From e063e29ff98e1b494de23d1691d033add6a64266 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Tue, 15 Jun 2021 05:04:25 +0000
Subject: [PATCH 1/4] Fix vpspath for release

---
 debian9-x86_64.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index bdbff00..cbb7d33 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -57,7 +57,7 @@ SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
 SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
-VPSPATH="server-test"
+VPSPATH="server"
 VPSURL="https://www.openmptcprouter.com/"
 REPO="repo.openmptcprouter.com"
 CHINA=${CHINA:-no}

From ce4516fac273a6de7384c11fa045e6601741eed7 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Mon, 23 Aug 2021 13:50:00 +0000
Subject: [PATCH 2/4] Commit latest small changes in script

---
 debian9-x86_64.sh                 |  12 ++++++++----
 omr-pihole.sh                     |   5 +++++
 omr-service                       |  25 ++++++++++++++++++-------
 omr-test-speed                    |  12 ++++++------
 omr-test-speedv6                  |  12 ++++++------
 openmptcprouter-shorewall6.tar.gz | Bin 3780 -> 3803 bytes
 shorewall6/params.vpn             |   1 +
 7 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index cbb7d33..444a169 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -629,6 +629,8 @@ if [ "$OBFS" = "yes" ]; then
 		cd /tmp
 		rm -rf /tmp/simple-obfs
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y -o Dpkg::Options::="--force-overwrite" install omr-simple-obfs=${OBFS_BINARY_VERSION}
 	fi
 	#sed -i 's%"mptcp": true%"mptcp": true,\n"plugin": "/usr/local/bin/obfs-server",\n"plugin_opts": "obfs=http;mptcp;fast-open;t=400"%' /etc/shadowsocks-libev/config.json
@@ -662,6 +664,8 @@ if [ "$V2RAY_PLUGIN" = "yes" ]; then
 		#cd /tmp
 		#rm -rf /tmp/simple-obfs
 	else
+		rm -f /var/lib/dpkg/lock
+		rm -f /var/lib/dpkg/lock-frontend
 		apt-get -y install v2ray-plugin=${V2RAY_PLUGIN_VERSION}
 	fi
 fi
@@ -1188,11 +1192,11 @@ else
 	cp ${DIR}/shorewall4/shorewall.conf /etc/shorewall/shorewall.conf
 	cp ${DIR}/shorewall4/policy /etc/shorewall/policy
 	cp ${DIR}/shorewall4/params /etc/shorewall/params
-	cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
-	cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
+	#cp ${DIR}/shorewall4/params.vpn /etc/shorewall/params.vpn
+	#cp ${DIR}/shorewall4/params.net /etc/shorewall/params.net
 	cp ${DIR}/shorewall6/params /etc/shorewall6/params
-	cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
-	cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
+	#cp ${DIR}/shorewall6/params.net /etc/shorewall6/params.net
+	#cp ${DIR}/shorewall6/params.vpn /etc/shorewall6/params.vpn
 	cp ${DIR}/shorewall6/interfaces /etc/shorewall6/interfaces
 	cp ${DIR}/shorewall6/stoppedrules /etc/shorewall6/stoppedrules
 	cp ${DIR}/shorewall6/snat /etc/shorewall6/snat
diff --git a/omr-pihole.sh b/omr-pihole.sh
index 20a023f..0981789 100644
--- a/omr-pihole.sh
+++ b/omr-pihole.sh
@@ -8,6 +8,11 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ]; then
         echo "This script doesn't work with Debian Stretch (9.x)"
         exit 1
 fi
+if [ "$(id -u)" -ne 0 ]; then
+	echo "You must run the script as root"
+	exit 1
+fi
+
 echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
 echo "You can select any interface and set any IPs during Pi-hole configuration, this will be modified for OpenMPTCProuter at the end."
 echo "Don't apply Pi-hole firewall rules."
diff --git a/omr-service b/omr-service
index f388c5d..c94e748 100755
--- a/omr-service
+++ b/omr-service
@@ -42,6 +42,15 @@ _glorytun_tcp() {
 
 _dsvpn() {
 	[ -n "$(ip -6 r show 64:ff9b::/96 dev dsvpn0)" ] && ip -6 r del 64:ff9b::/96 dev dsvpn0 2>&1 >/dev/null
+	if [ -f /etc/openmptcprouter-vps-admin/current-vpn ] && [ "$(cat /etc/openmptcprouter-vps-admin/current-vpn)" = "dsvpn" ]; then
+		localip="$(cat /etc/dsvpn/dsvpn0 | grep LOCALTUNIP | cut -d '=' -f2)"
+		[ -z "$localip" ] && localip="10.255.251.1"
+		remoteip="$(echo $localip | sed 's/\.1/\.2/')"
+		if [ "$(ping -c 5 -w 5 $remoteip | grep '100%')" != "" ] && [ "$(expr $(date +%s) - $(stat -c %Y /proc/$(pgrep dsvpn)/exe ))" -gt "300" ]; then
+			logger -t "OMR-Service" "No answer from VPN client end, restart DSVPN"
+			systemctl restart dsvpn@dsvpn0
+		fi
+	fi
 }
 
