rebase commit

.gitattributes

@@ -0,0 +1,2 @@
+udpgw/badvpn-udpgw filter=lfs diff=lfs merge=lfs -text
+udp_custom/udp-custom filter=lfs diff=lfs merge=lfs -text

.github/workflows/sync-hf.yml

@@ -0,0 +1,18 @@
+name: Sync to Hugging Face space
+on:
+  push:
+  # to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  sync-to-space:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Push to Hugging Face Hub
+        env:
+          HF_TOKEN: ${{ secrets.HF_TOKEN }}
+        run: |
+          git push --force https://eikarna:[email protected]/spaces/eikarna/myvpnserver main:main

Dockerfile

@@ -0,0 +1,103 @@
+# ==================================================================================================
+# Dockerfile untuk VPN Server (UDP Custom, ZIVPN, BadVPN)
+# Target: Hugging Face Spaces
+# ==================================================================================================
+
+# Gunakan base image Ubuntu 22.04 dengan build tools, mirip dengan contoh
+FROM buildpack-deps:22.04-curl
+
+# Set variabel lingkungan
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Asia/Jakarta \
+    # Tentukan direktori kerja aplikasi
+    APP_HOME=/app
+
+# Buat direktori aplikasi
+WORKDIR ${APP_HOME}
+
+# Instal dependensi yang diperlukan untuk skrip jaringan dan server
+# - iptables: Untuk firewall dan NAT
+# - iproute2: Menyediakan command 'ip' untuk routing
+# - ethtool: Untuk optimasi network interface card (NIC)
+# - procps: Menyediakan 'pgrep', 'pkill' (berguna untuk debugging)
+# - taskset: Untuk mengikat proses ke core CPU (opsional, tapi ada di service asli)
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    iptables \
+    iproute2 \
+    ethtool \
+    procps \
+    util-linux \
+    && rm -rf /var/lib/apt/lists/*
+
+# Salin semua file dari proyek ke dalam direktori kerja di container
+COPY . .
+
+# Berikan izin eksekusi ke semua biner dan skrip yang relevan
+RUN chmod +x \
+    ${APP_HOME}/scripts/*.sh \
+    ${APP_HOME}/udpgw/badvpn-udpgw \
+    ${APP_HOME}/udp_custom/udp-custom \
+    ${APP_HOME}/zivpn/udp-zivpn-linux-amd64 \
+    ${APP_HOME}/start.sh
+
+# ==================================================================================================
+# Port Exposure
+# --------------------------------------------------------------------------------------------------
+# Port-port berikut diekspos berdasarkan aturan iptables di 'port-forward.sh'.
+# Karena Hugging Face Spaces mungkin memiliki batasan jumlah port,
+# Anda mungkin perlu menyesuaikan ini. Namun, untuk fungsionalitas penuh,
+
+# Port untuk UDP-Custom
+EXPOSE 3671/udp
+# Port untuk ZIVPN
+EXPOSE 5667/udp
+# Port untuk ZIVPN Legacy
+EXPOSE 5666/udp
+# Port untuk Prometheus Metrics dari ZIVPN
+EXPOSE 8080/tcp
+
+# Port Ranges (jika platform mendukung atau untuk penggunaan di luar HF Spaces)
+# Sebaiknya definisikan port utama di atas, dan jika memungkinkan, gunakan range.
+# Docker tidak secara teknis "mengekspos" range dengan cara ini, ini lebih untuk dokumentasi.
+# Aturan iptables di dalam kontainer yang akan menangani traffic ini.
+EXPOSE 1-5999/udp
+EXPOSE 6000-19999/udp
+EXPOSE 20000-65535/udp
+# ==================================================================================================
+
+
+# Tentukan entrypoint yang akan menjalankan skrip startup
+ENTRYPOINT ["/app/start.sh"]
+
+# ==================================================================================================
+# CATATAN PENTING UNTUK DEPLOYMENT (Hugging Face Spaces & Docker)
+# --------------------------------------------------------------------------------------------------
+# Untuk menjalankan kontainer ini dengan benar, Anda HARUS memberikan kapabilitas kernel
+# dan mengatur parameter sysctl.
+#
+# Contoh Perintah 'docker run':
+# docker run -d --name my-vpn-server \
+#   --cap-add=NET_ADMIN \
+#   --cap-add=SYS_NICE \
+#   --sysctl net.ipv4.ip_forward=1 \
+#   --sysctl net.core.rmem_max=16777216 \
+#   --sysctl net.core.wmem_max=16777216 \
+#   -p 8080:8080/tcp \
+#   -p 1000-5000:1000-5000/udp \
+#   <nama-image-anda>
+#
+# Di Hugging Face Spaces, Anda perlu mengkonfigurasi ini di `README.md` (metadata).
+# Contoh metadata di README.md:
+# ---
+# title: My VPN Server
+# emoji: 🚀
+# colorFrom: blue
+# colorTo: green
+# sdk: docker
+# app_port: 8080
+# docker_args: "--cap-add=NET_ADMIN --cap-add=SYS_NICE"
+# ---
+#
+# Catatan: Hugging Face Spaces mungkin tidak mendukung semua flag --sysctl.
+# Skrip start.sh mencoba mengaturnya, tetapi --cap-add=NET_ADMIN adalah yang paling krusial.
+# ==================================================================================================

