teddysun / across Goto Github PK

下面方法可以解决，希望作者可以添加到安装脚本里。

/boot/grub/grub.conf 缺失：

yum install -y grub
grub-mkconfig -o /boot/grub/grub.conf

/boot/grub2/grub.cfg 缺失：

yum install -y grub2
grub2-mkconfig -o /boot/grub2/grub.cfg

如果要升级最新版本 怎么做

l2tp.sh 执行完出现./l2tp2.sh:行652: ipsec: 未找到命令

安装后，一直无法连上，就去后台查看，显示正在运行，但是监控的数据全部没了，我就点了重启。
结果现在一直是后台显示正在停止…，已经20分钟了。完蛋了。上面好多数据。

仓主觉得有必要么？ 最近在开了bbr后就装不上wireguard了，因为没有内核对应的额源码包，dkms就自动跳过了，如果有必要我就给你发个PR，没有就算了。

启动命令 docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --env-file=/tmp/l2tp.env -v /lib/modules:/lib/modules teddysun/l2t p

/tmp/l2tp.env 文件内容

PSEC_PSK=teddysun.com
VPN_USER=bahangtu
VPN_PASSWORD=vpnpassword
VPN_PUBLIC_IP=
VPN_L2TP_NET=
VPN_L2TP_LOCAL=
VPN_L2TP_REMOTE=
VPN_XAUTH_NET=
VPN_XAUTH_REMOTE=
VPN_DNS1=
VPN_DNS2=
VPN_SHA2_TRUNCBUG=

接下来无法启动

root@iZ2ze72ujoo5ubiog2nr4rZ:~# docker run -d --privileged -p 500:500/udp -p 4500:4500/udp --env-file=/tmp/l2tp.env -v /lib/modules:/lib/modules teddysun/l2t
p
a38d4976e712e9528eb71696868967a7e38817f130c9602a2da27aa07d99408a
root@iZ2ze72ujoo5ubiog2nr4rZ:~# docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
root@iZ2ze72ujoo5ubiog2nr4rZ:~# docker ps -a
CONTAINER ID        IMAGE               COMMAND             CREATED              STATUS                          PORTS               NAMES
a38d4976e712        teddysun/l2tp       "l2tp"              5 seconds ago        Exited (1) 4 seconds ago                            stupefied_williamson
root@iZ2ze72ujoo5ubiog2nr4rZ:~# docker logs a38d4976e712
Error: Environment variables must be specified. please edit your environment file and retry again.

我改成这样能用了
install_wg_1() {
install_wg_pkgs
_info "Install wireguard from repository"
case "$(_os)" in
ubuntu)
#_error_detect "add-apt-repository ppa:wireguard/wireguard"
_error_detect "apt-get update"
_error_detect "apt-get -y install linux-headers-$(uname -r)"
#_error_detect "apt-get -y install wireguard-dkms"
#_error_detect "apt-get -y install wireguard-tools"
_error_detect "apt-get -y install wireguard"

1，libreswan已经有deb包了，直接 apt install libreswan 就行
2，配置完 /etc/ipsec.conf 之后，没有正确加载 l2tp-psk-nonat，需要调整一下配置或者执行命令 ipsec auto --add l2tp-psk-nonat 确认加载

怎么卸载l2tp

[Sat Dec  7 09:45:07 CST 2019] systemctl start wg-quick@wg0
Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xe" for details.
[Sat Dec  7 09:45:07 CST 2019] Execution command (systemctl start wg-quick@wg0) failed, please check it and try again.

