mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-14 11:31:51 +00:00
Code Issues Releases Wiki Activity

Add OpenVPN multi process support

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2024-12-18 16:55:47 +01:00
parent b531347431
commit 0db3dff442
6 changed files with 291 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

95
luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
View file

@ -830,8 +830,15 @@ function wizard_add()
ucic:set("xray","omrout","s_trojan_address",server_ip)
ucic:set("xray","omrout","s_socks_address",server_ip)
ucic:set("xray","omrout","s_shadowsocks_address",server_ip)
luci.sys.call("uci -q del openvpn.omr.remote")
luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
luci.sys.call("uci -q del openvpn." .. sectionname .. ".remote")
luci.sys.call("uci -q add_list openvpn." .. sectioname .. ".remote=" .. server_ip)
end
end)
--luci.sys.call("uci -q del openvpn.omr.remote")
--luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
ucic:set("qos","serverin","srchost",server_ip)
ucic:set("qos","serverout","dsthost",server_ip)
local nbip = 0
@ -882,8 +889,15 @@ function wizard_add()
ucic:set("xray","omrout","s_trojan_address",server_ip)
ucic:set("xray","omrout","s_socks_address",server_ip)
ucic:set("xray","omrout","s_shadowsocks_address",server_ip)
luci.sys.call("uci -q del openvpn.omr.remote")
luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
luci.sys.call("uci -q del openvpn." .. sectionname .. ".remote")
luci.sys.call("uci -q add_list openvpn." .. sectionname .. ".remote=" .. server_ip)
end
end)
--luci.sys.call("uci -q del openvpn.omr.remote")
--luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
ucic:set("qos","serverin","srchost",server_ip)
ucic:set("qos","serverout","dsthost",server_ip)
local nbip = 0
@ -938,7 +952,13 @@ function wizard_add()
ucic:set("shadowsocks-libev","sss1","method","none")
ucic:set("shadowsocks-rust","sss0","method","none")
ucic:set("shadowsocks-rust","sss1","method","none")
ucic:set("openvpn","omr","cipher","none")
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"cipher","none")
end
end)
--ucic:set("openvpn","omr","cipher","none")
ucic:set("mlvpn","general","cleartext_data","1")
ucic:set("v2ray","omrout","s_vmess_user_security","none")
ucic:set("v2ray","omrout","s_vless_user_security","none")
@ -957,7 +977,13 @@ function wizard_add()
ucic:set("shadowsocks-libev","sss1","method","aes-256-gcm")
ucic:set("glorytun","vpn","chacha20","0")
ucic:set("glorytun-udp","vpn","chacha","0")
ucic:set("openvpn","omr","cipher","AES-256-GCM")
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"cipher","AES-256-GCM")
end
end)
--ucic:set("openvpn","omr","cipher","AES-256-GCM")
ucic:set("mlvpn","general","cleartext_data","0")
ucic:set("v2ray","omrout","s_vmess_user_security","aes-128-gcm")
ucic:set("v2ray","omrout","s_vless_user_security","aes-128-gcm")
@ -977,7 +1003,13 @@ function wizard_add()
ucic:set("shadowsocks-libev","sss1","method","aes-256-cfb")
ucic:set("glorytun","vpn","chacha20","0")
ucic:set("glorytun-udp","vpn","chacha","0")
ucic:set("openvpn","omr","cipher","AES-256-CFB")
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"cipher","AES-256-CFB")
end
end)
--ucic:set("openvpn","omr","cipher","AES-256-CFB")
ucic:set("mlvpn","general","cleartext_data","0")
ucic:set("v2ray","omrout","s_vmess_user_security","aes-128-gcm")
ucic:set("v2ray","omrout","s_vless_user_security","aes-128-gcm")
@ -997,7 +1029,13 @@ function wizard_add()
ucic:set("shadowsocks-libev","sss1","method","chacha20-ietf-poly1305")
ucic:set("glorytun","vpn","chacha20","1")
ucic:set("glorytun-udp","vpn","chacha","1")
ucic:set("openvpn","omr","cipher","chacha20-poly1305")
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"cipher","chacha20-poly1305")
end
end)
--ucic:set("openvpn","omr","cipher","chacha20-poly1305")
ucic:set("mlvpn","general","cleartext_data","0")
ucic:set("v2ray","omrout","s_vmess_user_security","chacha20-poly1305")
ucic:set("v2ray","omrout","s_vless_user_security","chacha20-poly1305")
@ -1224,10 +1262,34 @@ function wizard_add()
ucic:commit("ubond")
if default_vpn == "openvpn" and disablednb ~= serversnb then
ucic:set("openvpn","omr","enabled",1)
ucic:set("network","omrvpn","proto","none")
if ucic:get("openmptcprouter","settings","openvpn_lb") == "0" then
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"enabled",0)
ucic:set("network",sectioname,"proto","none")
end
end)
ucic:set("openvpn","omr","enabled",1)
else
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:set("openvpn",sectionname,"enabled",1)
ucic:set("network",sectioname,"proto","none")
end
end)
--ucic:set("openvpn","omr","enabled",1)
end
--ucic:set("network","omrvpn","proto","none")
else
ucic:delete("openvpn","omr","enabled")
ucic:foreach("openvpn","openvpn", function(s)
local sectionname = s[".name"]
if sectionname:match("^omr.*") then
ucic:delete("openvpn",sectionname,"enabled")
end
end)
--ucic:delete("openvpn","omr","enabled")
end
ucic:save("openvpn")
ucic:commit("openvpn")
@ -1362,6 +1424,17 @@ function settings_add()
local externalcheck = luci.http.formvalue("externalcheck") or "1"
ucic:set("openmptcprouter","settings","external_check",externalcheck)
-- Enable/disable OpenVPN multiple clients
local openvpnlb = luci.http.formvalue("openvpnlb") or "1"
if ucic:get("openmptcprouter","settings","openvpn_lb") ~= openvpnlb then
ucic:set("openmptcprouter","settings","openvpn_lb",openvpnlb)
ucic:foreach("openmptcprouter", "server", function(s)
local sectionname = s[".name"]
ucic:set("openmptcprouter",sectionname,"get_config","1")
end)
end
-- Enable/disable restrict proxy to LAN
local restricttolan = luci.http.formvalue("restricttolan") or "0"
ucic:set("openmptcprouter","settings","restrict_to_lan",restricttolan)