Dockerfile-example

@@ -0,0 +1,93 @@
+FROM buildpack-deps:22.04-curl
+
+# Set arguments that will be populated by Hugging Face secrets
+ARG DB_TYPE
+ARG DB_POSTGRESDB_DATABASE
+ARG DB_POSTGRESDB_HOST
+ARG DB_POSTGRESDB_PORT
+ARG DB_POSTGRESDB_USER
+ARG DB_POSTGRESDB_PASSWORD
+
+
+# DB_TYPE Available option:
+# 'sqlite' | 'mariadb' | 'mysqldb' | 'postgresdb'
+
+# Set static and dynamic environment variables
+ENV DEBIAN_FRONTEND=noninteractive \
+    TZ=Asia/Jakarta \
+    N8N_PORT=7860 \
+    N8N_HOST=eikarna-n8n.hf.space \
+    WEBHOOK_URL=https://eikarna-n8n.hf.space \
+    USER=eikarna \
+    HOME=/home/eikarna \
+    # Set runtime environment variables from the build arguments
+    DB_TYPE=${DB_TYPE} \
+    DB_POSTGRESDB_DATABASE=${DB_POSTGRESDB_DATABASE} \
+    DB_POSTGRESDB_HOST=${DB_POSTGRESDB_HOST} \
+    DB_POSTGRESDB_PORT=${DB_POSTGRESDB_PORT} \
+    DB_POSTGRESDB_USER=${DB_POSTGRESDB_USER} \
+    DB_POSTGRESDB_PASSWORD=${DB_POSTGRESDB_PASSWORD} \
+    DB_POSTGRESDB_SSL_REJECT_UNAUTHORIZED=false \
+    N8N_ENCRYPTION_KEY=7124bcedb3c8d535c3dc99036a1a49c7bc3e33fb372e90c8e8a8c8311804bf0f \
+    # Recommended setting to avoid permission warnings
+    N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
+
+USER root
+
+RUN useradd -m -u 1000 ${USER}
+
+# Install dependencies with quiet flags to reduce build logs
+RUN apt-get -qq update && apt-get -qq install -y --no-install-recommends \
+    bash \
+    unzip \
+    git \
+    git-lfs \
+    curl \
+    sudo \
+    wget \
+    ffmpeg \
+    psmisc \
+    aria2 \
+    build-essential \
+    libnss3-dev \
+    libgdk-pixbuf2.0-dev \
+    libgtk-3-dev \
+    libxss-dev \
+    zlib1g-dev \
+    libncurses5-dev \
+    libssl-dev \
+    libreadline-dev \
+    libffi-dev \
+    libasound2 \
+    make \
+    libnss3 \
+    software-properties-common > /dev/null 2>&1 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Install Node.js and proxy with quiet flags
+RUN curl -sL https://deb.nodesource.com/setup_22.x | sudo -E bash - > /dev/null 2>&1 && \
+    apt-get -qq install -y nodejs > /dev/null 2>&1 && \
+    npm install -g configurable-http-proxy --silent
+
+# Install Python from source with output redirected to /dev/null to silence it
+RUN cd /tmp && \
+    wget -q https://www.python.org/ftp/python/3.10.12/Python-3.10.12.tgz && \
+    tar -xf Python-3.10.12.tgz && \
+    cd Python-3.10.12 && \
+    ./configure --enable-optimizations > /dev/null 2>&1 && \
+    make -j8 install > /dev/null 2>&1 && \
+    cd / && \
+    rm -rf /tmp/Python-3.10.12 /tmp/Python-3.10.12.tgz
+
+WORKDIR ${HOME}
+
+# Install n8n with silent flag
+RUN npm install n8n -g --silent
+# Create the .n8n directory and set permissions so n8n doesn't have to do it at runtime
+RUN mkdir -p ${HOME}/.n8n && chown -R ${USER}:${USER} ${HOME}
+
+USER ${USER}
+
+EXPOSE ${N8N_PORT}
+
+CMD ["n8n", "start"]

README.md

@@ -0,0 +1,13 @@
+---
+title: My VPN Server
+emoji: 🚀
+colorFrom: blue
+colorTo: green
+sdk: docker
+app_port: 7860
+docker_args: "--cap-add=NET_ADMIN --cap-add=SYS_NICE"
+---
+Mereka memanggil ku seorang pahlawan, karena aku menyelamatkan
+mereka dari kehancuran.
+
+Saturday, 12 July 2025

other/udp-tunnel.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Tunnel server auto-setup script service
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+LimitAS=infinity
+LimitRSS=infinity
+Type=simple
+User=root
+WorkingDirectory=/root/udp-custom/scripts
+# Tunda 5 detik setelah network-online.target terpenuhi
+ExecStartPre=/bin/sleep 5
+ExecStart=/bin/bash port-forward.sh
+
+[Install]
+WantedBy=default.target

scripts/generate-port.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Menghasilkan nomor port dari 6000 hingga 19999, dipisahkan dengan koma
+ports=$(seq -s, 6000 19999)
+
+# Menampilkan hasil
+echo $ports | termux-clipboard-set