 _shadowsocks() {
@@ -66,13 +75,15 @@ _omr_api() {
 _lan_route() {
 	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
 	while IFS=$"\n" read -r c; do
-		vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
-		if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-			echo "$c" | jq -c -r '.lanips[] //empty' | 
-			while IFS=$"\n" read -r d; do
-				network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-				[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
-			done
+		if [ -n "$c" ]; then
+			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
+			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
+				echo "$c" | jq -c -r '.lanips[] //empty' | 
+				while IFS=$"\n" read -r d; do
+					network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+					[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+				done
+			fi
 		fi
 	done
 }
diff --git a/omr-test-speed b/omr-test-speed
index 863232f..15666e1 100644
--- a/omr-test-speed
+++ b/omr-test-speed
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -13,9 +13,9 @@ fi
 	exit 0
 }
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://proof.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -32,7 +32,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/omr-test-speedv6 b/omr-test-speedv6
index ca3d64d..3db10fe 100644
--- a/omr-test-speedv6
+++ b/omr-test-speedv6
@@ -1,8 +1,8 @@
 #!/bin/sh
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
-OVH=false
-if [ "$1" = "ovh" ]; then
-	OVH=true
+HETZNER=false
+if [ "$1" = "hetzner" ]; then
+	HETZNER=true
 	INTERFACE="$2"
 else
 	INTERFACE="$1"
@@ -14,9 +14,9 @@ fi
 }
 
 
-if [ "$OVH" = false ]; then
+if [ "$HETZNER" = false ]; then
 	echo "Select best test server..."
-	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
+	HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
 	bestping="9999"
 	for pinghost in $HOSTLST; do
 		domain=$(echo $pinghost | awk -F/ '{print $3}')
@@ -33,7 +33,7 @@ if [ "$OVH" = false ]; then
 	done
 fi
 
-[ -z "$HOST" ] && HOST="http://proof.ovh.net/files/10Gio.dat"
+[ -z "$HOST" ] && HOST="https://speed.hetzner.de/10GB.bin"
 