10
luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
View file

@ -364,6 +364,16 @@
</div>
</div>
</div>
<div class="cbi-value">
<label class="cbi-value-title"><%:Disable OpenVPN multi clients%></label>
<div class="cbi-value-field">
<input type="checkbox" name="openvpnlb" class="cbi-input-checkbox" value="0" <% if luci.model.uci.cursor():get("openmptcprouter","settings","openvpn_lb") == "0" then %>checked<% end %>>
<br />
<div class="cbi-value-description">
<%:Disable OpenVPN multi clients to distribute connections and use more CPU cores%>
</div>
</div>
</div>
<div class="cbi-value">
<label class="cbi-value-title"><%:Disable tracebox test%></label>
<div class="cbi-value-field">

20
omr-tracker/files/usr/share/omr/lib/common-post-tracking.sh
View file

@ -712,3 +712,23 @@ dns_flush() {
unbound-control flush-negative >/dev/null 2>&1
unbound-control flush-bogus >/dev/null 2>&1
}
set_vpn_balancing_routes() {
vpngw="$1"
vpn_route() {
local vpnname
vpnname=$1
[ -z "$(echo $vpnname | grep omr)" ] && return
config_get enabled $vpnname enabled
[ "$enabled" != "1" ] && return
config_get dev $vpnname dev
[ -z "$dev" ] && return
allvpnroutes="$allvpnroutes nexthop via $vpngw dev $dev"
}
allvpnroutes=""
config_load openvpn
config_foreach vpn_route openvpn
_log "allvpnroutes: $allvpnroutes"
[ -n "$allvpnroutes" ] && ip route replace default scope global${allvpnroutes} >/dev/null 2>&1
}