scripts/manager.sh

@@ -0,0 +1,309 @@
+#!/bin/bash
+# firewall_manager.sh - Manajemen firewall rules terpadu dengan iptables, ufw, dan firewalld
+#
+# Fitur:
+#   - Validasi input yang lebih kompleks untuk aturan
+#   - Logging setiap aksi ke /var/log/firewall_manager.log
+#   - Integrasi dengan firewalld (jika aktif) secara langsung
+#
+# Usage:
+#   sudo ./firewall_manager.sh {start|stop|status|list|add-rule|del-rule|backup|restore}
+#
+# Contoh:
+#   sudo ./firewall_manager.sh start
+#   sudo ./firewall_manager.sh add-rule udp 1000:2000 9999
+
+set -euo pipefail
+LOG_FILE="/var/log/firewall_manager.log"
+
+# === Fungsi Logging ===
+log_msg() {
+    local level="$1"
+    shift
+    local message="$*"
+    local timestamp
+    timestamp=$(date +'%Y-%m-%d %H:%M:%S')
+    echo "${timestamp} [${level}] ${message}" | tee -a "${LOG_FILE}"
+}
+
+# === Fungsi Validasi ===
+validate_protocol() {
+    local protocol="$1"
+    if [[ "$protocol" != "udp" && "$protocol" != "tcp" ]]; then
+        log_msg "ERROR" "Protocol harus 'udp' atau 'tcp'. Diberikan: ${protocol}"
+        exit 1
+    fi
+}
+
+validate_port_range() {
+    local port_range="$1"
+    if ! [[ "$port_range" =~ ^[0-9]{1,5}(:[0-9]{1,5})?$ ]]; then
+        log_msg "ERROR" "Format port range tidak valid: ${port_range}"
+        exit 1
+    fi
+}
+
+validate_port() {
+    local port="$1"
+    if ! [[ "$port" =~ ^[0-9]{1,5}$ ]]; then
+        log_msg "ERROR" "Format port tidak valid: ${port}"
+        exit 1
+    fi
+    if (( port < 1 || port > 65535 )); then
+        log_msg "ERROR" "Port harus berada di antara 1 dan 65535: ${port}"
+        exit 1
+    fi
+}
+
+# === Fungsi Helper ===
+usage() {
+    cat << EOF
+Usage: $0 {start|stop|status|list|add-rule|del-rule|backup|restore}
+
+Commands:
+  start      : Enable IP forwarding dan pasang aturan default.
+               (Default: UDP CUSTOM (1:5999->3671) dan ZIVPN (6000:19999->5667) + aturan ufw dan firewalld jika aktif)
+  stop       : Flush aturan NAT dan disable IP forwarding.
+  status     : Tampilkan status IP forwarding dan aturan firewall saat ini.
+  list       : List aturan iptables (tabel NAT) dan status ufw.
+  add-rule   : Tambah aturan kustom.
+               Sintaks: $0 add-rule <protocol> <port_range> <destination_port>
+               Contoh: $0 add-rule udp 1000:2000 9999
+  del-rule   : Hapus aturan kustom.
+               Sintaks: $0 del-rule <chain> <protocol> <port_range> <destination_port>
+               Contoh: $0 del-rule PREROUTING udp 1000:2000 9999
+  backup     : Backup aturan iptables NAT ke file backup.
+  restore    : Restore aturan iptables NAT dari file backup.
+
+EOF
+    exit 1
+}
+
+check_root() {
+    if [ "$EUID" -ne 0 ]; then
+        echo "Jalankan script ini sebagai root." >&2
+        exit 1
+    fi
+}
+
+enable_ip_forwarding() {
+    log_msg "INFO" "Mengaktifkan IP forwarding"
+    sysctl -w net.ipv4.ip_forward=1 >/dev/null
+}
+
+disable_ip_forwarding() {
+    log_msg "INFO" "Menonaktifkan IP forwarding"
+    sysctl -w net.ipv4.ip_forward=0 >/dev/null
+}
+
+get_default_interface() {
+    local iface
+    iface=$(ip route | awk '/default/ {print $5; exit}')
+    echo "$iface"
+}
+
+is_firewalld_active() {
+    if systemctl is-active --quiet firewalld; then
+        return 0
+    else
+        return 1
+    fi
+}
+
+# === Integrasi Firewalld ===
+apply_firewalld_rule() {
+    local action="$1"  # add or remove
+    local rule="$2"
+    # Contoh penggunaan:
+    # firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 0 -i ${interface} -p udp --dport 1:7299 -j DNAT --to-destination :3671
+    firewall-cmd --permanent --direct --"${action}"-rule ipv4 nat PREROUTING 0 ${rule}
+}
+
+reload_firewalld() {
+    firewall-cmd --reload
+}
+
+# === Fungsi Aturan Default ===
+apply_default_rules() {
+    local interface
+    interface=$(get_default_interface)
+    if [[ -z "$interface" ]]; then
+        log_msg "ERROR" "Interface default tidak ditemukan."
+        exit 1
+    fi
+    log_msg "INFO" "Menggunakan interface: ${interface}"
+
+    ./port-forward.sh
+
+    # Udp Custom: izinkan port untuk Udp Custom
+    ufw allow 1:5999/udp && ufw allow 3671/udp
+    log_msg "INFO" "Aturan UFW diterapkan untuk port 1:5999/udp dan 3671/udp"
+
+    # UFW: izinkan port untuk ZIVPN
+    ufw allow 6000:19999/udp && ufw allow 5667/udp
+    log_msg "INFO" "Aturan UFW diterapkan untuk port 6000:19999/udp dan 5667/udp"
+
+    # Integrasi firewalld jika aktif
+    if is_firewalld_active; then
+        log_msg "INFO" "firewalld terdeteksi. Menerapkan aturan ke firewalld..."
+        # Aturan untuk UDP CUSTOM
+        apply_firewalld_rule "add" "-i ${interface} -p udp --dport 1:7299 -j DNAT --to-destination :3671"
+        # Aturan untuk ZIVPN
+        apply_firewalld_rule "add" "-i ${interface} -p udp --dport 6000:19999 -j DNAT --to-destination :5667"
+        reload_firewalld
+        log_msg "INFO" "Aturan firewalld diterapkan dan reload"
+    fi
+
+    log_msg "INFO" "Aturan default berhasil diterapkan."
+}
+
+flush_firewall_rules() {
+    log_msg "INFO" "Menghapus semua aturan di NAT table iptables..."
+    iptables -t nat -F
+    log_msg "INFO" "Aturan NAT table iptables telah dihapus."
+
+    # Integrasi firewalld: Hapus aturan default jika firewalld aktif
+    if is_firewalld_active; then
+        local interface
+        interface=$(get_default_interface)
+        log_msg "INFO" "Menghapus aturan firewalld..."
+        apply_firewalld_rule "remove" "-i ${interface} -p udp --dport 1:7299 -j DNAT --to-destination :3671"
+        apply_firewalld_rule "remove" "-i ${interface} -p udp --dport 6000:19999 -j DNAT --to-destination :5667"
+        reload_firewalld
+        log_msg "INFO" "Aturan firewalld default dihapus."
+    fi
+}
+
+list_firewall_rules() {
+    echo "Aturan iptables (NAT table):"
+    iptables -t nat -L -n -v
+    echo
+    echo "Status UFW:"
+    ufw status verbose
+}
+
+backup_firewall_rules() {
+    local backup_file="/root/iptables_nat_backup_$(date +%F).txt"
+    iptables-save -t nat > "${backup_file}"
+    log_msg "INFO" "Backup aturan NAT table iptables telah disimpan ke ${backup_file}"
+}
+
+restore_firewall_rules() {
+    local backup_file="/root/iptables_nat_backup_$(date +%F).txt"
+    if [ ! -f "${backup_file}" ]; then
+        log_msg "ERROR" "File backup ${backup_file} tidak ditemukan."
+        exit 1
+    fi
+    iptables-restore < "${backup_file}"
+    log_msg "INFO" "Aturan NAT table iptables direstore dari ${backup_file}"
+}
+
+add_custom_rule() {
+    # Ekspektasi: protocol, port_range, destination_port
+    if [ $# -ne 3 ]; then
+        echo "Usage: $0 add-rule <protocol> <port_range> <destination_port>"
+        exit 1
+    fi
+    local protocol="$1"
+    local port_range="$2"
+    local dest_port="$3"
+
+    validate_protocol "${protocol}"
+    validate_port_range "${port_range}"
+    validate_port "${dest_port}"
+
+    local interface
+    interface=$(get_default_interface)
+    if [[ -z "$interface" ]]; then
+        log_msg "ERROR" "Interface default tidak ditemukan."
+        exit 1
+    fi
+
+    iptables -t nat -A PREROUTING -i "${interface}" -p "${protocol}" --dport "${port_range}" -j DNAT --to-destination :${dest_port}
+    log_msg "INFO" "Aturan kustom iptables ditambahkan: ${protocol} ${port_range} -> ${dest_port} pada interface ${interface}"
+
+    # Integrasi firewalld jika aktif
+    if is_firewalld_active; then
+        apply_firewalld_rule "add" "-i ${interface} -p ${protocol} --dport ${port_range} -j DNAT --to-destination :${dest_port}"
+        reload_firewalld
+        log_msg "INFO" "Aturan kustom firewalld ditambahkan: ${protocol} ${port_range} -> ${dest_port}"
+    fi
+}
+
+delete_custom_rule() {
+    # Ekspektasi: chain, protocol, port_range, destination_port
+    if [ $# -ne 4 ]; then
+        echo "Usage: $0 del-rule <chain> <protocol> <port_range> <destination_port>"
+        exit 1
+    fi
+    local chain="$1"
+    local protocol="$2"
+    local port_range="$3"
+    local dest_port="$4"
+
+    validate_protocol "${protocol}"
+    validate_port_range "${port_range}"
+    validate_port "${dest_port}"
+
+    local interface
+    interface=$(get_default_interface)
+    if [[ -z "$interface" ]]; then
+        log_msg "ERROR" "Interface default tidak ditemukan."
+        exit 1
+    fi
+
+    iptables -t nat -D "${chain}" -i "${interface}" -p "${protocol}" --dport "${port_range}" -j DNAT --to-destination :${dest_port}
+    log_msg "INFO" "Aturan kustom iptables dihapus: ${chain} ${protocol} ${port_range} -> ${dest_port}"
+
+    # Integrasi firewalld jika aktif
+    if is_firewalld_active; then
+        apply_firewalld_rule "remove" "-i ${interface} -p ${protocol} --dport ${port_range} -j DNAT --to-destination :${dest_port}"
+        reload_firewalld
+        log_msg "INFO" "Aturan kustom firewalld dihapus: ${chain} ${protocol} ${port_range} -> ${dest_port}"
+    fi
+}
+
+# === Main Program ===
+check_root
+
+if [ $# -eq 0 ]; then
+    usage
+fi
+
+COMMAND=$1
+shift
+
+case "${COMMAND}" in
+    start)
+        enable_ip_forwarding
+        apply_default_rules
+        ;;
+    stop)
+        flush_firewall_rules
+        disable_ip_forwarding
+        ;;
+    status)
+        echo "Status IP forwarding:"
+        sysctl net.ipv4.ip_forward
+        echo
+        list_firewall_rules
+        ;;
+    list)
+        list_firewall_rules
+        ;;
+    add-rule)
+        add_custom_rule "$@"
+        ;;
+    del-rule)
+        delete_custom_rule "$@"
+        ;;
+    backup)
+        backup_firewall_rules
+        ;;
+    restore)
+        restore_firewall_rules
+        ;;
+    *)
+        usage
+        ;;
+esac