 echo "Best server is $HOST, running test:"
 trap : HUP INT TERM
diff --git a/openmptcprouter-shorewall6.tar.gz b/openmptcprouter-shorewall6.tar.gz
index d5769fae4f168217f983a780a6bdd3be7bb4e23a..eeb36f255423786ff3502b03dab8b9a259e435a2 100644
GIT binary patch
delta 3749
zcmV;W4qEZV9oroTABzY8C#?OE2Sk4}Ju^K|_Y93@zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-90^Rb-SmnUi($6-99<(y&|nW%9PV8itUh)SE296pDOoU{{JZ*)DDPo?}yHV
zy;$@~qd}TZJZnaIQgfDRNDa#l{gAlctsgG!*!4YP-}tMTI8efMBFG`}y&Hd#TX*3c
zk@zuiNPTI0WL;e&udWXD{V-JZ32%~a?O?A|JKzOVQWcKl40Wmtl;cEdm>j3+s;P3K
zrs^hVu+OPMb<VhwOkrHB{ovk`Lw;(iV=8M@H^?{N5X%xw%jESDHIo9C#ZP!e<gKJo
zO)$^yokie;XEyYGZl7r?*WiEfe>D%dcB}PWtM-HA&E4CKe`spk%(ro{=8R_n*J+p7
z#@$YLn@{JBQj4eUw}t#4kKcCNn>DvjJ7tk1UD&SL4QHE-{eJ(n#Hdj7Tv827F}C?V
zC%$q0sNqE=3A^Q5H0`M&34-#NfaKj0tHCRDn>DgMrzCr?-!HRDPc(lTxxuEiy;i?G
zT81)tiql(`Slj*b9GXwgeY`RG$k~6pW=y_!v;JK#cEVeG=0v-x?<sl~|GT|1{$o;w
z|1Urr_)p$BVT7oDa@-;fV%W=I;SecT5i$f^CjkB=e()Q)>JY&6Tla1iGLvu&H41+4
z7`k`&F?lV#Asv|hMyG$(J|Q=cU>}@9gQjCInO!l_Y%JWH&<-C7T9D9jNaWwf4|eE$
zPagdhnSmh*ow*x<t+`pn4sl}w_}cVC;9vT%CLS?q<;|UtH3Q-;BjVq(n~^dlvJ*v+
zH*!2Dv=>BM-7MT0Fw5@D@gj%V5eYCYx_9Q8tV0yUNCg4&2i1SGZhlW37xJ;~Y}7i(
z?X0!5#v=k__1cb6{*d?qGQI(!AIZW7=`zk^HUtJVguG}xiB5TOLXYELV>aHms}LI_
zb0@alMFb3uozmA^_O&`h^<7)@+)wE2yyk<SRfQ5lB*moqkQeY8N!8F_Flu13xI?gM
zmQ=`OG{2t(M__+QZWs1lbQA_KGB5x~Fo2*b^FjM4gz<B3&~bVfc$~is8-3S1X{<m6
z|DIKn^FPJ5BZ&Vb1$JmJ_lW&S&*6W&(=XwF3vMd>e+hct|4%f8Arv1)?w!Z*>zy6C
z_RRv2A-+%Wjd%{ACV-Taz?l>yjz_DzJ12@Ehn36Nh-ZH<f%nF_17LXoAcacFDgfUH
zU>=Zo;lwe+*4QVA_^x-i0$4_TT!L-zmjwY}LCpz69}fh6WYsaaayI)Gg#KOL75XbP
zZfAJICF^_O#P_ZAE?xcuw#Yp{TCT#|4My_1JWgx;11mN2!}*(}@&baOH+NX5KDB%f
zFhr|G43d9?NxVs{Km-GX2FXnfN>U}cx4|$u4vbmo!U%bJ3n)8Qza{XF@lsL*c`8zp
zXvHx!T}}e9dkNsGXeYFu$NjbO4F2N|pzQzmdYuaYUxISihN0i@Elou)O>5BJUmMS^
z{|@Z`Pr&EvcKR(W2kXD`|6YdFiEi<ts1I(P?^=InXLhS~)~U?*UxxyJ;m#iS+s3o!
ze_-rk{rB7bZs(-i$MxT8omT7rCFnEG|1_o|)!AQl_V>}VzXU~gf9`jXJgv*m-0-1Y
z@eEE=Wl6YR-^=QV$n=uR*}XK8%(L^UZkRPZg)8zB)WIV0f<QI1cKbj+rx@&*K3PoE
zRSkc2drZktm1XrxQbw7)lPPrLoD!J_xyp>?d!7D^3g*5J1H;u~pO1bRJ%j%zC!JRL
z{IB1w@c%{VGw@$W75Q5DKZ2{%$_D(2Z2&`(otuE)iL!u^9ED4UXxkEDAW0#;Twc|s
zk)-gMVIn$jZahuGu#+ZyPk8+T?*&y+nDu{3^G#{8QGN{ifdMJGd@N$6n9o8A4#<}g
zhQeguuZ=f(db!(05s^l^I@M}F7&I9@UY6H4z{;P?k};;@I#H)Gj6@+pQZ9K}DkMx5
zQ|E<?Vi|>A)$*>1zV~g6R?~k#H1eDoQ{TXy{jv&@X9c*b@TB^nCVB7dg*$(Z)){|$
z^_&%tX8~KA3GuU;6U0PRj6zG%x{X^mg|*nv+I;Xs44eX%*NNkhjOF3*YNMS*y1X6M
z8O`<XSl!LEx=T%gLP<3ohYuAwsE6a+;9bAr&X&Pu9zGU$B9F1K0_(hwHvLSuHtH<3
zhjogfACxMq-`Mjy8~6YEo^yPR5Ke!B(0K<)lfdM{PmA9;jC0}pb7y|cKoaMTwX`vM
z9~lKEP$>_em!#8JP!`r);D<5!2kG~~Ct;u)-P?2jA@XOxL`=%Ng&#h~E06fz#<=7I
