Install-Phantun.md

Install Phantun

Install

Onekey Install: curl -fsSL https://gist.githubusercontent.com/MisakaMikoto-35c5/0e469016745fbf27480c39ae3156f280/raw/install-phantun.sh | sudo bash Or on OpenWRT: curl -fsSL https://gist.githubusercontent.com/MisakaMikoto-35c5/0e469016745fbf27480c39ae3156f280/raw/install-phantun.sh | sh

Make sure unzip and curl is installed!!!

Usage

On systemd systems

systemctl start phantun-server@sample-config
systemctl start phantun-client@sample-config

Config files store at /etc/phantun

On OpenWRT

Please add following lines to /etc/rc.local

nohup /usr/sbin/phantun_client --local 127.114.51.4:8964 --remote 11.4.51.4:1919 --tun-local 169.254.0.0 --tun-peer 169.254.0.1 > /dev/null 2>&1 &

Note: make sure nohup is installed on your system, init.d not implemented.

Setup Phantun on servers

Use following command to create NAT rules:

firewall-cmd --permanent --zone=external --change-interface=eth0 # Make sure Internet interface in external zone
firewall-cmd --permanent --zone=internal --add-source=169.254.0.0/16 # Make sure tun-local IP address range in internal zone, firewalld will automacially create masquerade NAT rules for internal to external traffic.
firewall-cmd --permanent --zone=external --add-forward-port=port=60001:proto=tcp:toaddr=169.254.0.1:toport=60001 # Create TCP Port forward rule
firewall-cmd --reload # Reload firewall to apply rules

Setup Phantun on clients

Use following command to create NAT rules:

firewall-cmd --permanent --zone=external --change-interface=eth0 # Make sure Internet interface in external zone
firewall-cmd --permanent --zone=internal --add-source=169.254.0.0/16 # Make sure tun-local IP address range in internal zone, firewalld will automacially create masquerade NAT rules for internal to external traffic.
firewall-cmd --reload # Reload firewall to apply rules

install-phantun.sh

#!/bin/bash

IS_OPENWRT=0
INSTALL_DIR=/usr/local/sbin

if [ -e /etc/sysupgrade.conf ]; then
  IS_OPENWRT=1
  INSTALL_DIR=/usr/sbin
fi

which unzip
if [[ $? -eq 1 ]]; then
  echo Please install unzip first.
  exit 1
fi

touch $INSTALL_DIR/test
if [[ $? -eq 1 ]]; then
  echo Please run this script as root.
  exit 1
fi
rm $INSTALL_DIR/test

cd /tmp

mkdir -p /etc/phantun

cat > /etc/phantun/sample-config.conf << EOF
--local 127.0.0.1:8964
--remote 8.9.6.4:8964
--tun-local 169.254.0.0
--tun-peer 169.254.0.1
EOF

ldd /bin/ls | grep 'musl' > /dev/null
IS_GLIBC=$?
LIBC_STR="gnu"
if [[ $IS_GLIBC -eq 0 ]]; then
  LIBC_STR="musl"
fi
ARCH=$(uname -m)

if [[ "$LIBC_STR" == "musl" && "$ARCH" == "mips" ]]; then
  ldd /bin/ls | grep 'mipsel' > /dev/null
  if [[ $? == 0 ]]; then
    ARCH="mipsel"
  fi
fi

wget -O download.zip https://github.com/dndx/phantun/releases/latest/download/phantun_$ARCH-unknown-linux-$LIBC_STR.zip
if [[ "$?" != "0" ]]; then
  echo Download failed.
  exit 1
fi

unzip download.zip
rm download.zip
mv phantun_client phantun_server $INSTALL_DIR

CONFIG_RESOLVER=$(echo '$(for i in $(cat /etc/phantun/%i.conf); do tmp="$tmp $i"; done; echo $tmp)')

if [ "$IS_OPENWRT" == "1" ]; then
# is openwrt, do nothing
exit 0
fi

cat > /etc/systemd/system/phantun-server\@.service << EOF
[Unit]
Description=Phantun Server
After=network.target

[Service]
Type=simple
AmbientCapabilities=CAP_NET_ADMIN
DynamicUser=true
ExecStart=sh -c '$INSTALL_DIR/phantun_server $CONFIG_RESOLVER'
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target
EOF

cat > /etc/systemd/system/phantun-client\@.service << EOF
[Unit]
Description=Phantun client
After=network.target

[Service]
Type=simple
AmbientCapabilities=CAP_NET_ADMIN
DynamicUser=true
ExecStart=sh -c '$INSTALL_DIR/phantun_client $CONFIG_RESOLVER'
TimeoutStopSec=5
KillMode=mixed

[Install]
WantedBy=multi-user.target
EOF