scripts/optimize.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Optimasi buffer jaringan
+echo "Mengatur buffer jaringan..."
+sysctl -w net.core.rmem_max=16777216  # Maximum receive buffer
+sysctl -w net.core.wmem_max=16777216  # Maximum send buffer
+sysctl -w net.ipv4.udp_rmem_min=8192  # Minimum UDP receive buffer
+sysctl -w net.ipv4.udp_wmem_min=8192  # Minimum UDP send buffer
+
+# Mengatur backlog queue untuk UDP
+echo "Mengatur backlog queue..."
+sysctl -w net.core.netdev_max_backlog=5000  # Buffering pada NIC
+
+# Mengatur MTU (Maximum Transmission Unit)
+echo "Mengatur MTU untuk menghindari fragmentasi..."
+ip link set dev eth0 mtu 9000  # Sesuaikan dengan interface yang digunakan
+
+# Mengoptimalkan penggunaan TCP dan UDP buffers
+sysctl -w net.ipv4.tcp_rmem="4096 87380 16777216"  # Buffer TCP untuk receive
+sysctl -w net.ipv4.tcp_wmem="4096 65536 16777216"  # Buffer TCP untuk send
+
+# Meningkatkan performa interrupt handling
+echo "Meningkatkan performa interrupt handling..."
+sysctl -w net.core.somaxconn=65535  # Meningkatkan kapasitas koneksi maksimal
+
+# Mengaktifkan TCP offloading jika mendukung hardware
+ethtool -K eth0 tso on  # Ganti eth0 dengan interface yang sesuai
+ethtool -K eth0 gro on  # Ganti eth0 dengan interface yang sesuai
+
+# Mengoptimalkan parameter system lainnya untuk latensi rendah
+sysctl -w vm.swappiness=1  # Kurangi swap dan prioritaskan RAM
+sysctl -w net.ipv4.tcp_fin_timeout=10  # Mempercepat penutupan koneksi TCP yang lama
+sysctl -w net.ipv4.tcp_keepalive_time=60  # Percepat waktu keepalive
+
+# Menerapkan konfigurasi
+sysctl -p
+
+# Mengatur prioritas untuk proses tunneling
+# Atur agar aplikasi server tunneling berjalan dengan prioritas tinggi
+renice -n -10 -p $(pgrep udp-custom)  # Ganti dengan PID server UDP
+renice -n -10 -p $(pgrep badvpn-udpgw)  # Ganti dengan PID Server BadVPN
+renice -n -10 -p $(pgrep zivpn)  # Ganti dengan PID Server ZIVPN