zu`!=z3CnuLzFA|9ey`W<{pLDW^X)o5(LKW$XA`&+!8@G}Yfc;s8c82tleK@QZmUmO
zUziTEfU52jikoI&3pyD65W2!vCz~Z!cN<&lpS*qhw%F`!;i4uL*L|w22cp7fS^@2x
zwOhyd*GU4&8my+j+|k$i0p>Bfa(ijx)Bb<E-9IhIe|37@cIE%S1nt~!LQAst?=Mr=
zxc5|KK}q)#-lyGA_C(x?F%Ey=bE1q{ef6ZmiR}gU9XR)k$Oq(JxE@@`m~$V;!CABU
z@bGY)v*MG`<}zW4wnRL>kC%(xpK@?qimnDR2~TwRoDvQ0DFGjfoD&(Y#GSWW1BXmE
zr<z3-aLlMUxOSr2K6;mQ?-DwpLuXXzrUYHQ-hGEIseY~+l6gI7@3DU)KpITT2>Y}9
zK4|=i>VrLsKZMcOLG~-?gG}Vz_h2aL^a@=6eRcx29-v4g_>*9bjCS9Na~U=ruv;-L
zSshvIP!al*?oKw+@cJBgD2kZgt<|u@5@0M~%aUXcC7BMI@9eM%er|K=L=hrQlEs1?
z2lX62&;AzSf1TyBtyX_hhslprMZO*=eyuj)g_4wrp0!%KvD%PS*PwNi>RW}4kEKth
z`fxing$+nw_oVQOhwHiVF{IUMrl46vnI9Qjb>zFc4FPvOiw7KPi2#ajf}W^E0p(H2
zki#W_n2P&n9`r|qZ!ujK0+dzZO2Yiz>lJM5htkN>cym0cAHILbTT#+K6vpqYxr#!#
zw?n6xdidTL^E%xu45~4rs-!{cpuqNPY~4A&8#HAKI;-_@<4q0JUyXejG|?pCf~g~D
zkt$B11Xfe4DMN6_v4BQ(IjQ!>^_qbbE)bqj@MZ)lXHE9On$55Bi-kY47v)<lS4ZVE
zOjW0>@z9B4=na3U)mTk%!!pJc(1SG^-9yIo+_*MS+CjaJO0^$g5n;lIpbk?|4U;K`
zkf{wQN|Q`jijMYc_iB-BfGm*?`KfFUJlGo-ASg?&v+cPgOtk3eJoN4P%#PyZFym;l
zTEuSQehzzY#gC0g@9Z#NV=Og21SuxtMqN~l&<P5u^%{TH^d*hgL5F^v(kb2S&=X0?
z(~U1{V?WkKhshqpbn7tL8YjSXPuSEWO6+0cb%01go!}c}gKs0)T_3(jzc%^+7r5v6
z@Xy2d(PI=l%MSnna|dH#nP>dr+nR2S3%t?&HVdT8{3X7I2F3R>UL|jW0j#!OH+xwr
zDp(Im86|)I>iXVdFgHj7@gYN;NQz|e=LS_wxD+!F7hmYZVT0s#Li&c^I$^?JP-bDz
zc|#Jc#6lWLO13Zub+GG4sZ(&2+cZ#3Va!X4WeB>YnQ5hh%ulq5kyIhbl-DhQGIpa*
zG?|)7bFdV^62oG&03}s<iYJ~)1tP^lmN}*h#_WHjiK>FepGV(AyjJ)L$hww~6`?<A
zpdl7}_$W~$PgHd?#r-5{$b)5PIK%`2cjSuKMJo{%52ll1*+_vQ87TnSQ{_TYuV4&x
zDKRt1EJ2T;H52p`=VqGpO;Th@p-`78jI)Ahj4WtKff-B%k-%$68pl~yy;|*pQq9s$
zD>Z*)*NMl(i|MO#hQ<6LmYg|6o63-<n&@Z1iW$jtbKip<v|!HiZsQClE*2Xk%a{&_
z(och5FlB1epDa9+SEuHn->TIxqI)9!OmX9pU0VfJRhUc0ur7JBfbJOmaSE=omA`wE
zmSX-Dvx{~Z=f={~p)HD1ru{egOW?)fOGbav6!H#bw?DzynAx4COQ6)+pxz-}_J`kX
z`0H%`p@~I31_t#~5;LVw()4LI!&4)Na+sM!BuvxB*RWoA*#ccG6otuKCnOFsC;~MM
z*zTkqLM2dTQQ$SmH*&SVQuPZSI<JTc^UqXQtz;b7t*X!teheD>K{$=s{R_Z2Gj)Fx
z4M4bT7t3&NpW6>nGBn&w;CQg0f_xKF%*mG7TGNZUSqwq8DJbTp@eKJMV7tA1+pwLL
zY!J57*N*>o-rDtlx&u2N%O@sr!VXz3a1Y6oYnZ?(F?ZiAuDNr`M4-%8($>8?945Z_
zgf}j-TvX=d8i3^hgG30zCLW=QplpAtNpw0<FX=80t0QnGc2LbH>6!SCPODWu|81R|
zRPi4#LYwg)dCZ5Q@Md#jNB>zlp*?q;uMGd_SCJoo;>Zugkb2&c^i=)n6ZPgM7dua9
z-CRO)QHVcM9LW>E9>P5t|G}|e5J8tr;Lt%S{+I}d5g_bGN1*6Ae=f<Ac@2Mq2EY&7
zVx1SE)+7eM*=`;Ey9RCC&Rcl<9ane*83!5GX7YR!pLc><gD$Z#WDi{ON1##d0874J
z2llt$a2(Xv;z}<g|K%QfR+Li|`$6E$_ZkNJT>O8pSAPGm(>bYr|KmmIWAUH8f-g`|
zkuUZG+MUV;_%piz1s&PLYXE;=8H~Bf_f<iW#bC(v9>q(dmol@;HP&g3b@Ge+pvP|{
z48r@J<Nw>e&dFB%e}(@qL!S}<|1+vc_4-$Z{vSnu1|oZa{q(n)%xjH-efp~@TevJK
zTS<)6srlJh|FOEWUuwzT3d@68vp`u4EzVypV>f?5l&`3wiYlt8qKcEL4iA%`4iOFL
P&r1ITPlA_20C)fZM6_PA

