forked from Ysurac/openmptcprouter-vps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdebian9-x86_64.sh
187 lines (168 loc) · 7.99 KB
/
debian9-x86_64.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/sh
SHADOWSOCKS_PASS=${SHADOWSOCKS_PASS:-$(head -c 32 /dev/urandom | base64 -w0)}
GLORYTUN_PASS=${GLORYTUN_PASS:-$(od -vN "32" -An -tx1 /dev/urandom | tr '[:lower:]' '[:upper:]' | tr -d " \n")}
#NBCPU=${NBCPU:-$(nproc --all | tr -d "\n")}
NBCPU=${NBCPU:-$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")}
OBFS=${OBFS:-no}
INTERFACE=${INTERFACE:-$(ip -o -4 route show to default | awk '{print $5}' | tr -d "\n")}
DEBIAN_VERSION=$(sed 's/\..*//' /etc/debian_version)
set -e
umask 0022
if [ $DEBIAN_VERSION -ne 9 ]; then
echo "This script only work with Debian Stretch (9.x)"
exit 1
fi
# Install mptcp kernel and shadowsocks
apt-get update
apt-get -y install dirmngr patch
#apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 379CE192D401AB61
#echo 'deb http://dl.bintray.com/cpaasch/deb jessie main' >> /etc/apt/sources.list
echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/stretch-backports.list
apt-get update
wget -O /tmp/linux-image-4.14.24-mptcp-64056fa.amd64.deb http://www.openmptcprouter.com/kernel/linux-image-4.14.24-mptcp-64056fa.amd64.deb
wget -O /tmp/linux-headers-4.14.24-mptcp-64056fa.amd64.deb http://www.openmptcprouter.com/kernel/linux-headers-4.14.24-mptcp-64056fa.amd64.deb
#apt-get -y install linux-mptcp
dpkg -i /tmp/linux-image-4.14.24-mptcp-64056fa.amd64.deb
dpkg -i /tmp/linux-headers-4.14.24-mptcp-64056fa.amd64.deb
#apt -t stretch-backports -y install shadowsocks-libev
## Compile Shadowsocks
wget -O /tmp/shadowsocks-libev-3.1.3.tar.gz http://github.com/shadowsocks/shadowsocks-libev/releases/download/v3.1.3/shadowsocks-libev-3.1.3.tar.gz
cd /tmp
tar xzf shadowsocks-libev-3.1.3.tar.gz
cd shadowsocks-libev-3.1.3
wget http://github.com/Ysurac/openmptcprouter-feeds/raw/master/shadowsocks-libev/patches/020-NOCRYPTO.patch
patch -p1 < 020-NOCRYPTO.patch
apt-get -y install --no-install-recommends devscripts equivs apg libcap2-bin libpam-cap
apt -y -t stretch-backports install libsodium-dev
mk-build-deps --install --tool "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"
dpkg-buildpackage -b -us -uc
cd ..
dpkg -i shadowsocks-libev_3.1.3-1_amd64.deb
rm -r /tmp/shadowsocks-libev-3.1.3
# Load OLIA Congestion module at boot time
if ! grep -q olia /etc/modules ; then
echo mptcp_olia >> /etc/modules
fi
# Get shadowsocks optimization
wget -O /etc/sysctl.d/90-shadowsocks.conf http://www.openmptcprouter.com/server/shadowsocks.conf
# Install shadowsocks config and add a shadowsocks by CPU
wget -O /etc/shadowsocks-libev/config.json http://www.openmptcprouter.com/server/config.json
SHADOWSOCKS_PASS_JSON=$(echo $SHADOWSOCKS_PASS | sed 's/+/-/g; s/\//_/g;')
sed -i "s:MySecretKey:$SHADOWSOCKS_PASS_JSON:g" /etc/shadowsocks-libev/config.json
#sed -i 's:json:json --mptcp:g' /lib/systemd/system/[email protected]
systemctl disable shadowsocks-libev
systemctl enable [email protected]
if [ $NBCPU -gt 1 ]; then
for i in $NBCPU; do
ln -fs /etc/shadowsocks-libev/config.json /etc/shadowsocks-libev/config$i.json
systemctl enable shadowsocks-libev-server@config$i.service
done
fi
if ! grep -q 'DefaultLimitNOFILE=65536' /etc/systemd/system.conf ; then
echo 'DefaultLimitNOFILE=65536' >> /etc/systemd/system.conf
fi
# Install simple-obfs
if [ "$OBFS" = "yes" ]; then
cd /tmp
sudo apt-get install -y --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake git ca-certificates
git clone https://github.com/shadowsocks/simple-obfs.git /tmp/simple-obfs
cd /tmp/simple-obfs
git submodule update --init --recursive
./autogen.sh
./configure && make
make install
cd /tmp
rm -rf /tmp/simple-obfs
sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server --obfs http --mptcp --fast-open"%' /etc/shadowsocks-libev/config.json
fi
# Install Glorytun UDP
#apt-get -y install meson pkg-config ca-certificates
#cd /tmp
#wget -O /tmp/glorytun-0.0.98-mud.tar.gz https://github.com/angt/glorytun/releases/download/v0.0.98-mud/glorytun-0.0.98-mud.tar.gz