scripts/port-forward-universal.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Pastikan dijalankan sebagai root
+if [ "$(id -u)" -ne 0 ]; then
+  echo "Skrip ini harus dijalankan sebagai root. Coba 'su -c \"$0\"'."
+  exit 1
+fi
+
+# Flush aturan lama untuk memulai dari awal
+iptables -F
+iptables -t nat -F
+
+# Set policy default
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+
+# Aktifkan IP forwarding (penting untuk beberapa skenario)
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+# Deteksi interface utama yang aktif
+interface=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
+
+# =================================================================
+# ATURAN UNTUK TRAFFIC DARI LUAR (INTERNET -> SERVER ANDROID)
+# Menggunakan chain PREROUTING
+# =================================================================
+echo "Menerapkan aturan untuk traffic dari LUAR (PREROUTING)..."
+# ZIVPN: Port 6000-19999 -> 5667
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 6000:19999 -j DNAT --to-destination :5667
+
+# Aturan lain jika diperlukan (contoh dari skrip asli Anda)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 1:5999 -j DNAT --to-destination :3671
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 20000:65535 -j DNAT --to-destination :5666
+
+
+# =================================================================
+# ATURAN UNTUK TRAFFIC DARI DALAM (CLIENT ANDROID -> SERVER ANDROID)
+# Menggunakan chain OUTPUT
+# =================================================================
+echo "Menerapkan aturan untuk traffic dari DALAM (OUTPUT)..."
+# ZIVPN: Port 6000-19999 -> 5667
+iptables -t nat -A OUTPUT -p udp --dport 6000:19999 -j DNAT --to-destination :5667
+
+# Aturan lain jika diperlukan (harus sama dengan yang di PREROUTING)
+iptables -t nat -A OUTPUT -p udp --dport 1:5999 -j DNAT --to-destination :3671
+iptables -t nat -A OUTPUT -p udp --dport 20000:65535 -j DNAT --to-destination :5666
+
+
+echo "Aturan iptables universal telah berhasil diterapkan."
+
+# Jalankan skrip optimasi jika ada
+if [ -f "optimize.sh" ]; then
+    bash optimize.sh
+fi

scripts/port-forward.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# Get the directory where the script is located
+SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &> /dev/null && pwd)
+PROJECT_ROOT=$(cd -- "$SCRIPT_DIR/.." &> /dev/null && pwd)
+
+# Path to the ZIVPN binary
+ZIVPN_BINARY="$PROJECT_ROOT/zivpn/udp-zivpn-linux-amd64"
+ZIVPN_URL="https://github.com/zahidbd2/udp-zivpn/releases/download/udp-zivpn_1.4.9/udp-zivpn-linux-amd64"
+ZIVPN_DIR=$(dirname "$ZIVPN_BINARY")
+
+# Check if the ZIVPN binary exists, and download if it does not
+if [ ! -f "$ZIVPN_BINARY" ]; then
+    echo "ZIVPN binary not found. Downloading..."
+    # Ensure the directory exists
+    mkdir -p "$ZIVPN_DIR"
+    # Download the binary using wget or curl
+    if command -v wget >/dev/null 2>&1; then
+        wget -O "$ZIVPN_BINARY" "$ZIVPN_URL"
+    elif command -v curl >/dev/null 2>&1; then
+        curl -L -o "$ZIVPN_BINARY" "$ZIVPN_URL"
+    else
+        echo "Error: Neither wget nor curl is available to download the ZIVPN binary."
+        exit 1
+    fi
+    # Make the binary executable
+    if [ -f "$ZIVPN_BINARY" ]; then
+        chmod +x "$ZIVPN_BINARY"
+        echo "ZIVPN binary downloaded and made executable."
+    else
+        echo "Error: Failed to download ZIVPN binary."
+        exit 1
+    fi
+else
+    echo "ZIVPN binary already exists. Skipping download."
+fi
+
+# Flush all
+iptables -F
+iptables -t nat -F
+
+# Set policy default untuk masing-masing chain
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+
+# Pastikan IP forwarding diaktifkan
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+interface=$(ip -4 route ls|grep default|grep -Po '(?<=dev )(\S+)'|head -1)
+
+# Tambahkan rule untuk mengizinkan paket UDP dengan destination port 50000 pada chain INPUT
+iptables -A INPUT -p udp --dport 3671 -j ACCEPT
+
+# UDP CUSTOM: Tambahkan aturan iptables untuk melakukan port forwarding UDP ke port 3671
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 1:21 -j DNAT --to-destination :3671 # 22: (SSH Port)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 23:52 -j DNAT --to-destination :3671 # 53: (DNS Port)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 54:3670 -j DNAT --to-destination :3671 # 3671: (Itself/UDP CUSTOM)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 3672:5665 -j DNAT --to-destination :3671 # 5666 & 5667: (UDP ZIVPN)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 5668:5999 -j DNAT --to-destination :3671
+
+# ZIVPN: Tambahkan aturan iptables untuk melakukan port forwarding UDP ke port 5667
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 6000:7299 -j DNAT --to-destination :5667 # 7300: (BadVPN UDPGW)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 7301:19131 -j DNAT --to-destination :5667 # 19132: (Minecraft Server)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 19133:19999 -j DNAT --to-destination :5667 # End
+
+# ZIVPN Legacy (Old): Tambahkan aturan iptables untuk melakukan port forwarding UDP ke port 5666
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 20000:25564 -j DNAT --to-destination :5666 # 25565: (Minecraft Server)
+iptables -t nat -A PREROUTING -i ${interface} -p udp --dport 25566:65535 -j DNAT --to-destination :5666 # End
+
+
+# Chain
+bash optimize.sh

setup.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -euo pipefail
+
+currentDir=`pwd`
+
+echo "Force linking all *.service files to /etc/systemd/system"
+ln -sf $currentDir/*/**.service /etc/systemd/system
+echo "Reloading systemctl daemon.."
+systemctl daemon-reload
+echo "Enabling service.."
+systemctl enable --now $(find $currentDir -type f -name "*.service" -print0 | xargs -0 -n1 -P8 basename)
+# reboot