delta 3704
zcmV-;4u|pE9mE|6ABzY8V0I~y2Sk58Ju^K|_Y8w(zURfEJ^SU={-_1iKRIFFK;`dt
z|FrX}-92rebWU3R?&+&myM1!ne??k*)G4P`6x$&ouR`CCKUMCz{Qpxrs2vdF-VdDz
zd$H(~MuRk+c-D;aq~<KMkQ$a9`XO<>TR&XdvFm%pzVTNvaiE0jM36(`dpCa~x9-9@
zBJpG3kowa0$XZ+@7gq;)KMYlU!keU9JJ>7L4tT+oRE6U>L!IgZ<v5WVCdX;IYO0*5
zsk+G->~m^RoinZ^QyAB3Ke)H#ke{0Bn93T}4f4%5#Igj_GI@PO&7^>3@e^JVc`GSY
z6U?)FXAwBznGJ29+h>}}H8_9#U(Exq-D-W;s{P=2bN4pmADY@W^KBfgIpbNtb=oDi
zaktam=F@qjRO4y;Z6W{1<G0=RrsVc%r>v5s3)`aIaJI?V@Apqjj0!c+CDpJLW1HV|
z;v3hG8eUY=uv?a*X-{=Y5S04_H1C#J4PK$!tdZ?GCEa`dewkHzqSAlJ4K}sywfg1W
zGL*?voZhm;+U}Rf(0p?2<Bh>b&i>mqWAeS5`R{tM6W-c0C)$m?r|4Py@Ak_0-|trV
z|01-3|Kyz$Mu_Ss$1TzzhP@0H4v}&bAw$4*0^m>L2fvY<4gpNRb?;Uoa|y>FQSgJu
z(7n5l$!p;a>A>(eI<0^93AuR$|KJoVG#z`%{ECTgW8vO}cKArpgM^MlBL6miutVp2
z^60O~3>-=5%-sll&CM!yh#M2Y*QOr=|I&v!@rX$)Z|;Pw8c=T;5&xFmjFc&nohX95
zk>fd`y&&4^X5r3&S$1cR7dga^NPub4y)(~r9ik#estCA05YK;_`8{!5$j7>~Uh5pU
zv)WRLM+ExnwH>4WA@Kubd;>~9l7$W0Wt_*X3k;|TdC_?io$}&@9>>4NtiNwpAy!7_
zPHel22pAeWrLXtwYjcR|yY}XJoY2|1<b$78g%Uy}#iaU>7w{TM)i7Q#YT&ZCL-1*q
zRLEpBzn=w1;7EUN7xrCr6b8^U&;du#fnX`~LHj6#{&Q|HaC#SboWBekeb+l_tiS~S
zo(akMpJLk)#D9_kJG7U3#D1jb@W0*Zm+-%JdfKk=|0U@8_&>1_hERMIxpyAJuXlFn
z+BXY8hWI|gH{v;fngCKx0%uZ;I3BI;?wlxw99Ax4Bc6Y~1l}9x4uItWfE0w1RRFOM
zz&s%F!ii&st+7uK@m=q31+a|xxCGzeFAEC5gqjnEJ{~Ci$iy+YayHu*g#KOL6#6T3
zZfAJICG&gW#P_ZAE}i}ZHpx9dTCT#|4My_1+)r!#11~l6!}*&;cmY8$nma6rPd%Rl
z4AE*4gXVwW5^oYO5J3l_Lvj;`l87YtHaI57fj$de=piq!0d+_5TMF+OFC|5gry?bZ
zRUAXr<s<;RmjJGcc0%iM++Q8f;6JVa%JF}%*RAmXB`6PV82bI*+Enz?v<B_{)$#27
zhwJkE?^p5Pi%{Uh68Leybv(QO)9buypS0SY&S`(Q)#)bj|4B9eFF~KN|D!PzsrG)V
zy`PWn{Uj)|`+c8-<Y`U5=YkJyihD4cDoeuk`d(H?M5dQi&hDj&WS*T*b;GRTE=-Y^
zpbZv@7X+%Awc7{sImIAi{$w#xS2eWlF(pG)mengs8D;uTrqGOYN@O1NDl?Yvb^0$V
znEQX)3<_6^eQy0TdItYbPC8}(55-#*{=Wo$2L9`4B3}#tM{spo`G7yM4`4{La~JSC
zQFdS;N8yqq+V(_vkf4xWF0bm+NK*LBF%g|NH=ZWov4bXjPk8+T?*&y+nD<KaO=+@G
zehl`32NH7q*olQ=K6|8mK)#IdC`9)C+IWAHr<a>uR1s;Ut5dD^gF%zt<7Ih$1FZbH
zEE!`et`l`CLr)YEB;}Hqr9#3~F?C+JD3(#^RV{Ct=zHJB=r#QZL?h3cG4l=F*)OXg
z*(=6bg*%l8HOYHtFWmWS^v>9-=e&443)tLDh@Z`zASR+>6l#jrb=<lsti^s-=YxMA
z;=vhUd7T6fNnaiguQuvQw9D&ZjnQ21j>&GO;x07>3MFDV4j(FUAcy1J;9bAr&X&Pu
z9&QUik;hnAfpy+TtA3_g8!}7vp-eIKgOafNjXkfke*drUImgEc;Uoy1cYrhrOfLMi
z_>IFj7rsAt=En>qaoku<8@>0DUSNL;mGW@EJRQb@v9Rg_Ka9ygNWTX$2?O2e-k$pp
zkw5z-Vp`rU{O~bedBpcN`X%p(jqxmNShg$n%_?j3d%bS&H_KSfw`F{yd4@6025={e
zcRC$boj4XWl0Lp9YfIfWpR&C$8)OG+x=$Exnt?Uw;PgXi3Y(p5l$h)`*4BSNdHeQl
zvD(?fMN2Bq`_xzuM1{|+0_r(yw~q0zlN=;!FiC&8Cl~7nSjQO3?WK-S$N%ki|FnGm