[root@bogon ~]# journalctl -xe
Dec 07 09:44:29 bogon systemd[1]: Starting man-db-cache-update.service...
-- Subject: Unit man-db-cache-update.service has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit man-db-cache-update.service has begun starting up.
Dec 07 09:44:32 bogon systemd[1]: Started man-db-cache-update.service.
-- Subject: Unit man-db-cache-update.service has finished start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit man-db-cache-update.service has finished starting up.
-- 
-- The start-up result is RESULT.
Dec 07 09:45:07 bogon systemd[1]: Reloading.
Dec 07 09:45:07 bogon systemd[1]: Starting WireGuard via wg-quick(8) for wg0...
-- Subject: Unit [email protected] has begun start-up
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit [email protected] has begun starting up.
Dec 07 09:45:07 bogon wg-quick[25551]: [#] ip link add wg0 type wireguard
Dec 07 09:45:07 bogon wg-quick[25551]: RTNETLINK answers: Operation not supported
Dec 07 09:45:07 bogon wg-quick[25551]: Unable to access interface: Protocol not supported
Dec 07 09:45:07 bogon wg-quick[25551]: [#] ip link delete dev wg0
Dec 07 09:45:07 bogon wg-quick[25551]: Cannot find device "wg0"
Dec 07 09:45:07 bogon systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Dec 07 09:45:07 bogon systemd[1]: [email protected]: Failed with result 'exit-code'.
Dec 07 09:45:07 bogon systemd[1]: Failed to start WireGuard via wg-quick(8) for wg0.
-- Subject: Unit [email protected] has failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
-- 
-- Unit [email protected] has failed.
-- 

我用官网 的方法安装失败，后来就想用大佬的脚本测试，一看果然也是挂的。CentOS8自带内核感觉跑不动。

搬瓦工centos7 bbr装完之后直接ssh连不上

大佬，您好。请问ftp_upload.sh可否添加自定义端口，部分主机ftp不使用21端口。

centos7的系统,没有安装在docker中,直接安装的,然后用win10连接会导致服务器重启

昨天（7.13)还可以用的，今天就不行了。
No package kernel-ml available
No package kernel-ml-devel available

Is it possible to add IPv6 support

ftp_upload.sh

You must to modify the config before run it

在l2tp.sh附带的使用教程中，使用了如下命令行来下载并启动l2tp.sh：

wget --no-check-certificate https://raw.githubusercontent.com/teddysun/across/master/l2tp.sh
chmod +x l2tp.sh
./l2tp.sh

其中的--no-check-certificate选项会导致wget在下载脚本时，不对SSL连接进行证书检查。

这一选项可以在一些没有安装CA证书的环境下也能成功下载脚本，但是这一选项带来的不安全性是显然的：例如，GFW可以通过MITM对GitHub进行劫持以窥测甚至篡改用户下载到的内容；尽管劫持GitHub会是一个显眼的操作，但是他们真的这么做过。

考虑到一般来说Linux发行版会自带常用的CA证书（例外情况比如初始容器镜像中可能不含CA证书），建议将教程中的该选项去掉以提高安全性，同时附带“安装CA证书的方法”供进阶使用：

# For Debian/Ubuntu:
sudo apt install ca-certificates
# For CentOS
sudo yum install ca-certificates

backup.sh

You must to modify the config before run it

Correct: You must modify the config before run it.

运行bbr.sh后reboot后显示Kernel panic - not syncing: VPS: Unablt to mount root fswn-block.
请问如何解决呢？
谢谢！

安装好后连接不上，请问这个问题怎么解决？

docker logs l2tp正常
ipsec status报错
whack: is Pluto running? connect() for "/run/pluto/pluto.ctl" failed (111 Connection refused)
重启ipsec无法解决
连接不上 提示无响应 确认400 4000udp均已开放

Complete!
libreswan-3.20.tar.gz not found!!!download now...
--2018-11-13 21:00:26-- http://dl.teddysun.com/files/libreswan-3.20.tar.gz
Resolving dl.teddysun.com... 31.13.79.17
Connecting to dl.teddysun.com|31.13.79.17|:80... failed: Connection timed out.
Retrying.
Retrying.
Giving up.

which kernel you'd select (default 4.20.2):
your selection: 4.20.2

Error: Getting Linux kernel binary package name failed, maybe kernel build failed. Please choose other one and try again.