start.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+set -m
+
+echo "=== Memulai Konfigurasi Server VPN ==="
+
+# 1. Mengaktifkan IP Forwarding & Optimasi Kernel (sysctl)
+# Opsi ini sebaiknya diatur saat menjalankan kontainer dengan flag --sysctl
+# Namun, kita tetap menjalankannya di sini untuk memastikan.
+echo "Mengaktifkan IP forwarding dan optimasi kernel..."
+sysctl -w net.ipv4.ip_forward=1
+sysctl -w net.core.rmem_max=16777216
+sysctl -w net.core.wmem_max=16777216
+sysctl -w net.core.netdev_max_backlog=5000
+sysctl -w net.core.somaxconn=65535
+sysctl -w vm.swappiness=1
+# Nonaktifkan pesan error jika file tidak ada
+sysctl -w -e net.ipv4.tcp_fin_timeout=10
+sysctl -w -e net.ipv4.tcp_keepalive_time=60
+
+# 2. Menemukan interface jaringan utama
+INTERFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
+if [ -z "$INTERFACE" ]; then
+    echo "ERROR: Tidak dapat menemukan interface jaringan default. Menggunakan 'eth0'."
+    INTERFACE="eth0"
+fi
+echo "Menggunakan interface: $INTERFACE"
+
+# 3. Mengatur MTU & Offloading
+# Memerlukan ethtool
+echo "Mengatur MTU dan offloading pada interface $INTERFACE..."
+ip link set dev "$INTERFACE" mtu 9000
+ethtool -K "$INTERFACE" tso on gso on gro on || echo "Peringatan: ethtool tidak dapat mengatur offloading."
+
+# 4. Mengatur Aturan Firewall (iptables)
+echo "Membersihkan aturan iptables sebelumnya..."
+iptables -F
+iptables -t nat -F
+
+echo "Menerapkan aturan port forwarding..."
+# UDP CUSTOM -> :3671
+iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 1:5999 -j DNAT --to-destination :3671
+# ZIVPN -> :5667
+iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 6000:19999 -j DNAT --to-destination :5667
+# ZIVPN Legacy -> :5666 (Asumsi port ini masih diperlukan)
+iptables -t nat -A PREROUTING -i "$INTERFACE" -p udp --dport 20000:65535 -j DNAT --to-destination :5666
+
+echo "Aturan iptables berhasil diterapkan."
+iptables -t nat -L -n
+
+# 5. Menjalankan Layanan VPN di Background
+
+# badvpn-udpgw
+echo "Menjalankan badvpn-udpgw..."
+cd /app/udpgw
+./badvpn-udpgw --listen-addr 127.0.0.1:7300 --udp-mtu 9000 &
+BADVPN_PID=$!
+
+# udp-custom
+echo "Menjalankan udp-custom..."
+cd /app/udp_custom
+./udp-custom server &
+UDP_CUSTOM_PID=$!
+
+# zivpn
+echo "Menjalankan zivpn..."
+cd /app/zivpn
+./udp-zivpn-linux-amd64 server -c config.json &
+ZIVPN_PID=$!
+
+echo "=== Semua layanan telah dimulai ==="
+echo "PID: badvpn=$BADVPN_PID, udp-custom=$UDP_CUSTOM_PID, zivpn=$ZIVPN_PID"
+
+# 6. Tunggu sinyal keluar dan bersihkan
+trap "echo 'Menutup layanan...'; kill $BADVPN_PID $UDP_CUSTOM_PID $ZIVPN_PID; exit 0" SIGINT SIGTERM
+
+# Tunggu semua proses background selesai
+# fg %1 akan membawa proses pertama ke foreground, menjaga kontainer tetap berjalan
+# dan memungkinkan trap untuk menangani sinyal dengan benar.
+wait $BADVPN_PID
+wait $UDP_CUSTOM_PID
+wait $ZIVPN_PID

udp_custom/config.json

@@ -0,0 +1,8 @@
+{
+  "listen": ":3671",
+  "stream_buffer": 16777216,
+  "receive_buffer": 33554432,
+  "auth": {
+    "mode": "passwords"
+  }
+}

udp_custom/udp-custom

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a1b5584c7947feb5a02e847e09795751024f63ce7137a353c2b9c2a4282d636
+size 4782592

udp_custom/udp-custom-config.json

@@ -0,0 +1,8 @@
+{
+  "listen": ":3671",
+  "stream_buffer": 16777216,
+  "receive_buffer": 33554432,
+  "auth": {
+    "mode": "passwords"
+  }
+}

udp_custom/udp-custom.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=UDP Custom by ePro Dev. Team
+
+[Service]
+LimitAS=infinity
+LimitRSS=infinity
+User=root
+Type=simple
+ExecStart=/usr/bin/taskset -c 0 /root/udp-custom/udp_custom/udp-custom server
+WorkingDirectory=/root/udp-custom/udp_custom
+Restart=always
+RestartSec=2s
+
+[Install]
+WantedBy=default.target

udpgw/badvpn-udpgw

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b6fb43cec26a890b821cd00668b36d9d967edbf936259b0deae7971c9db9074e
+size 508160

udpgw/badvpn.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=UDP forwarding for badvpn-tun2socks
+After=nss-lookup.target
+
+[Service]
+LimitAS=infinity
+LimitRSS=infinity
+Restart=always
+Type=simple
+ExecStart=/usr/bin/taskset -c 0 /root/udp-custom/udpgw/badvpn-udpgw --loglevel 0 --channel-loglevel 0 --listen-addr 127.0.0.1:7300 --udp-mtu 9000
+WorkingDirectory=/root/udp-custom/udpgw
+RestartSec=2s
+
+[Install]
+WantedBy=multi-user.target

zivpn/config.json

@@ -0,0 +1,16 @@
+{
+  "listen": ":5667",
+  "cert": "zivpn.crt",
+  "key": "zivpn.key",
+  "obfs": "",
+  "up_mbps": 100,
+  "down_mbps": 250,
+  "max_conn_client": 65535,
+  "disable_mtu_discovery": true,
+  "recv_window_conn": 1024576000,
+  "recv_window_client": 262144000,
+  "auth": {
+   "mode": "passwords",
+   "config": ["1"]
+  }
+}

zivpn/zivpn-config.json

@@ -0,0 +1,17 @@
+{
+  "listen": ":5667",
+  "cert": "zivpn/zivpn.crt",
+  "key": "zivpn/zivpn.key",
+  "obfs": "",
+  "up_mbps": 100,
+  "down_mbps": 250,
+  "promotheus_listen": ":8080",
+  "max_conn_client": 65535,
+  "disable_mtu_discovery": true,
+  "recv_window_conn": 1024576000,
+  "recv_window_client": 262144000,
+  "auth": {
+   "mode": "passwords",
+   "config": ["adn123"]
+  }
+}