zr_<|ps`&pUXy<VgdXjZ~f0>5Hy{DcmmuxTLeL4(fPeh#<p96o+DN`n|o(P=SUSQur
zaKDIrK<<U>!F7x|_i-GYHJg7A4-dyVD?SNpE)$k$OU2{+c)8g9E(gb@=xPv?@I;5t
zDbe7b5{RM5Ig#N?+<Cn<2*`AEs##Qlz>JE6YbUDhqjgF1E};=RG)9GHO3=jX-8blx
z>gTE<nb(8%9vcFr!LW?5J-cs%#*e5z*rWPG=zSe@zk)W%MBaT1hLV3yuORf_XCq+g
z0fsb!KMCf@X!ngcmtoNXs}<9d)se+E6`?)p>SQAgug`IXqKN6;+6+4^0r~=#EJ@~2
zlIfuN&JLRp=Qfv46d}?iS?rM8pq|6$+211kud`gX)JkNS{76;g>w)6eY7<^4X^H4r
ztECI84NY|oYB#CARoH*{So&nD54TfO*nsqPOA1H)UC)h=A+1(31<e}D{K(jnk+14D
z6x{VF9&l(S0vNgpcA^pmj7KFy4yOQODz2Y-upbe=#dKN-P*#O23G;VvSFo@jN+V0-
z&GDdq_#SUXN&isjzq95l3gO-konq?Ydt=P&bh9v+#)ztt2C0980^6^#b?5kQ(3C0I
ztk%bcH#N|HHTGf9#FB&yW{zM*syKxbD5h3Zh7gWp0gdW%BKF4hnt>B85S~!+W&|l`
zP4>a6&9Cx{g+H?w<y$OQN8>b1Ri~`-(1~Jb4VcwfO>o09#uU(lRT|wx#`N5{Hc;C^
zy^cn;A7Bw-z=wZe4pT4<lNpAPnGG09lT28Oj{a-+W|1s_ERhcRsca5BSQ{50C`+!h
z<+&tGwCLzO^zHe~j^bo9<7l#4#BSk!4r_14kBvv~>@c5WEH&K(DJJ7WT~v(F2@0w8
z8cO<-%Ijc5KTheCZZ_zNq~z(wm({T!@1nzCk72lV7;Jxy6JWR}Z0Hds_Au}|K%}5f
z@C~BDw-Kza58q>48-0KaTyuQ*=i&S4F^Zk#2Y`UNgJ&UGWc=aVnr@5>ywUwO3#82a
zCBB9P#rM)*rD%cythSyvdzmRJcn?V#CGqO|-eNE}NDg8{hB%QF$>7fos+e#oW)UvF
z(1qOw$?JcF^bN0d!i2w|%)_4Zh9p>thcuFuY+?@T;Mb4Rpx`L?X<(Ydn3ojG5Ohg1
zQ=x*)Pqc}Vh!AAT>lQ#6yHO{aOwFV^m<r&DVKQ2PlBzt#9nVC7NU@M*j;UhtV%iu{
zRnYnK7<-7<3O@l|*ZQ#{^d}80#9|L0C2Hh}s&0R#xSu2qdGPEEhnOM|j$HA&XeFxR
z#&l9F>nU&~BLyIPs$3}Q74(5FC2j_pC1?@UW`cd<*i4hQNs25f6l9sgI4g+G$byO#
z7{OE#38IFiavWvVtJN+j)hyk#Qb%^3L`=MxzB*-CEFNOXSwOUD40)=FaR$tokxVz&
zJ=lLh3&t#OHjZEtVzExLjOlPF{WSOmQ>G^U$-+H(b!ra!ty&FF^iHIoDK0#+YpY<Y
z3Jb{?)+J9CFdU;lP9apb@^=r?QY^k=e$fu&+*w*W)J0LtwEYHu3B1^SNl%(W-k|LE
zC+Hh9yVG<Dj9MGiJEY70@VgCvoy|XVv1otCz@T1AVrKM7nm)}&cxvQO4kMGOglXFN
z8s-ZxTVRWYqA+;tgd{))L!gEM%bm1AXauS(3cLpSMsD_3s(!&k;}tPs{+a5kmGlF<
zRTbL7k3nNU2&XZ>e*qY0reUH12$!v58P4r<`5{V%hKmX84|b>^UxXBMvT3%q^kRQ*
zc7`BZ6cqE)^9=bKV7tD2*|43JED*NS*Ma|b-a7Pux&b@x%O?hL!Zukha1F_mYZ$;O
zF?U}r&bf2RM4-%O($>8?944{&gf}j-Tr}q78i3^h4~Y<jP255g!Pr!j=yal9(p_v;
zM-WWxK+GrUne!i=R;#@K+dAo0=Rbd5gf`EA<Yzt%g*TfMJNnPc3GKP#eC6?ves%KW
zPkizNF{GY1B;8eidPlvv$;I~5Su>ZATvXzZbdKbSUytCPJpaM5Uy#6%OyDp;DgKxQ
zhbKVTk4`|*bN*bCCG#3O4S*k(#X2v7)LZAf*4bIJ-8%Yr4eGd^xA68muJC^bDt0o=
z&E)weKJNsx23ul%$R4=lk3gf^0hWB72(>{}`who|ycSn_8TBvs(6gePqSy}tXTH~C
zpwFHE@Ab;>e|0)1)$c#N2z~7QXRi<o6inoc<A8Rj3IYDiAwa=K_V60OS02XP<ol{a
zk;TK1={>5KoL<V@D%V)2HP%$gFY<#9zmf0|-tT<=zuoJcY@h$H@c%{VGtU42j3!dO
z{#Bv>N70{w$R1!n{cRreT4P|J{%Xb+E=$T*5+ikLem2&BOm_B59obu9`C-=Vpe!Df
WoDMP%sG^GgjPySSZ@`TJcmM!)=v)v0