13
omr-tracker/files/usr/share/omr/post-tracking.d/003-up
View file

@ -61,13 +61,18 @@ if [ "$OMR_TRACKER_INTERFACE" = "glorytun" ] || [ "$OMR_TRACKER_INTERFACE" = "om
fi
fi
if { [ "$default_gw" != "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$default_gw" = "" ]; } && [ "$OMR_TRACKER_DEVICE_GATEWAY" != "" ]; then
_log "Tunnel up : Replace default route by $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE (was $default_gw)"
[ "$(uci -q get openmptcprouter.settings.debug)" = "true" ] && _log "Default gw : $default_gw - Current route: $(ip r)"
ip route replace default scope global via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE $initcwrwnd >/dev/null 2>&1
if [ "$(uci -q get openvpn.omr2.enabled)" != "1" ]; then
_log "Tunnel up : Replace default route by $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE (was $default_gw)"
ip route replace default scope global via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE $initcwrwnd >/dev/null 2>&1
else
_log "Tunnel up : Replace default route by load balancing to $OMR_TRACKER_DEVICE_GATEWAY"
set_vpn_balancing_routes "$OMR_TRACKER_DEVICE_GATEWAY"
fi
if [ "$(pgrep -f openmptcprouter-vps)" = "" ]; then
/etc/init.d/openmptcprouter-vps restart >/dev/null 2>&1 &
fi
[ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && conntrack -D -p udp >/dev/null 2>&1
[ -n "$(uci -q get shadowsocks-libev.sss0)" ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && conntrack -D -p udp >/dev/null 2>&1
[ "$(uci -q get openmptcprouter.settings.debug)" = "true" ] && _log "New route: $(ip r)"
fi
@ -388,5 +393,7 @@ if [ "$(sysctl -qen net.mptcp.mptcp_enabled | tr -d '\n')" = "1" ] || [ "$(sysct
fi
[ -n "$(uci -q changes openmptcprouter)" ] && uci -q commit openmptcprouter
#[ -n "$OMR_TRACKER_DEVICE" ] && OMR_TRACKER_PREV_DEVICE="$OMR_TRACKER_DEVICE"
#ubus call network reload
exit 0

