.gz sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* systemctl enable shorewall if [ "$LOCALFILES" = "no" ]; then wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz else cp ${DIR}/openmptcprouter-shorewall6.tar.gz /etc/shorewall6/openmptcprouter-shorewall6.tar.gz fi tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6 rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* systemctl enable shorewall6 else # Update only needed firewall files if [ "$LOCALFILES" = "no" ]; then mkdir -p ${DIR} wget -O ${DIR}/openmptcprouter-shorewall.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall.tar.gz wget -O ${DIR}/openmptcprouter-shorewall6.tar.gz ${VPSURL}${VPSPATH}/openmptcprouter-shorewall6.tar.gz mkdir -p ${DIR}/shorewall4 tar xzvf ${DIR}/openmptcprouter-shorewall.tar.gz -C ${DIR}/shorewall4 mkdir -p ${DIR}/shorewall6 tar xzvf ${DIR}/openmptcprouter-shorewall6.tar.gz -C ${DIR}/shorewall6 fi cp ${DIR}/shorewall4/interfaces /etc/shorewall/interfaces cp ${DIR}/shorewall4/snat /etc/shorewall/snat cp ${DIR}/shorewall4/stoppedrules /etc/shorewall/stoppedrules cp ${DIR}/shorewall4/tcinterfaces /etc/shorewall/tcinterfaces cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf cp ${DIR}/shorewall4/policy /etc/shorewall/policy cp ${DIR}/shorewall4/params /etc/shorewall/params cp ${DIR}/shorewall4/zones /etc/shorewall/zones #cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn #cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net cp ${DIR}/shorewall6/params /etc/shorewall6/params #cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net #cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules cp ${DIR}/shorewall6/snat /etc/shorewall6/snat sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/* sed -i 's/^.*#DNAT/#DNAT/g' /etc/shorewall/rules sed -i 's:10.0.0.2:$OMR_ADDR:g' /etc/shorewall/rules sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/* if [ "$LOCALFILES" = "no" ]; then rm -rf ${DIR}/shorewall4 rm -rf ${DIR}/shorewall6 rm -f ${DIR}/openmptcprouter-shorewall.tar.gz rm -f ${DIR}/openmptcprouter-shorewall6.tar.gz fi fi [ -z "$(grep nf_conntrack_sip /etc/modprobe.d/blacklist.conf)" ] && echo 'blacklist nf_conntrack_sip' >> /etc/modprobe.d/blacklist.conf if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]; then apt-get -y install iptables update-alternatives --set iptables /usr/sbin/iptables-legacy update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy fi if ([ "$ID" = "debian" ] && [ "$VERSION_ID" = "10" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "19.04" ]) || ([ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "20.04" ]); then sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall/shorewall.conf sed -i 's:DROP_DEFAULT=Drop:DROP_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf sed -i 's:REJECT_DEFAULT=Reject:REJECT_DEFAULT="Broadcast(DROP),Multicast(DROP)":g' /etc/shorewall6/shorewall6.conf fi if [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "" ] && [ "$(ip r | awk '/default/&&/src/ {print $7}')" != "dhcp" ]; then sed -i "s/MASQUERADE/SNAT($(ip r | awk '/default/&&/src/ {print $7}'))/" /etc/shorewall/snat fi # Limit /var/log/journal size sed -i 's/#SystemMaxUse=/SystemMaxUse=100M/' /etc/systemd/journald.conf if [ "$TLS" = "yes" ]; then VPS_CERT=0 apt-get -y install socat cron if [ "$VPS_DOMAIN" != "" ] && [ "$(getent hosts $VPS_DOMAIN | awk '{ print $1; exit }')" != "" ] && [ "$(ping -c 1 -w 1 $VPS_DOMAIN)" ]; then if [ ! -f "/root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer" ]; then echo "Generate certificate for V2Ray" set +e #[ "$(shorewall status | grep stopped)" = "" ] && shorewall open all all tcp 443 curl https://get.acme.sh | sh systemctl -q restart shorewall ~/.acme.sh/acme.sh --force --alpn --issue -d $VPS_DOMAIN --pre-hook 'shorewall open all all tcp 443 2>&1 >/dev/null' --post-hook 'shorewall close all all tcp 443 2>&1 >/dev/null' 2>&1 >/dev/null set -e if [ -f /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer ]; then rm -f /etc/openmptcprouter-vps-admin/cert.pem ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.cer /etc/openmptcprouter-vps-admin/cert.pem rm -f /etc/openmptcprouter-vps-admin/key.pem ln -s /root/.acme.sh/$VPS_DOMAIN/$VPS_DOMAIN.key /etc/openmptcprouter-vps-admin/key.pem fi # mkdir -p /etc/ssl/v2ray # ln -f -s /root/.acme.sh/$reverse/$reverse.key /etc/ssl/v2ray/omr.key # ln -f -s /root/.acme.sh/$reverse/fullchain.cer /etc/ssl/v2ray/omr.cer #[ "$(shorewall status | grep stopped)" = "" ] && shorewall close all all tcp 443 fi VPS_CERT=1 else echo "No working domain detected..." fi fi if [ "$SPEEDTEST" = "yes" ]; then mkdir -p /usr/share/omr-server/speedtest if [ ! -f /usr/share/omr-server/speedtest/test.img ] && [ "$(df /usr/share/omr-server/speedtest | awk '/[0-9]%/{print $(NF-2)}')" -gt 2000000 ]; then echo "Generate speedtest image..." dd if=/dev/urandom of=/usr/share/omr-server/speedtest/test.img count=1024 bs=1048576 echo "Done" fi fi # Add OpenMPTCProuter VPS script version to /etc/motd if [ -f /etc/motd.head ]; then if grep --quiet 'OpenMPTCProuter VPS' /etc/motd.head; then sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd.head else echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd.head fi elif [ -f /etc/motd ]; then if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then sed -i "s:< OpenMPTCProuter VPS [0-9]*\.[0-9]*\(\|-test[0-9]*\) >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd sed -i "s:< OpenMPTCProuter VPS \$OMR_VERSION >:< OpenMPTCProuter VPS $OMR_VERSION >:g" /etc/motd else echo "< OpenMPTCProuter VPS $OMR_VERSION >" >> /etc/motd fi else echo "< OpenMPTCProuter VPS $OMR_VERSION >" > /etc/motd fi if [ "$SOURCES" != "yes" ]; then apt-get -y install omr-server=${OMR_VERSION} 2>&1 >/dev/null || true rm -f /etc/openmtpcprouter-vps-admin/update-bin fi if [ "$update" = "0" ]; then # Display important info echo '====================================================================================' echo "OpenMPTCProuter Server $OMR_VERSION is now installed !" echo '\033[1m SSH port: 65222 (instead of port 22)\033[0m' if [ "$OMR_ADMIN" = "yes" ]; then echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo 'OpenMPTCProuter Server key (you need OpenMPTCProuter >= 0.42):' echo $OMR_ADMIN_PASS echo 'OpenMPTCProuter Server username (you need OpenMPTCProuter >= 0.42):' echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' fi echo 'Shadowsocks port: 65101' echo 'Shadowsocks encryption: chacha20' echo 'Your shadowsocks key: ' echo $SHADOWSOCKS_PASS echo 'Your shadowsocks 2022 key: ' echo "${PSK}:${UPSK}" echo 'Glorytun port: 65001' echo 'Glorytun encryption: chacha20' echo 'Your glorytun key: ' echo $GLORYTUN_PASS if [ "$DSVPN" = "yes" ]; then echo 'A Dead Simple VPN port: 65401' echo 'A Dead Simple VPN key: ' echo $DSVPN_PASS fi if [ "$MLVPN" = "yes" ]; then echo 'MLVPN first port: 65201' echo 'Your MLVPN password: ' echo $MLVPN_PASS fi if [ "$UBOND" = "yes" ]; then echo 'UBOND first port: 65251' echo 'Your UBOND password: ' echo $UBOND_PASS fi if [ "$OMR_ADMIN" = "yes" ]; then echo "OpenMPTCProuter API Admin key (only for configuration via API, you don't need it): " echo $OMR_ADMIN_PASS_ADMIN echo 'OpenMPTCProuter Server key: ' echo "\033[1m${OMR_ADMIN_PASS}\033[0m" echo 'OpenMPTCProuter Server username: ' echo 'openmptcprouter' fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi echo '====================================================================================' echo 'Keys are also saved in /root/openmptcprouter_config.txt, you are free to remove them' echo '====================================================================================' echo '\033[1m /!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\ \033[0m' echo '------------------------------------------------------------------------------------' echo ' For kernel 5.4, after reboot, check with uname -a that the kernel name contain mptcp.' echo ' Else, you may have to modify GRUB_DEFAULT in /etc/default/grub' echo ' For 6.x kernels, check that a 6.x kernel is used, no kernel name changes.' echo '====================================================================================' # Save info in file cat > /root/openmptcprouter_config.txt <<-EOF SSH port: 65222 (instead of port 22) EOF if [ "$SHADOWSOCKS" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF Shadowsocks port: 65101 Shadowsocks encryption: chacha20 Your shadowsocks key: ${SHADOWSOCKS_PASS} EOF fi if [ "$SHADOWSOCKS_GO" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF Your shadowsocks 2022 key: ${PSK}:${UPSK} EOF fi if ([ "$GLORYTUN_TCP" = "yes" ] || [ "$GLORYTUN_UDP" = "yes" ]); then cat >> /root/openmptcprouter_config.txt <<-EOF Glorytun port: 65001 Glorytun encryption: chacha20 Your glorytun key: ${GLORYTUN_PASS} EOF fi if [ "$DSVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF A Dead Simple VPN port: 65401 A Dead Simple VPN key: ${DSVPN_PASS} EOF fi if [ "$MLVPN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF MLVPN first port: 65201 Your MLVPN password: $MLVPN_PASS EOF fi if [ "$UBOND" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF UBOND first port: 65251 Your UBOND password: $UBOND_PASS EOF fi if [ "$OMR_ADMIN" = "yes" ]; then cat >> /root/openmptcprouter_config.txt <<-EOF Your OpenMPTCProuter ADMIN API Server key (only for configuration via API access, you don't need it): $OMR_ADMIN_PASS_ADMIN Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS Your OpenMPTCProuter Server username: openmptcprouter EOF fi #systemctl -q restart sshd else echo '====================================================================================' echo "OpenMPTCProuter Server is now updated to version $OMR_VERSION !" echo 'Keys are not changed, shorewall rules files preserved' echo 'You need OpenMPTCProuter >= 0.30' echo '====================================================================================' echo 'Restarting systemd daemon...' systemctl -q daemon-reload echo 'done' echo 'Restarting systemd network...' systemctl -q restart systemd-networkd echo 'done' if [ "$MLVPN" = "yes" ]; then echo 'Restarting mlvpn...' systemctl -q restart mlvpn@mlvpn0 echo 'done' fi if [ "$UBOND" = "yes" ]; then echo 'Restarting ubond...' systemctl -q restart ubond@ubond0 echo 'done' fi if [ "$V2RAY" = "yes" ]; then echo 'Restarting v2ray...' systemctl -q restart v2ray echo 'done' fi if [ "$XRAY" = "yes" ]; then echo 'Restarting xray...' systemctl -q restart xray echo 'done' fi if [ "$DSVPN" = "yes" ]; then echo 'Restarting dsvpn...' systemctl -q start dsvpn-server@dsvpn0 || true systemctl -q restart 'dsvpn-server@*' || true echo 'done' fi if [ "$GLORYTUN_TCP" = "yes" ]; then echo 'Restarting glorytun tcp...' systemctl -q start glorytun-tcp@tun0 || true systemctl -q restart 'glorytun-tcp@*' || true fi if [ "$GLORYTUN_UDP" = "yes" ]; then systemctl -q start glorytun-udp@tun0 || true systemctl -q restart 'glorytun-udp@*' || true echo 'done' fi echo 'Restarting omr6in4...' systemctl -q start omr6in4@user0 || true systemctl -q restart omr6in4@* || true echo 'done' if [ "$OPENVPN" = "yes" ]; then echo 'Restarting OpenVPN' systemctl -q restart openvpn@tun0 systemctl -q restart openvpn@tun1 echo 'done' fi if [ "$WIREGUARD" = "yes" ]; then echo 'Restarting WireGuard' systemctl -q restart wg-quick@wg0 echo 'done' fi if [ "$OMR_ADMIN" = "yes" ]; then echo 'Restarting OpenMPTCProuter VPS admin' systemctl -q restart omr-admin echo 'done' if ! grep -q 'Server key' /root/openmptcprouter_config.txt ; then cat >> /root/openmptcprouter_config.txt <<-EOF Your OpenMPTCProuter Server key: $OMR_ADMIN_PASS Your OpenMPTCProuter Server username: openmptcprouter EOF echo '====================================================================================' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo 'OpenMPTCProuter Server key:' echo $OMR_ADMIN_PASS echo 'OpenMPTCProuter Server username:' echo 'openmptcprouter' echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' echo '====================================================================================' else echo '!!! Keys are in /root/openmptcprouter_config.txt !!!' fi fi if [ "$VPS_CERT" = "0" ]; then echo 'No working domain detected, not able to generate certificate for v2ray.' echo 'You can set VPS_DOMAIN to a working domain if you want a certificate.' fi echo 'Apply latest sysctl...' sysctl -p /etc/sysctl.d/90-shadowsocks.conf > /dev/null 2>&1 || true echo 'done' echo 'Restarting omr...' systemctl -q restart omr echo 'done' if [ "$SHADOWSOCKS" = "yes" ]; then echo 'Restarting shadowsocks...' systemctl -q restart shadowsocks-libev-manager@manager fi if [ "$SHADOWSOCKS_GO" = "yes" ]; then echo 'Restarting shadowsocks-go...' systemctl -q restart shadowsocks-go fi # if [ $NBCPU -gt 1 ]; then # for i in $NBCPU; do # systemctl restart shadowsocks-libev-server@config$i # done # fi echo 'done' echo 'Restarting shorewall...' systemctl -q restart shorewall systemctl -q restart shorewall6 echo 'done' echo '====================================================================================' echo '\033[1m /!\ You need to reboot to use latest MPTCP kernel /!\ \033[0m' echo '====================================================================================' fi