运行系统环境:CentOS 7.4.1708
内核版本:4.13.12-1.el7.elrepo.x86_64
使用脚本:Bench.sh
出现的问题:在部分主机上，硬盘容量统计会报语法错误

硬盘情况如下:

和正常显示的机器对比，发现/dev下仅有一个挂载硬盘时不会出现语法报错，而有2个(或以上)挂载硬盘时，就会出现类似上面的语法报错。

我在Vultr的VPS上搭了一个debian的系统。
df 命令里有udev的字段，但是我看了下脚本的代码没有过滤掉。
显示是这样的：

自己添加了过滤udev字段后，显示正常。
disk_size1=($( LANG=C df -hPl | grep -wvE '-|none|tmpfs|devtmpfs|by-uuid|chroot|Filesystem|udev' | awk '{print $2}' ))
disk_size2=($( LANG=C df -hPl | grep -wvE '-|none|tmpfs|devtmpfs|by-uuid|chroot|Filesystem|udev' | awk '{print $3}' ))

L2tpd subnet mask setting: I install l2tpd.sh to execute the script. After the VPN server is enabled, the subnet mask is 255.255.255.255

This subnet mask is wrong. It should be 255.0.0.0 according to the principle

Can this be configured? Hurry!!

l2tpd 子网掩码设置：我安l2tpd.sh执行脚本，vpn服务端开启后，子网掩码255.255.255.255
这个子网掩码不对，按道理应该是255.0.0.0
这个可以配置吗，着急！！

./bbr.sh: line 6: syntax error near unexpected token newline' ./bbr.sh: line 6: '

[root@localhost ~]# systemctl status ipsec
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
Active: reloading (reload) (Result: exit-code) since 一 2020-06-01 18:48:49 CST; 10s ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 5303 ExecStopPost=/usr/sbin/ipsec --stopnflog (code=exited, status=0/SUCCESS)
Process: 5301 ExecStopPost=/sbin/ip xfrm state flush (code=exited, status=0/SUCCESS)
Process: 5300 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, status=0/SUCCESS)
Process: 4699 ExecStop=/usr/libexec/ipsec/whack --shutdown (code=exited, status=33)
Process: 6380 ExecStart=/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork (code=exited, status=1/FAILURE)
Process: 6368 ExecStartPre=/usr/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
Process: 6365 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
Process: 6120 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
Process: 6119 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
Main PID: 6380 (code=exited, status=1/FAILURE)
Status: "Exited."
Error: 1 (不允许的操作)
Memory: 680.0K
CGroup: /system.slice/ipsec.service

6月 01 18:48:49 localhost.localdomain pluto[6380]: DH22 IKEv1: IKE ESP AH IKEv2: IKE ESP AH
6月 01 18:48:49 localhost.localdomain pluto[6380]: DH23 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
6月 01 18:48:49 localhost.localdomain pluto[6380]: DH24 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS
6月 01 18:48:49 localhost.localdomain pluto[6380]: no crypto helpers will be started; all cryptographic operations will be done inline
6月 01 18:48:49 localhost.localdomain pluto[6380]: Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-327.el7.x86_64
6月 01 18:48:49 localhost.localdomain pluto[6380]: | selinux support is enabled.
6月 01 18:48:49 localhost.localdomain pluto[6380]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
6月 01 18:48:49 localhost.localdomain pluto[6380]: watchdog: sending probes every 100 secs
6月 01 18:48:49 localhost.localdomain systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
6月 01 18:48:49 localhost.localdomain systemd[1]: ipsec.service: main process exited, code=exited, status=1/FAILURE
[root@localhost ~]# ipsec verify
Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.25 (netkey) on 3.10.0-327.el7.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [FAILED]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]

ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help

运行系统环境:CentOS release 6.9 (Final)
内核版本:4.9.75-30.el6.x86_64
使用脚本:Bench.sh
出现的问题:在运行时会出现ping -4命令不存在的问题

PS:CentOS 7系统下运行正常

如题 ----请问大佬这个是原版BBR吗?
额 不知道和魔改版的BBR 有什么区别!

