# OSTP Linux Deployment Package

## Contents

- **ostp-server** (4.0 MB) - Stealth VPN Server Binary
- **oncp-master** (4.7 MB) - CDN Control Plane Binary
- **install.sh** - Automated installation script
- **README.md** - Complete deployment guide
- **SHA256SUMS** - Binary checksums for verification
- **ostp-server.service** - Systemd service file
- **oncp-master.service** - Systemd service file
- **server.json.example** - Server configuration template
- **server-enrollment.json.example** - Auto-enrollment config template

## Quick Start

### 1. Verify Checksums

```bash
sha256sum -c SHA256SUMS
```

### 2. Run Installation Script

```bash
sudo bash install.sh
```

### 3. Configure Server

```bash
# Generate PSK
ostp-server gen-key

# Edit config
sudo nano /etc/ostp/server.json
# Replace PSK with generated key

# Start service
sudo systemctl enable ostp-server
sudo systemctl start ostp-server
sudo systemctl status ostp-server
```

## System Requirements

- **OS**: Debian 13+ / Ubuntu 24.04+ / RHEL 9+
- **Architecture**: x86_64
- **glibc**: 2.41+
- **Libraries**: libssl3, libcrypto3
- **Privileges**: Root/sudo required

## Build Information

- **Date**: January 2, 2026
- **Rust Version**: 1.85.0
- **Target**: x86_64-unknown-linux-gnu
- **glibc**: 2.41 (Debian Trixie)
- **Profile**: Release (optimized)

## Features

### ostp-server
- ✅ AEAD encryption (ChaCha20-Poly1305)
- ✅ X25519 key exchange
- ✅ TLS mimicry
- ✅ Anti-DPI protection
- ✅ UDP-over-TCP framing
- ✅ Silent PSK validation
- ✅ Anti-debugging protection
- ✅ Auto-enrollment to CDN

### oncp-master
- ✅ REST API for node management
- ✅ Node enrollment system (Pending→Approved→Active)
- ✅ CDN steering by country code
- ✅ User billing and quota tracking
- ✅ Dynamic SNI management
- ✅ Real-time dashboard CLI
- ✅ Network statistics
- ✅ SQLite backend

## Deployment Scenarios

### Standalone Server
Use `server.json.example` - manual PSK configuration

### CDN Network Node
Use `server-enrollment.json.example` - automatic enrollment with master node

## Security Considerations

1. **PSK Protection**: Keep PSKs secure, never commit to version control
2. **Firewall**: Restrict master node API to known IPs
3. **TLS**: Use reverse proxy for API TLS termination
4. **Updates**: Keep binaries updated for security patches
5. **Monitoring**: Use systemd logs and `oncp-master dashboard`

## Documentation

Full documentation in [README.md](README.md)

## Support

- **GitHub**: https://github.com/ospab/ospab.network
- **Issues**: https://github.com/ospab/ospab.network/issues

---

**Note**: ostp-server requires root privileges for TUN device creation and port binding. Anti-debugging protection (ostp-guard) is enabled in release builds.