zivpn/zivpn.crt

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFbTCCA1WgAwIBAgIUeyn1GnfQIX62bg2MwoKJJIdwp6UwDQYJKoZIhvcNAQEL
+BQAwRjELMAkGA1UEBhMCSUQxEzARBgNVBAgMCkphd2EgQmFyYXQxDjAMBgNVBAcM
+BUJvZ29yMRIwEAYDVQQKDAlOaXhpYSBMdGQwHhcNMjUwNDE3MTE1NjE2WhcNMjYw
+NDE3MTE1NjE2WjBGMQswCQYDVQQGEwJJRDETMBEGA1UECAwKSmF3YSBCYXJhdDEO
+MAwGA1UEBwwFQm9nb3IxEjAQBgNVBAoMCU5peGlhIEx0ZDCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBAL2500orXFhVM1cTATC42FCHrQ1h7F6lZmtjFoQy
+7aKa/eTpG47wc2kFgI+VrQTSoVss4ICX4HRDEk16Q8alOsVVcv5agmIRwOGy7dhP
+vl+YL3FQL/LC0cu0+T5C5P9U3W2Zkib0Gj4RNzygbCia+RdlwalqsFqT8oQhapZK
+HEn+vKh6rC04z3C55Gyx9vcD2cld5G1o1mH/o7ShdVSdfjvp3EFQLqnJk6Q8SUWN
+U75JVcbujbBW7Bu8GfHfDKGs0gXUEEdjr+c8Sv6RaETqHiyL/lQXMzZyzD1TGcgX
+j01897yRawXMUjISMVIui+r5imXhYAj3292UNj6Bx5SyjP2kuWvLcb6firddCpZx
+kqdMYMuXves+kD1iKrZoilWdl/ltdlQGBOm5Oi0PpEl3cFUFw4462K1H4+Usops7
+yyhHsPqWOojQreDH+bzr3bbi23LjB2m+suFYprFe7Ix516BFk8qGmxLy9dzL+JiI
+OZlCXydIUIo3p/8g0X0wd5LbVqOlS2u2D3zCSbE6fxf3e7+YmmHWF59fuYQHyIJF
+LNVMEi/6pttDZ5DUAN/KiwXC7LPsgEAr3nkbt3+lrvcjvxNZdGeL6E+XOca1rEtv
+j4uYUiDkgS5tk0ywIig2/a/X0RIamXTq4V0HXabxIvdlv8vrEtzI6y6FM7X6VQ+X
++SypAgMBAAGjUzBRMB0GA1UdDgQWBBTCwu0sQnkRqSEfPcGefniTdmVfiDAfBgNV
+HSMEGDAWgBTCwu0sQnkRqSEfPcGefniTdmVfiDAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4ICAQB1BCsdH6mtMjjZww8HKnFSF5Bhi9z4dUHkgxaicjQN
+dhcUfTaJsvrp89AJifjD8qURJXlUWu2SCTeS6xf1uOippukop7xsOA1TuePgs++L
+dziYMAmBXBzYjERN2wanhQuyv8TTEYP9qFDBZrKdy5h+DggsSEeUekTg3NwCHezL
+FsXLlTG+vWFF+dmHHFJpFCvPAVaw+Ixhj76gSTC04RFqw1HManPG4u3ROujCOVRV
+/N7e7WaTQokK0ViH0RhzeSadXrBLFDFCpRWKnvO2Ogne8l9nZS7Sx+Xp/yoqXGvv
+1sWk7SM2V+cnbzfOsPdsSrF4UjF7KGZ51qNnpwWrBqedHG7fh+KlzT7o1sKA8FMe
+cK6VKVwxxI154gxcvY4EigM7iRkfumYnWvNMoSoU3UPsDA+czqucswjiT6QMhBWV
+MPSEZAYRydlfH23fUu0U2XSEiq49iCWYxK9LjO86G6RBuCepg+/8svS52FJtXepx
+w0PdiT5+GdXY21P+7vkAoCjZ1poGoKIMh+HK30GH+46xd22j+NnwMlJMUN5Hz5nQ
+QCeafyMwUq7qC38+4jC3J5rh8lsDAaVowuUzXf4hA2o4n1DP0cjpngZhB55s9Gak
+StyPdWX9AT47IRKsaTkV/SPD6SXbfkaD3T8YcoFn1rVrDV3yY5wh7Rr4WGtHSUzP
+5A==
+-----END CERTIFICATE-----