我这边本地测试有两个设备Android（小米6）和mac pro，连接到一个wifi，出口ip相同
我本地测试如下：

1. 每个设备独立连接都是可以的
2. android设备切换到移动网络，mac是连接的wifi是可以的
3. android设备在一个wifi下保持服务器连接，mac尝试连接会出现连接不上的情况
4. mac设备在一个wifi保持服务器连接，android设备会连不上去

我服务器环境是centos7，我通过观察日志
journalctl -f
发现这个应该是因为一个wifi出去的ip相同会有冲突

mac连接服务器端会报错如下：
Feb 26 15:10:14 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk"[21] 123.58.9.18 #26: ESP traffic information: in=0B out=94B
Feb 26 15:10:14 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk" #26: deleting state (STATE_MAIN_R3)
Feb 26 15:10:14 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk"[21] 123.58.9.18: deleting connection "l2tp-psk"[21] 123.58.9.18 instance with peer 123.58.9.18 {isakmp=#0/ipsec=#0}
Feb 26 15:10:14 izj6cb393gayijp3r7ticfz pluto[2717]: packet from 123.58.9.18:4500: received and ignored empty informational notification payload
Feb 26 15:10:25 izj6cb393gayijp3r7ticfz xl2tpd[2790]: xl2tpd[2790]: Maximum retries exceeded for tunnel 40776. Closing.
Feb 26 15:10:25 izj6cb393gayijp3r7ticfz xl2tpd[2790]: xl2tpd[2790]: Connection 52 closed to 123.58.9.18, port 52402 (Timeout)
Feb 26 15:10:56 izj6cb393gayijp3r7ticfz xl2tpd[2790]: xl2tpd[2790]: Unable to deliver closing message for tunnel 40776. Destroying anyway.
Feb 26 15:12:38 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk"[20] 123.58.9.18 #28: responding to Main Mode from unknown peer 123.58.9.18
Feb 26 15:12:38 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk"[20] 123.58.9.18 #28: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 26 15:12:38 izj6cb393gayijp3r7ticfz pluto[2717]: "l2tp-psk"[20] 123.58.9.18 #28: STATE_MAIN_R1: sent MR1, expecting MI2
Feb 26 15:12:38 izj6cb393gayijp3r7ticfz pluto[2717]: packet from 123.58.9.18:201: phase 1 message is part of an unknown exchange

规则可以稍微再修改下。

好像是更新到20.04系统后，这个指令不生效了。

`erifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.20 (netkey) on 4.4.0-63-generic
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax INTERNAL ERROR - unknown rcode:WARNING
003 WARNING: using a weak secret (PSK)
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
`
any resolution or method to debug for this issue? thanks.

Starting December 30, 2019, we will be requiring users of our GeoLite2 databases to register for a MaxMind account and obtain a license key in order to download GeoLite2 databases. We will continue to offer the GeoLite2 databases without charge, and with the ability to redistribute with proper attribution and in compliance with privacy regulations. In addition, we are introducing a new end-user license agreement to govern your use of the GeoLite2 databases. Previously, GeoLite2 databases were accessible for download to the public on our developer website and were licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.

Starting December 30, 2019, downloads will no longer be served from our public GeoLite2 page, from geolite.maxmind.com/download/geoip/database/*, or from any other public URL. See the section below for steps on how to migrate to the new download mechanism.

Debian 10.0 64bit

root@localhost:~# /opt/wireguard.sh -r
[Thu 06 Feb 2020 08:12:30 AM PST] Check OS version
[Thu 06 Feb 2020 08:12:30 AM PST] Install wireguard from repository
[Thu 06 Feb 2020 08:12:30 AM PST] apt-get update
[Thu 06 Feb 2020 08:12:35 AM PST] apt-get -y install linux-headers-4.19.0-5-amd64
E: Unable to locate package linux-headers-4.19.0-5-amd64
E: Couldn't find any package by glob 'linux-headers-4.19.0-5-amd64'
E: Couldn't find any package by regex 'linux-headers-4.19.0-5-amd64'
[Thu 06 Feb 2020 08:12:36 AM PST] Execution command (apt-get -y install linux-headers-4.19.0-5-amd64) failed, please check it and try again.

仓库里只有linux-headers-4.19.0-6-amd64这个包吧。

gcc -o ./pgms/arithoh -DTIME -Wall -pedantic -ansi -O2 -fomit-frame-pointer -fforce-addr -ffast-math -Wall -Darithoh ./src/arith.c ./src/arith.c:32:10: fatal error: stdio.h: No such file or directory #include <stdio.h> ^~~~~~~~~ compilation terminated. Makefile:185: recipe for target 'pgms/arithoh' failed
16.04下编译没问题, 有可能是gcc版本的问题, 暂时提个issue, 等我有空检查一下原因.