diff --git a/shorewall6/params.vpn b/shorewall6/params.vpn
index e69de29..a7a7058 100644
--- a/shorewall6/params.vpn
+++ b/shorewall6/params.vpn
@@ -0,0 +1 @@
+OMR_ADDR=fe80::a00:2

From 16e01d1120f6f9baf13ab5e80b601fec12e6e739 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 19 Nov 2021 21:03:15 +0000
Subject: [PATCH 3/4] Various fixes

---
 debian9-x86_64.sh |  8 ++++----
 omr-service       | 10 ++++++----
 shadowsocks.conf  |  2 +-
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index 444a169..d71a6e9 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -166,7 +166,7 @@ echo "Remove lock and update packages list..."
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
-apt-get update
+apt-get update --allow-releaseinfo-change
 rm -f /var/lib/dpkg/lock
 rm -f /var/lib/dpkg/lock-frontend
 rm -f /var/cache/apt/archives/lock
@@ -179,7 +179,7 @@ if [ "$ID" = "debian" ] && [ "$VERSION_ID" = "9" ] && [ "$UPDATE_OS" = "yes" ];
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:stretch:buster:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="10"
@@ -189,7 +189,7 @@ if [ "$ID" = "ubuntu" ] && [ "$VERSION_ID" = "18.04" ] && [ "$UPDATE_OS" = "yes"
 	apt-get -y -f --force-yes upgrade
 	apt-get -y -f --force-yes dist-upgrade
 	sed -i 's:bionic:focal:g' /etc/apt/sources.list
-	apt-get update
+	apt-get update --allow-releaseinfo-change
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" upgrade
 	apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" dist-upgrade
 	VERSION_ID="20.04"
@@ -252,7 +252,7 @@ elif [ "$ID" = "ubuntu" ]; then
 fi
 # Install mptcp kernel and shadowsocks
 echo "Install mptcp kernel and shadowsocks..."
-apt-get update
+apt-get update --allow-releaseinfo-change
 sleep 2
 apt-get -y install dirmngr patch rename curl libcurl4 unzip
 
diff --git a/omr-service b/omr-service
index c94e748..a51b564 100755
--- a/omr-service
+++ b/omr-service
@@ -73,15 +73,17 @@ _omr_api() {
 }
 