144
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -1451,6 +1451,25 @@ _set_ssrust_server() {
fi
}
_set_openvpn_server() {
local option=$2
local value=$3
if [ "$value" = "true" ]; then
value=1
elif [ "$value" = "false" ]; then
value=0
fi
if [ "$(echo $1 | grep omr)" != "" ]; then
if [ "$option" = "remote" ]; then
uci -q delete openvpn.$1.$option
uci -q add_list openvpn.$1.$option=$value
else
uci -q set openvpn.$1.$option=$value
fi
fi
}
_set_config_from_vps() {
local shadowsocks_disabled vpn glorytun_state redirect shorewall_redirect mlvpn_key openvpn_key dsvpn_key
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
@ -1625,10 +1644,12 @@ _set_config_from_vps() {
if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ]; then
config_foreach _set_ss_server server "server" $vpsip
fi
uci -q commit shadowsocks-libev
if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ -n "$(uci -q changes shadowsocks-libev)" ]; then
logger -t "OMR-VPS" "Shadowsocks restart..."
/etc/init.d/shadowsocks-libev restart >/dev/null 2>&1
if [ -n "$(uci -q changes shadowsocks-libev)" ]; then
uci -q commit shadowsocks-libev
if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ]; then
logger -t "OMR-VPS" "Shadowsocks restart..."
/etc/init.d/shadowsocks-libev restart >/dev/null 2>&1
fi
fi
fi
@ -1653,10 +1674,12 @@ _set_config_from_vps() {
if [ "$(uci -q get shadowsocks-rust.sss0.server)" != "127.0.0.1" ]; then
config_foreach _set_ssrust_server server "server" $vpsip
fi
uci -q commit shadowsocks-rust
if [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ] && [ -n "$(uci -q changes shadowsocks-rust)" ]; then
logger -t "OMR-VPS" "Shadowsocks Rust restart..."
/etc/init.d/shadowsocks-rust restart >/dev/null 2>&1
if [ -n "$(uci -q changes shadowsocks-rust)" ]; then
uci -q commit shadowsocks-rust
if [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ]; then
logger -t "OMR-VPS" "Shadowsocks Rust restart..."
/etc/init.d/shadowsocks-rust restart >/dev/null 2>&1
fi
fi
fi
@ -1681,10 +1704,12 @@ _set_config_from_vps() {
uci -q set v2ray.omrout.s_trojan_address="$vpsip"
uci -q set v2ray.omrout.s_socks_address="$vpsip"
fi
uci -q commit v2ray
if [ "$(uci -q get v2ray.main.enabled)" = "1" ] && [ -n "$(uci -q changes v2ray)" ]; then
logger -t "OMR-VPS" "V2ray restart..."
/etc/init.d/v2ray restart >/dev/null 2>&1
if [ -n "$(uci -q changes v2ray)" ]; then
uci -q commit v2ray
if [ "$(uci -q get v2ray.main.enabled)" = "1" ]; then
logger -t "OMR-VPS" "V2ray restart..."
/etc/init.d/v2ray restart >/dev/null 2>&1
fi
fi
fi
@ -1718,10 +1743,12 @@ _set_config_from_vps() {
uci -q set xray.omrout.s_socks_address="$vpsip"
uci -q set xray.omrout.s_shadowsocks_address="$vpsip"
fi
uci -q commit xray
if [ "$(uci -q get xray.main.enabled)" = "1" ] && [ -n "$(uci -q changes xray)" ]; then
logger -t "OMR-VPS" "Xray restart..."
/etc/init.d/xray restart >/dev/null 2>&1
if [ -n "$(uci -q changes xray)" ]; then
uci -q commit xray
if [ "$(uci -q get xray.main.enabled)" = "1" ]; then
logger -t "OMR-VPS" "Xray restart..."
/etc/init.d/xray restart >/dev/null 2>&1
fi
fi
fi
@ -1747,8 +1774,8 @@ _set_config_from_vps() {
if [ "$(uci -q get glorytun.vpn.host)" != "127.0.0.1" ]; then
uci -q set glorytun.vpn.host="$vpsip"
fi
uci -q commit glorytun
if [ -n "$(uci -q changes glorytun)" ]; then
uci -q commit glorytun
logger -t "OMR-VPS" "Glorytun restart..."
/etc/init.d/glorytun restart >/dev/null 2>&1
fi
@ -1772,8 +1799,8 @@ _set_config_from_vps() {
if [ "$(uci -q get glorytun-udp.vpn.host)" != "127.0.0.1" ]; then
uci -q set glorytun-udp.vpn.host="$vpsip"
fi
uci -q commit glorytun-udp
if [ -n "$(uci -q changes glorytun-udp)" ]; then
