feat: Universal Linux build + redesigned ostp-guard

- Build static musl binaries (work on any Linux distro) - Redesign ostp-guard with weighted scoring system (threshold: 4 points) - HIGH (2pts): Analysis tools (gdb/ida/ghidra), sandbox artifacts - MEDIUM (1pt): Low resources (<1GB RAM), suspicious env vars - Production VPS safe (1-2 points), sandbox blocked (4+ points) - Anti-debug: Windows (IsDebuggerPresent), Linux (/proc/self/status) - Deployment packages for Linux + Windows with SHA256 checksums
2026-01-02 01:38:30 +03:00
parent 5879344336
commit 7ed4217987
23 changed files with 1045 additions and 432 deletions
--- a/dist/windows-amd64/README.md
+++ b/dist/windows-amd64/README.md
@@ -0,0 +1,220 @@
+# OSTP Windows Binaries
+
+## Contents
+
+- **ostp-server.exe** (3.52 MB) - OSTP Stealth VPN Server
+- **oncp-master.exe** (4.02 MB) - CDN Control Plane Master Node
+- **SHA256SUMS.txt** - Binary checksums
+
+## System Requirements
+
+- **OS**: Windows 10/11 (x64)
+- **Privileges**: Administrator required for TUN device and system DNS
+
+## Installation
+
+### 1. Verify Checksums
+
+```powershell
+Get-FileHash ostp-server.exe -Algorithm SHA256
+Get-FileHash oncp-master.exe -Algorithm SHA256
+```
+
+Compare with values in `SHA256SUMS.txt`
+
+### 2. Place Binaries
+
+```powershell
+# Create directory
+New-Item -Path "C:\Program Files\OSTP" -ItemType Directory -Force
+
+# Copy binaries
+Copy-Item ostp-server.exe,oncp-master.exe "C:\Program Files\OSTP\"
+
+# Add to PATH (optional)
+[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program Files\OSTP", "Machine")
+```
+
+## ostp-server Usage
+
+### Generate PSK
+
+```powershell
+ostp-server.exe gen-key
+```
+
+### Create Configuration
+
+Create `C:\Program Files\OSTP\server.json`:
+
+```json
+{
+  "listen": "0.0.0.0:8443",
+  "psk": "YOUR_64_CHAR_HEX_PSK_HERE",
+  "max_connections": 1024,
+  "log_level": "info"
+}
+```
+
+### Run Server
+
+```powershell
+# Run directly (Administrator required)
+ostp-server.exe -c "C:\Program Files\OSTP\server.json"
+
+# Or with CLI args
+ostp-server.exe -l 0.0.0.0:8443 -p YOUR_PSK_HEX
+```
+
+### Install as Windows Service
+
+```powershell
+# Using NSSM (Non-Sucking Service Manager)
+nssm install OSTP-Server "C:\Program Files\OSTP\ostp-server.exe" -c "C:\Program Files\OSTP\server.json"
+nssm set OSTP-Server AppDirectory "C:\Program Files\OSTP"
+nssm set OSTP-Server DisplayName "OSTP Stealth VPN Server"
+nssm set OSTP-Server Description "OSTP stealth transport protocol server"
+nssm set OSTP-Server Start SERVICE_AUTO_START
+
+# Start service
+nssm start OSTP-Server
+
+# Check status
+nssm status OSTP-Server
+```
+
+Download NSSM: https://nssm.cc/download
+
+## oncp-master Usage
+
+### Initialize Database
+
+```powershell
+# Create data directory
+New-Item -Path "C:\ProgramData\ONCP" -ItemType Directory -Force
+cd "C:\ProgramData\ONCP"
+
+# Initialize database
+oncp-master.exe stats
+```
+
+### Run API Server
+
+```powershell
+oncp-master.exe serve --listen 0.0.0.0:8080 --database "C:\ProgramData\ONCP\oncp.db"
+```
+
+### Management Commands
+
+```powershell
+# Dashboard
+oncp-master.exe dashboard
+
+# Node management
+oncp-master.exe node list
+oncp-master.exe node pending
+oncp-master.exe node approve <NODE_ID>
+
+# User management
+oncp-master.exe user create -q 100 -d 30
+oncp-master.exe user list
+
+# SNI management
+oncp-master.exe sni list
+oncp-master.exe sni add cloudflare.com -c US
+```
+
+### Install as Windows Service
+
+```powershell
+nssm install ONCP-Master "C:\Program Files\OSTP\oncp-master.exe" serve --listen 0.0.0.0:8080 --database "C:\ProgramData\ONCP\oncp.db"
+nssm set ONCP-Master AppDirectory "C:\ProgramData\ONCP"
+nssm set ONCP-Master DisplayName "ONCP Master Node"
+nssm set ONCP-Master Start SERVICE_AUTO_START
+
+nssm start ONCP-Master
+```
+
+## Firewall Configuration
+
+```powershell
+# Allow OSTP server port
+New-NetFirewallRule -DisplayName "OSTP Server" -Direction Inbound -LocalPort 8443 -Protocol TCP -Action Allow
+
+# Allow ONCP API port
+New-NetFirewallRule -DisplayName "ONCP Master API" -Direction Inbound -LocalPort 8080 -Protocol TCP -Action Allow
+```
+
+## Features
+
+### ostp-server.exe
+- ✅ AEAD encryption (ChaCha20-Poly1305)
+- ✅ X25519 key exchange
+- ✅ TLS mimicry
+- ✅ UDP-over-TCP framing
+- ✅ Silent PSK validation
+- ✅ Anti-debugging protection (ostp-guard)
+- ✅ Auto-enrollment to CDN
+
+### oncp-master.exe
+- ✅ REST API for node/user management
+- ✅ Node enrollment system
+- ✅ CDN steering by country
+- ✅ Real-time dashboard
+- ✅ SQLite backend
+
+## Logging
+
+View logs using:
+- Event Viewer (if running as service)
+- Console output (if running directly)
+- Set `RUST_LOG=debug` environment variable for verbose logging
+
+## Troubleshooting
+
+### "Access Denied" Error
+
+Run PowerShell as Administrator:
+```powershell
+Start-Process powershell -Verb RunAs
+```
+
+### Port Already in Use
+
+Check what's using the port:
+```powershell
+Get-NetTCPConnection -LocalPort 8443
+```
+
+### Binary Signature Warning
+
+Windows may show SmartScreen warning. Click "More info" → "Run anyway"
+
+Or bypass with:
+```powershell
+Unblock-File ostp-server.exe
+Unblock-File oncp-master.exe
+```
+
+## Build Information
+
+- **Date**: January 2, 2026
+- **Rust Version**: 1.85.0
+- **Target**: x86_64-pc-windows-msvc
+- **Profile**: Release (optimized)
+
+## Security Notes
+
+1. **PSK Protection**: Never share or commit PSKs
+2. **Admin Rights**: Required for TUN/TAP and system operations
+3. **Firewall**: Configure Windows Firewall rules
+4. **Updates**: Keep binaries updated
+
+## Support
+
+- **GitHub**: https://github.com/ospab/ospab.network
+- **Issues**: https://github.com/ospab/ospab.network/issues
+
+---
+
+**Note**: Anti-debugging protection (ostp-guard) is active in release builds. Running under debugger will cause immediate exit.