Feat: add tls encryption for obfuscation

xtrime-ru · Aug 10, 2024 · ac4c2b6 · ac4c2b6
1 parent ea7702e
commit ac4c2b6
Show file tree

Hide file tree

Showing 7 changed files with 24 additions and 4 deletions.
diff --git a/init.sh b/init.sh
@@ -2,7 +2,8 @@
 
 echo "nameserver 1.1.1.1" >> /etc/resolv.conf
 
-nohup bash -c "sleep 1 && cd /root/antizapret/ && ./process.sh && journalctl -f" &
+start=$(date +%T)
+nohup bash -c "sleep 1 && cd /root/antizapret/ && ./process.sh && journalctl -f --since=$start" &
 
 /root/generate.sh \
 && exec /usr/sbin/init
diff --git a/keys/server/antizapret-tcp.conf b/keys/server/antizapret-tcp.conf
@@ -31,5 +31,6 @@ ca keys/ca.crt
 cert keys/antizapret-server.crt
 key keys/antizapret-server.key  # This file should be kept secret
 dh keys/dh2048.pem
+tls-crypt keys/antizapret-tls-crypt.key 0
 
 data-ciphers "AES-128-GCM:AES-256-GCM"
diff --git a/keys/server/antizapret.conf b/keys/server/antizapret.conf
@@ -32,5 +32,6 @@ ca keys/ca.crt
 cert keys/antizapret-server.crt
 key keys/antizapret-server.key  # This file should be kept secret
 dh keys/dh2048.pem
+tls-crypt keys/antizapret-tls-crypt.key 0
 
 data-ciphers "AES-128-GCM:AES-256-GCM"
diff --git a/keys/templates/openvpn-tcp-unified.conf b/keys/templates/openvpn-tcp-unified.conf
@@ -34,6 +34,7 @@ client
 remote ${SERVER}
 
 remote-cert-tls server
+key-direction 1
 
 dev tun
 proto tcp
@@ -60,3 +61,7 @@ ${CLIENT_CERT}
 <key>
 ${CLIENT_KEY}
 </key>
+
+<tls-crypt>
+${CLIENT_TLS_CRYPT}
+</tls-crypt>
diff --git a/keys/templates/openvpn-udp-unified.conf b/keys/templates/openvpn-udp-unified.conf
@@ -34,6 +34,7 @@ client
 remote ${SERVER}
 
 remote-cert-tls server
+key-direction 1
 
 dev tun
 proto udp
@@ -61,3 +62,7 @@ ${CLIENT_CERT}
 <key>
 ${CLIENT_KEY}
 </key>
+
+<tls-crypt>
+${CLIENT_TLS_CRYPT}
+</tls-crypt>
diff --git a/rootfs/root/fix.sh b/rootfs/root/fix.sh
@@ -37,7 +37,8 @@ ytimg.com
 ggpht.com
 googleusercontent.com
 googlevideo.com
-google.com
 " >> /root/antizapret/config/include-hosts-dist.txt
 
-sort --merge --unique /root/antizapret/config/include-hosts-dist.txt -o /root/antizapret/config/include-hosts-dist.txt
+sed -i '/^[[:space:]]*$/d' /root/antizapret/config/include-hosts-dist.txt
+
+sort --unique /root/antizapret/config/include-hosts-dist.txt -o /root/antizapret/config/include-hosts-dist.txt
diff --git a/rootfs/root/generate.sh b/rootfs/root/generate.sh
@@ -36,7 +36,8 @@ load_key() {
     CA_CERT=$(grep -A 999 'BEGIN CERTIFICATE' -- "/etc/openvpn/server/keys/ca.crt")
     CLIENT_CERT=$(grep -A 999 'BEGIN CERTIFICATE' -- "/etc/openvpn/client/keys/antizapret-client.crt")
     CLIENT_KEY=$(cat -- "/etc/openvpn/client/keys/antizapret-client.key")
-    if [ ! "$CA_CERT" ] || [ ! "$CLIENT_CERT" ] || [ ! "$CLIENT_KEY" ]
+    CLIENT_TLS_CRYPT=$(grep -v '^#' -- "/etc/openvpn/server/keys/antizapret-tls-crypt.key")
+    if [ ! "$CA_CERT" ] || [ ! "$CLIENT_CERT" ] || [ ! "$CLIENT_KEY" ] || [ ! "$CLIENT_TLS_CRYPT" ]
     then
             echo "Can't load client keys!"
             exit 7
@@ -61,6 +62,11 @@ copy_keys() {
 }
 
 
+if [[ ! -f  /etc/openvpn/server/keys/antizapret-tls-crypt.key ]]
+then
+	openvpn --genkey secret /etc/openvpn/server/keys/antizapret-tls-crypt.key
+fi
+
 if [[ ! -f /etc/openvpn/server/keys/ca.crt ]] || \
    [[ ! -f /etc/openvpn/server/keys/antizapret-server.crt ]] || \
    [[ ! -f  /etc/openvpn/server/keys/antizapret-server.key ]] || \