zivpn/zivpn.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC9udNKK1xYVTNX
+EwEwuNhQh60NYexepWZrYxaEMu2imv3k6RuO8HNpBYCPla0E0qFbLOCAl+B0QxJN
+ekPGpTrFVXL+WoJiEcDhsu3YT75fmC9xUC/ywtHLtPk+QuT/VN1tmZIm9Bo+ETc8
+oGwomvkXZcGparBak/KEIWqWShxJ/ryoeqwtOM9wueRssfb3A9nJXeRtaNZh/6O0
+oXVUnX476dxBUC6pyZOkPElFjVO+SVXG7o2wVuwbvBnx3wyhrNIF1BBHY6/nPEr+
+kWhE6h4si/5UFzM2csw9UxnIF49NfPe8kWsFzFIyEjFSLovq+Ypl4WAI99vdlDY+
+gceUsoz9pLlry3G+n4q3XQqWcZKnTGDLl73rPpA9Yiq2aIpVnZf5bXZUBgTpuTot
+D6RJd3BVBcOOOtitR+PlLKKbO8soR7D6ljqI0K3gx/m869224tty4wdpvrLhWKax
+XuyMedegRZPKhpsS8vXcy/iYiDmZQl8nSFCKN6f/INF9MHeS21ajpUtrtg98wkmx
+On8X93u/mJph1hefX7mEB8iCRSzVTBIv+qbbQ2eQ1ADfyosFwuyz7IBAK955G7d/
+pa73I78TWXRni+hPlznGtaxLb4+LmFIg5IEubZNMsCIoNv2v19ESGpl06uFdB12m
+8SL3Zb/L6xLcyOsuhTO1+lUPl/ksqQIDAQABAoICAAfNpk6VJPmvG2r36aMe3yrE
+wc3cmrOz2tgM3ca3L4XyGQI6wjrpUd3eb5C4R8L8hM1ytZMkbANsJMsR/cqkThwC
+rTWf9F/jOgsuaFDuyrY01LK06RvzflyCB4RTjQahb3AMEnJOtOubmqmAMaKj6R3Y
+vhPhQvqevilIFJG035/9fbXyQbWkcgfBZY9A7JbxThpVpckIOFUUhh+uSlyeE6yU
+LE51ZU3vcAafwiW9r9WSP5hshGBd2t0zKeAEXAkkSgkaVUcSZxA8Lxt0UJURCges
+BFxiDeWt6A+XpOZRbb/ypV/YnU3CPxk3HVczeebCt7oEAIat5xmgeHCuts47X8gW
+xMu8fpLBHM3x8O8QRlwahNr189p/lYvvAO7EAquhxoBzU+P4xmf7j8hM92OKCskU
+OxcQAk6jhOEVBqRXvkplm2qxpwUM/ksJGLsnvhiGJg+azl4ssClwWzwe8PnG/Ycd
+VDJUpskHO9LrxQqBv0Zx9TnXa+jQ5C78ovX+3qawi+Nw1EfzlmDZyny5TbKK40Q+
+nwjuGeFPAZFJDESK8oqkLc/KUd/yftq1R0TtP/5N7PXXk3XvTAjB67Gd1FUj0rVk
+LJmo81mvCiwnmcNaDtlBJGuz41QldxYC81SkSefUc+8i7ZkYWzm1au264DG8k9IP
+EHejPqxIktEqTNDXsP4fAoIBAQDjAlfr1eSI5pBg/1qDdY7wm144TjY5lMXD+J+T
+VRR/DVTFZksPYc51J9rePAnmEzwp/INE5pKTVvQQovs/IPuV/mkseWBwTd+33hKd
+E6dX67OiFcFVQarxkIGvRE/pHE0gWyN/7IFrkL2MxQCXS8gl0njS5PF8uQVx/KaO
+VuChR4zi7YLmDhs8CSy6muSwnonIZRXZbefl26SP7YNh17mXmBaTSpaRT0AN62iY
+I8UF+0ZMRgP2ixtUk52LEVZRnTZ0hPgKN75Lz4nVs990FxKCRRs6AItCg2w2JLp1
+7ZD+uuzzHDcHmbZDSDDnmjsYMphth5PBHH5KW0bYmXnJNfnrAoIBAQDV9JJ+FunW
+GfYAqV0moUMDTsKhIL3bngMUyEN5wUdYXhRQRm0YyqNptAaeRqCW44UgVP/vNwpv
+E3Ys+jlU+iDtW7voMN/Q1ocgwCJ/rTYH9eVyDDRlnIIYMeurLywvi5dBNXSoRIOQ
+6AcdZQxZzMug4NjBU9StWjYmgKHYJ0qLfa+xWHgjsV86nw/YUZ+6Xpk2nDH/uFnk
+DvJDC5z/b71gMVpOLUdeA+CAwXFCXcxC4KPaId+h7irUQEbSG82J0xwcKbeiQ7cz
+BUNOnzL3y4t22/u2RrNVTZBpJbBFf5uPpbBBZQV6Zi3aAnPS7ok6pYBVpyQEsPWJ
+bReCCYtoTVq7AoIBAQC6jTV1kFvziQ5DN/XJLHWgEv4V5Wg4X6M6DfoNWJC0bF8q
+rYqnhGfm7S63DL3RviLmGiZCG/1+aam+dkFkupUlyWHi84gmIkjkT/IZ9YnC/eas
+H5a2mnWBeJCqWMgWuHRFT8BXoyMkI1kx8r8ulk9PjaxPG2e8aEwqRUcWmByXTTZh
+UnAM4LDO4HdKjnm7Dz4JWdDf0qsMwTh2MuiSInbZNlnvBw+/MFJiXf+hb1u9M6as
+jak6FU0Lbxe7ri6yeTDEBnXT58VRhacu4FeUjlVeiq36N3I54ciuofY9bVKHk1Of
+4aLzcwVOO2g9HAjONN4AvLbWrrS2JFaPL2jeyqWrAoIBAQCi0jbRgfp+Fs+hfUII
+bdyjncJ8AIC7qypJHIZNGAuFckMfPBk2Lq/hd0E6HiGD8q2TB1yl3UsxcKwUWnBa
+/Ocl+xOrBdauBTRcdhtK8rQVpsnv2t3dHhfa9dKVOZb0r9RxqY6Xp1xAYHNZqVaW
+2EV2ruYFahiFvAtNjcKcznnqYcHcwqja8Na5s+bJBoT5vZf3eTKLmu29oqo235Wg
+xpZlp+lDaS3QnD6zfYMFsIALvQy0qeaYQrmRQUEkEEiAxIm13QGEmOfICg9Iu9p7
+vQjrcUnDU1aSai6l9iqJGS13Se4yNgDPPwdRy1/9e84vNVfO1x2P/GM/LCghq8XN
+oGCVAoIBAQDR/QNa5/1TXzOzOtuiHA5eMRyb3BjDDJE1zDiNlg/lBmz+VC2Ljdji
+yjvknWeIeHof+vLL2C5mXHvpLQFgLIbm7Daq9TZVtc/aSu5EDI3eytgKEC94FfNe
+KDi0rwk17HYtp/Iqs0FcODsl0RQsWKGXHocMfXgtPMa0D1cgKRCOzbVySSH6fWiR
+TCDpyLVeZO5oyAqSpvDZveeGOkRfMB2FKkydorLvcbQi+lcTmUuW8PtSWktS97Te
+PmCykgqayJjuYnVNc+YWd9ER6X7P9945dFgiOLMkBOHeU6jcAvrD9cJcMbKYt++A
+fOSL8C4UCwtv5QpYQVz5lxafJrc29PON
+-----END PRIVATE KEY-----

zivpn/zivpn.service

@@ -0,0 +1,20 @@
+[Unit]
+Description=zivpn VPN Server
+After=network.target
+
+[Service]
+LimitAS=infinity
+LimitRSS=infinity
+Type=simple
+User=root
+WorkingDirectory=/root/udp-custom/zivpn
+ExecStart=/root/udp-custom/zivpn/udp-zivpn-linux-amd64 server -c config.json
+Restart=always
+RestartSec=3
+Environment=ZIVPN_LOG_LEVEL=info
+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target