From ac4c2b68d2594016338270e7da287999dab816dd Mon Sep 17 00:00:00 2001 From: Alexander Pankratov Date: Sat, 10 Aug 2024 02:24:51 +0200 Subject: [PATCH] Feat: add tls encryption for obfuscation --- init.sh | 3 ++- keys/server/antizapret-tcp.conf | 1 + keys/server/antizapret.conf | 1 + keys/templates/openvpn-tcp-unified.conf | 5 +++++ keys/templates/openvpn-udp-unified.conf | 5 +++++ rootfs/root/fix.sh | 5 +++-- rootfs/root/generate.sh | 8 +++++++- 7 files changed, 24 insertions(+), 4 deletions(-) diff --git a/init.sh b/init.sh index 3447d71..87ec081 100755 --- a/init.sh +++ b/init.sh @@ -2,7 +2,8 @@ echo "nameserver 1.1.1.1" >> /etc/resolv.conf -nohup bash -c "sleep 1 && cd /root/antizapret/ && ./process.sh && journalctl -f" & +start=$(date +%T) +nohup bash -c "sleep 1 && cd /root/antizapret/ && ./process.sh && journalctl -f --since=$start" & /root/generate.sh \ && exec /usr/sbin/init \ No newline at end of file diff --git a/keys/server/antizapret-tcp.conf b/keys/server/antizapret-tcp.conf index 90a1548..af5dca5 100644 --- a/keys/server/antizapret-tcp.conf +++ b/keys/server/antizapret-tcp.conf @@ -31,5 +31,6 @@ ca keys/ca.crt cert keys/antizapret-server.crt key keys/antizapret-server.key # This file should be kept secret dh keys/dh2048.pem +tls-crypt keys/antizapret-tls-crypt.key 0 data-ciphers "AES-128-GCM:AES-256-GCM" \ No newline at end of file diff --git a/keys/server/antizapret.conf b/keys/server/antizapret.conf index adc07d4..9997f41 100644 --- a/keys/server/antizapret.conf +++ b/keys/server/antizapret.conf @@ -32,5 +32,6 @@ ca keys/ca.crt cert keys/antizapret-server.crt key keys/antizapret-server.key # This file should be kept secret dh keys/dh2048.pem +tls-crypt keys/antizapret-tls-crypt.key 0 data-ciphers "AES-128-GCM:AES-256-GCM" \ No newline at end of file diff --git a/keys/templates/openvpn-tcp-unified.conf b/keys/templates/openvpn-tcp-unified.conf index c0af4c1..278a35a 100644 --- a/keys/templates/openvpn-tcp-unified.conf +++ b/keys/templates/openvpn-tcp-unified.conf @@ -34,6 +34,7 @@ client remote ${SERVER} remote-cert-tls server +key-direction 1 dev tun proto tcp @@ -60,3 +61,7 @@ ${CLIENT_CERT} ${CLIENT_KEY} + + +${CLIENT_TLS_CRYPT} + diff --git a/keys/templates/openvpn-udp-unified.conf b/keys/templates/openvpn-udp-unified.conf index 149f7ac..564675f 100644 --- a/keys/templates/openvpn-udp-unified.conf +++ b/keys/templates/openvpn-udp-unified.conf @@ -34,6 +34,7 @@ client remote ${SERVER} remote-cert-tls server +key-direction 1 dev tun proto udp @@ -61,3 +62,7 @@ ${CLIENT_CERT} ${CLIENT_KEY} + + +${CLIENT_TLS_CRYPT} + diff --git a/rootfs/root/fix.sh b/rootfs/root/fix.sh index fa1cd9b..ca6f2a6 100755 --- a/rootfs/root/fix.sh +++ b/rootfs/root/fix.sh @@ -37,7 +37,8 @@ ytimg.com ggpht.com googleusercontent.com googlevideo.com -google.com " >> /root/antizapret/config/include-hosts-dist.txt -sort --merge --unique /root/antizapret/config/include-hosts-dist.txt -o /root/antizapret/config/include-hosts-dist.txt +sed -i '/^[[:space:]]*$/d' /root/antizapret/config/include-hosts-dist.txt + +sort --unique /root/antizapret/config/include-hosts-dist.txt -o /root/antizapret/config/include-hosts-dist.txt diff --git a/rootfs/root/generate.sh b/rootfs/root/generate.sh index 3ce9fc1..690774f 100755 --- a/rootfs/root/generate.sh +++ b/rootfs/root/generate.sh @@ -36,7 +36,8 @@ load_key() { CA_CERT=$(grep -A 999 'BEGIN CERTIFICATE' -- "/etc/openvpn/server/keys/ca.crt") CLIENT_CERT=$(grep -A 999 'BEGIN CERTIFICATE' -- "/etc/openvpn/client/keys/antizapret-client.crt") CLIENT_KEY=$(cat -- "/etc/openvpn/client/keys/antizapret-client.key") - if [ ! "$CA_CERT" ] || [ ! "$CLIENT_CERT" ] || [ ! "$CLIENT_KEY" ] + CLIENT_TLS_CRYPT=$(grep -v '^#' -- "/etc/openvpn/server/keys/antizapret-tls-crypt.key") + if [ ! "$CA_CERT" ] || [ ! "$CLIENT_CERT" ] || [ ! "$CLIENT_KEY" ] || [ ! "$CLIENT_TLS_CRYPT" ] then echo "Can't load client keys!" exit 7 @@ -61,6 +62,11 @@ copy_keys() { } +if [[ ! -f /etc/openvpn/server/keys/antizapret-tls-crypt.key ]] +then + openvpn --genkey secret /etc/openvpn/server/keys/antizapret-tls-crypt.key +fi + if [[ ! -f /etc/openvpn/server/keys/ca.crt ]] || \ [[ ! -f /etc/openvpn/server/keys/antizapret-server.crt ]] || \ [[ ! -f /etc/openvpn/server/keys/antizapret-server.key ]] || \