#tar xzf glorytun-0.0.98-mud.tar.gz
#cd glorytun-0.0.98-mud
#meson build
#ninja -C build install
#sed -i 's:EmitDNS=yes:EmitDNS=no:g' /lib/systemd/network/glorytun.network
#rm /lib/systemd/system/glorytun*
#rm /lib/systemd/network/glorytun*
#wget -O /usr/local/bin/glorytun-run http://www.openmptcprouter.com/server/glorytun-udp-run
#chmod 755 /usr/local/bin/glorytun-run
#wget -O /lib/systemd/system/[email protected] http://www.openmptcprouter.com/server/glorytun-udp%40.service.in
#wget -O /lib/systemd/network/glorytun-udp.network http://www.openmptcprouter.com/server/glorytun-udp.network
#mkdir -p /etc/glorytun-udp
#wget -O /etc/glorytun-udp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun-udp
#echo "$GLORYTUN_PASS" > /etc/glorytun-udp/tun0.key
#systemctl enable [email protected]
#systemctl enable systemd-networkd.service
#cd /tmp
#rm -r /tmp/glorytun-0.0.98-mud
# Install Glorytun TCP
apt -t stretch-backports -y install libsodium-dev
apt-get -y install build-essential pkg-config autoconf automake
cd /tmp
wget -O /tmp/glorytun-0.0.35.tar.gz http://github.com/angt/glorytun/releases/download/v0.0.35/glorytun-0.0.35.tar.gz
cd /tmp
tar xzf glorytun-0.0.35.tar.gz
cd glorytun-0.0.35
./autogen.sh
./configure
make
cp glorytun /usr/local/bin/glorytun-tcp
wget -O /usr/local/bin/glorytun-tcp-run http://www.openmptcprouter.com/server/glorytun-tcp-run
chmod 755 /usr/local/bin/glorytun-tcp-run
wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
chmod 755 /usr/local/bin/omr-6in4
wget -O /lib/systemd/system/[email protected] http://www.openmptcprouter.com/server/glorytun-tcp%40.service.in
wget -O /lib/systemd/network/glorytun-tcp.network http://www.openmptcprouter.com/server/glorytun.network
mkdir -p /etc/glorytun-tcp
wget -O /etc/glorytun-tcp/tun0 http://www.openmptcprouter.com/server/tun0.glorytun
echo "$GLORYTUN_PASS" > /etc/glorytun-tcp/tun0.key
systemctl enable [email protected]
systemctl enable systemd-networkd.service
cd /tmp
rm -r /tmp/glorytun-0.0.35
# Load tun module at boot time
if ! grep -q tun /etc/modules ; then
echo tun >> /etc/modules
fi
# Change SSH port to 65222
sed -i 's:#Port 22:Port 65222:g' /etc/ssh/sshd_config
sed -i 's:Port 22:Port 65222:g' /etc/ssh/sshd_config
# Remove Bind9 if available
#systemctl -q disable bind9
# Remove fail2ban if available
#systemctl -q disable fail2ban
# Install and configure the firewall using shorewall
apt-get -y install shorewall shorewall6
wget -O /etc/shorewall/openmptcprouter-shorewall.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall.tar.gz
tar xzf /etc/shorewall/openmptcprouter-shorewall.tar.gz -C /etc/shorewall
rm /etc/shorewall/openmptcprouter-shorewall.tar.gz
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall/*
systemctl enable shorewall
wget -O /etc/shorewall6/openmptcprouter-shorewall6.tar.gz http://www.openmptcprouter.com/server/openmptcprouter-shorewall6.tar.gz
tar xzf /etc/shorewall6/openmptcprouter-shorewall6.tar.gz -C /etc/shorewall6
rm /etc/shorewall6/openmptcprouter-shorewall6.tar.gz
sed -i "s:eth0:$INTERFACE:g" /etc/shorewall6/*
systemctl enable shorewall6
# Add OpenMPTCProuter VPS script version to /etc/motd
if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.17 >:' /etc/motd
else
echo '< OpenMPCTProuter VPS 0.17 >' >> /etc/motd
fi
# Display important info
echo '================================================================================'
echo 'OpenMPTCProuter VPS is now configured !'
echo 'SSH port: 65222 (instead of port 22)'
echo 'Shadowsocks port: 65101'
echo 'Shadowsocks encryption: aes-256-cfb'
echo 'Your shadowsocks key: '
echo $SHADOWSOCKS_PASS
echo 'Glorytun port: 65001'
echo 'Glorytun encryption: chacha20'
echo 'Your glorytun key: '
echo $GLORYTUN_PASS
echo '================================================================================'
echo '/!\ You need to reboot to enable MPTCP, shadowsocks, glorytun and shorewall /!\'
echo '================================================================================'