 _lan_route() {
-	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]' |
+	cat /etc/openmptcprouter-vps-admin/omr-admin-config.json | jq -c '.users[0][]?' |
 	while IFS=$"\n" read -r c; do
 		if [ -n "$c" ]; then
 			vpnremoteip=$(echo "$c" | jq -r '.vpnremoteip')
 			if [ -n "$vpnremoteip" ] && [ "$vpnremoteip" != "null" ]; then
-				echo "$c" | jq -c -r '.lanips[] //empty' | 
+				echo "$c" | jq -c -r '.lanips[]? //empty' | 
 				while IFS=$"\n" read -r d; do
-					network=$(ipcalc -n $d | grep Network | awk '{print $2}')
-					[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+					if [ "$d" != "" ]; then
+						network=$(ipcalc -n $d | grep Network | awk '{print $2}')
+						[ -n "$network" ] && [ -z "$(ip r show $network via $vpnremoteip)" ] && ip r replace $network via $vpnremoteip 2>&1 >/dev/null
+					fi
 				done
 			fi
 		fi
diff --git a/shadowsocks.conf b/shadowsocks.conf
index 5fb5da0..d6d760a 100644
--- a/shadowsocks.conf
+++ b/shadowsocks.conf
@@ -60,4 +60,4 @@ net.ipv4.conf.default.log_martians = 0
 net.mptcp.mptcp_checksum = 0
 net.mptcp.mptcp_syn_retries = 2
 net.mptcp.mptcp_scheduler = blest
-net.ipv4.tcp_ecn=1
+net.ipv4.tcp_ecn = 2

From 80894ba2e2e8390c8dbdef8c0f6aed70ef50153a Mon Sep 17 00:00:00 2001
From: cernoel <cernoel@users.noreply.github.com>
Date: Wed, 24 Nov 2021 23:24:24 +0100
Subject: [PATCH 4/4] script has not found the app versions, updated them

---
 debian9-x86_64.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/debian9-x86_64.sh b/debian9-x86_64.sh
index d71a6e9..8bc8b38 100755
--- a/debian9-x86_64.sh
+++ b/debian9-x86_64.sh
@@ -38,11 +38,11 @@ KERNEL_VERSION="5.4.100"
 KERNEL_PACKAGE_VERSION="1.18+9d3f35b"
 KERNEL_RELEASE="${KERNEL_VERSION}-mptcp_${KERNEL_PACKAGE_VERSION}"
 GLORYTUN_UDP_VERSION="32267e86a6da05b285bb3bf2b136c105dc0af4bb"
-GLORYTUN_UDP_BINARY_VERSION="0.3.4-4"
-GLORYTUN_TCP_BINARY_VERSION="0.0.35-3"
+GLORYTUN_UDP_BINARY_VERSION="0.3.4-5"
+GLORYTUN_TCP_BINARY_VERSION="0.0.35-4"
 #MLVPN_VERSION="8f9720978b28c1954f9f229525333547283316d2"
 MLVPN_VERSION="f45cec350a6879b8b020143a78134a022b5df2a7"
-MLVPN_BINARY_VERSION="3.0.0+20201216.git.2263bab"
+MLVPN_BINARY_VERSION="3.0.0+20211028.git.ddafba3"
 UBOND_VERSION="672100fb57913ffd29caad63517e145a5974b078"
 OBFS_VERSION="486bebd9208539058e57e23a12f23103016e09b4"
 OBFS_BINARY_VERSION="0.0.5-1"
@@ -50,11 +50,11 @@ OMR_ADMIN_VERSION="027d5c8e80ef469d33e43f6cbf3103b30e55ea1c"
 OMR_ADMIN_BINARY_VERSION="0.3+20210508"
 DSVPN_VERSION="3b99d2ef6c02b2ef68b5784bec8adfdd55b29b1a"
 DSVPN_BINARY_VERSION="0.1.4-2"
-V2RAY_VERSION="4.35.1"
+V2RAY_VERSION="4.43.0"
 V2RAY_PLUGIN_VERSION="4.35.1"
 EASYRSA_VERSION="3.0.6"
 SHADOWSOCKS_VERSION="bf44f710b4a0c451809279383acc847995c35ead"
-SHADOWSOCKS_BINARY_VERSION="3.3.5-2"
+SHADOWSOCKS_BINARY_VERSION="3.3.5-3"
 DEFAULT_USER="openmptcprouter"
 VPS_DOMAIN=${VPS_DOMAIN:-$(wget -4 -qO- -T 2 http://hostname.openmptcprouter.com)}
 VPSPATH="server"