If there any other options for running container without "--privileged" flag?
Maybe add some options like --cap-add NET_ADMIN or --sysctl net.ipv4.ip_forward=1?

错误如下：
WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Sun Nov 11 13:23:33 2018
/bin/bash: Permission denied
Connection closing...Socket close.

Connection closed by foreign host.

Disconnected from remote host(新建会话) at 21:24:00.

Type `help' to learn how to use Xshell prompt.
后台VNC连接输入账号密码重启跳回登入界面

默认是上传到gdrive的根目录下，我尝试用功能更多一点的 https://github.com/odeke-em/drive ，来使备份文件统一存放在gdrive的自定义目录下，但是不知道为什么本地测试正常，在vps上drive的二进制运行有问题。

请问你还有后续计划添加“上传到gdrive指定目录”的功能吗？

里面的URL需要更新了

[root@VM-0-16-centos ~]# cat /etc/redhat-release;cat /proc/version;sysctl net.ipv4.tcp_available_congestion_control;sysctl net.ipv4.tcp_congestion_control;sysctl net.core.default_qdisc;lsmod | grep bbr
CentOS Linux release 7.6.1810 (Core)
Linux version 3.10.0-1062.18.1.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) ) #1 SMP Tue Mar 17 23:49:17 UTC 2020
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_congestion_control = cubic
net.core.default_qdisc = fq
[root@VM-0-16-centos ~]#

安装后输出为，bbr没有在运行

when I use your script on Ubuntu 16.04.2 LTS, I got the following error:

In file included from /root/l2tp/libreswan-3.19/programs/pluto/plutomain.c:103:0: /root/l2tp/libreswan-3.19/programs/pluto/pluto_sd.h:22:31: fatal error: systemd/sd-daemon.h: No such file or directory compilation terminated. ../../../mk/depend.mk:28: recipe for target 'plutomain.o' failed make[3]: *** [plutomain.o] Error 1 make[3]: Leaving directory '/root/l2tp/libreswan-3.19/OBJ.linux.x86_64/programs/pluto' Makefile:456: recipe for target 'local-base' failed make[2]: *** [local-base] Error 2 make[2]: Leaving directory '/root/l2tp/libreswan-3.19/programs/pluto' ../mk/targets.mk:82: recipe for target 'recursive-all' failed make[1]: *** [recursive-all] Error 2 make[1]: Leaving directory '/root/l2tp/libreswan-3.19/programs' mk/targets.mk:82: recipe for target 'recursive-all' failed make: *** [recursive-all] Error 2 libreswan-3.19 install failed.

by reading the log , I found that I need to install "libsystemd-dev" instead of " libsystemd-daemon-dev" on my system.

`root@VPS:~# apt install libsystemd-daemon-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package libsystemd-daemon-dev is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
libsystemd-dev:i386 libsystemd-dev

E: Package 'libsystemd-daemon-dev' has no installation candidate
root@VPS:~# apt install libsystemd-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libpam-systemd libsystemd0 systemd
Suggested packages:
systemd-ui systemd-container
The following NEW packages will be installed:
libsystemd-dev
The following packages will be upgraded:
libpam-systemd libsystemd0 systemd
3 upgraded, 1 newly installed, 0 to remove and 31 not upgraded.
Need to get 4,102 kB of archives.
After this operation, 630 kB of additional disk space will be used.
Do you want to continue? [Y/n] `

So, suggest to add "libsystemd-dev" to the command on line 297 and 299. thanks~~

by the way, your scripts are real cool !

运行脚本成功安装，并且可以连接外网，而且客户机之间可以ping通，经由网关192.168.2.1

在客户机1上traceroute 192.168.2.3（客户机2）：
192.168.2.2->192.168.2.1 //192.168.2.2 是客户机1
192.168.2.1->192.168.2.3 //192.168.2.3 是客户机2

但两客户机似乎不能发现对方，我怀疑是ARP报文出了问题。
抓包发现无ARP报文，清空缓存后也并未检测到ARP包。

可否给与提示如何解决这类问题。

因为只要 Linux 内核大于 4.9 就可以