ospab/ospab.network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
963feb15823f232ffe597f0ca3d41d8135c389f5
ospab.network/dist/linux-x64/README.md
ospab 963feb1582 feat(dist): add distribution packages with docs and checksums 
Linux Server Package (ostp-server-linux-x64.tar.gz - 5.94 MB):
- ostp-server (9.2 MB) + oncp-master (4.8 MB)
- Automated deploy.sh script with systemd integration
- README.md with quick start guide
- systemd service units (ostp-server.service, oncp-master.service)
- Config examples (server.json, server-enrollment.json)
- SHA256SUMS for integrity verification

Windows Client Package (ostp-client-windows-x64.zip - 1.29 MB):
- ostp-client.exe (1.64 MB) - CLI client
- ostp-daemon.exe (0.53 MB) - Windows Service
- ostp-installer.exe (0.37 MB) - Setup wizard
- README.md with GUI/CLI usage guide
- SHA256SUMS.txt for integrity verification

Deploy Script Features:
- Automated PSK generation
- Systemd service installation
- Firewall configuration (ufw)
- OTP token generation (60 min)
- Network validation (10.X.0.0/16)
- Security hardening (NoNewPrivileges, ProtectSystem)

Documentation includes:
- Installation instructions
- Configuration examples
- Troubleshooting guides
- Security best practices
- API reference
2026-01-02 02:59:08 +03:00

5.2 KiB
Raw Blame History

OSTP Server - Linux x64 Distribution

Universal Linux binaries (statically linked with musl) for OSTP VPN server deployment.

📦 Contents

  • ostp-server (9.2 MB) - VPN server with AEAD encryption, TLS mimicry, UDP-over-TCP
  • oncp-master (4.8 MB) - Control plane API server for node/user management
  • SHA256SUMS - Integrity verification checksums
  • deploy.sh - Automated deployment script
  • server.json.example - ostp-server configuration template
  • server-enrollment.json.example - ostp-server with enrollment token
  • ostp-server.service - systemd service unit for ostp-server
  • oncp-master.service - systemd service unit for oncp-master

🚀 Quick Start

1. Verify Integrity

sha256sum -c SHA256SUMS

2. Deploy with Script (Recommended)

chmod +x deploy.sh
sudo ./deploy.sh

The script will:

  • Install binaries to /usr/local/bin/
  • Create systemd services
  • Generate PSK and network configuration
  • Set up firewall rules
  • Start services

3. Manual Installation

# Make binaries executable
chmod +x ostp-server oncp-master

# Copy to system path
sudo cp ostp-server oncp-master /usr/local/bin/

# Generate PSK for ostp-server
PSK=$(openssl rand -hex 32)
echo "Generated PSK: $PSK"

# Start oncp-master (control plane)
sudo ./oncp-master serve --listen 0.0.0.0:8080 --network-octet 42

# Generate enrollment token (expires in 3 minutes)
./oncp-master node token --expiry 3

# Start ostp-server (VPN server)
sudo ./ostp-server -l 0.0.0.0:443 -p $PSK --master http://localhost:8080

🔧 Configuration

ostp-server Configuration

Create /etc/ostp/server.json:

{
  "listen_addr": "0.0.0.0:443",
  "psk": "YOUR_64_CHAR_HEX_PSK",
  "master_url": "http://localhost:8080",
  "country_code": "US",
  "max_clients": 1000
}

oncp-master Configuration

Environment variables:

  • ONCP_DATABASE - SQLite database path (default: oncp.db)
  • ONCP_NETWORK_OCTET - Second octet for 10.X.0.0/16 subnet (default: 42)
  • ONCP_LOG_LEVEL - Logging level: error, warn, info, debug, trace

🌐 Network Architecture

Master Node Subnet: 10.X.0.0/16 (where X = network-octet)

  • Master Node IP: 10.X.0.1
  • Client IPs: 10.X.0.2 - 10.X.255.254
  • Capacity: ~65,000 clients per Master Node

🔐 Security Features

OTP Enrollment Tokens

Nodes must provide time-limited one-time tokens during enrollment:

# Generate token (3 minute expiry)
./oncp-master node token --expiry 3

# Node uses token in enrollment request
./ostp-server --token ABC123XYZ0 --master https://master-url

Silent Validation

Invalid tokens result in silent connection close (HTTP 444) - prevents enumeration.

📊 Management Commands

Node Management

# List pending enrollments
./oncp-master node pending

# Approve node (allocates IP + generates PSK)
./oncp-master node approve <node-id>

# Reject enrollment
./oncp-master node reject <node-id>

# List all nodes
./oncp-master node list

User Management

# Create user with 100GB quota, 30 days
./oncp-master user create --quota 100 --days 30

# List users
./oncp-master user list

# Show network statistics
./oncp-master stats

SNI Management

# Update SNI domains for specific country
./oncp-master sni update --country RU --add example.com

# Block domain globally
./oncp-master sni block --domain blocked.com

🖥️ System Requirements

  • OS: Any Linux distribution with glibc or musl (universal binary)
  • RAM: 512 MB minimum, 2 GB recommended
  • CPU: 1 core minimum, 2+ cores recommended
  • Network: Public IP with ports 443 (ostp-server), 8080 (oncp-master) open
  • Storage: 100 MB for binaries, 1 GB+ for logs/database

🛡️ Firewall Configuration

# Allow ostp-server (VPN)
sudo ufw allow 443/tcp

# Allow oncp-master API (restrict to internal network in production)
sudo ufw allow 8080/tcp

📝 Logs

  • ostp-server: /var/log/ostp-server.log or stdout
  • oncp-master: /var/log/oncp-master.log or stdout

View logs with systemd:

sudo journalctl -u ostp-server -f
sudo journalctl -u oncp-master -f

🔄 Updates

# Stop services
sudo systemctl stop ostp-server oncp-master

# Replace binaries
sudo cp ostp-server oncp-master /usr/local/bin/

# Restart services
sudo systemctl start ostp-server oncp-master

📚 Documentation

⚠️ Production Checklist

  • Change default PSK (64 hex characters)
  • Configure unique network octet (0-255, avoid 0 and 255)
  • Set up SSL/TLS for oncp-master API (use reverse proxy)
  • Restrict oncp-master port to internal network
  • Configure log rotation
  • Set up monitoring (Prometheus/Grafana)
  • Enable automatic backups of oncp.db
  • Configure firewall rules
  • Set resource limits in systemd services

🆘 Support

For issues and questions:

Version: 0.1.0
Build Date: January 2, 2026
License: Proprietary

Reference in New Issue View Git Blame Copy Permalink