uci -q commit glorytun-udp
logger -t "OMR-VPS" "Glorytun UDP restart..."
/etc/init.d/glorytun-udp restart >/dev/null 2>&1
fi
@ -1790,20 +1817,31 @@ _set_config_from_vps() {
if [ "$vpn" = "openvpn" ]; then
openvpn_state=1
fi
uci -q batch <<-EOF >/dev/null
set openvpn.omr.port=$openvpn_port
set openvpn.omr.secret="/etc/luci-uploads/openvpn.key"
EOF
if [ "$openvpn_state" = "1" ]; then
config_load openvpn
config_foreach _set_openvpn_server openvpn "port" "$openvpn_port"
config_foreach _set_openvpn_server openvpn "secret" "/etc/luci-uploads/openvpn.key"
#uci -q batch <<-EOF >/dev/null
# set openvpn.omr.port=$openvpn_port
# set openvpn.omr.secret="/etc/luci-uploads/openvpn.key"
#EOF
if [ "$(uci -q get openmptcprouter.settings.openvpn_lb)" = "0" ]; then
config_foreach _set_openvpn_server openvpn "enabled" "0"
uci -q set openvpn.omr.enabled=$openvpn_state
else
uci -q del openvpn.omr.enabled
config_foreach _set_openvpn_server openvpn "enabled" "$openvpn_state"
fi
#if [ "$openvpn_state" = "1" ]; then
# uci -q set openvpn.omr.enabled=$openvpn_state
#else
# uci -q del openvpn.omr.enabled
#fi
if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ]; then
uci -q set openvpn.omr.remote="$vpsip"
config_foreach _set_openvpn_server openvpn "remote" "$vpsip"
#uci -q set openvpn.omr.remote="$vpsip"
fi
uci -q commit openvpn
if [ -n "$(uci -q changes openvpn)" ]; then
uci -q commit openvpn
logger -t "OMR-VPS" "OpenVPN restart..."
/etc/init.d/openvpn restart
fi
@ -1828,21 +1866,43 @@ _set_config_from_vps() {
if [ "$vpn" = "openvpn" ]; then
openvpn_state=1
fi
uci -q batch <<-EOF >/dev/null
set openvpn.omr.port=$openvpn_port
set openvpn.omr.key="/etc/luci-uploads/client.key"
set openvpn.omr.cert="/etc/luci-uploads/client.crt"
set openvpn.omr.ca="/etc/luci-uploads/ca.crt"
set openvpn.omr.enabled=$openvpn_state
set openvpn.omr.tls_client=1
set openvpn.omr.client=1
set openvpn.omr.allow_recursive_routing=1
EOF
if [ -z "$(uci -q get openvpn.omr.remote | grep $vpsip)" ]; then
uci -q add_list openvpn.omr.remote="$vpsip"
NBCPU=$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")
if [ "$NBCPU" -gt 1 ] && [ -z "$(uci -q get openvpn.omr2)" ]; then
[ -f /rom/etc/uci-defaults/2020-omr-vpn ] && ./rom/etc/uci-defaults/2020-omr-vpn
[ -f /usr/share/omr-update/2020-omr-vpn ] && ./usr/share/omr-update/2020-omr-vpn
fi
config_load openvpn
if [ "$(uci -q get openmptcprouter.settings.openvpn_lb)" = "0" ]; then
config_foreach _set_openvpn_server openvpn "enabled" "0"
uci -q set openvpn.omr.enabled=$openvpn_state
else
config_foreach _set_openvpn_server openvpn "enabled" "$openvpn_state"
fi
config_foreach _set_openvpn_server openvpn "key" "/etc/luci-uploads/client.key"
config_foreach _set_openvpn_server openvpn "cert" "/etc/luci-uploads/client.crt"
config_foreach _set_openvpn_server openvpn "ca" "/etc/luci-uploads/ca.crt"
config_foreach _set_openvpn_server openvpn "tls_client" "1"
config_foreach _set_openvpn_server openvpn "client" "1"
config_foreach _set_openvpn_server openvpn "allow_recursive_routing" "1"
#uci -q batch <<-EOF >/dev/null
# set openvpn.omr.port=$openvpn_port
# set openvpn.omr.key="/etc/luci-uploads/client.key"
# set openvpn.omr.cert="/etc/luci-uploads/client.crt"
# set openvpn.omr.ca="/etc/luci-uploads/ca.crt"
# set openvpn.omr.enabled=$openvpn_state
# set openvpn.omr.tls_client=1
# set openvpn.omr.client=1
# set openvpn.omr.allow_recursive_routing=1
#EOF
if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ]; then
config_foreach _set_openvpn_server openvpn "remote" "$vpsip"
#uci -q set openvpn.omr.remote="$vpsip"
fi
uci -q commit openvpn
if [ -n "$(uci -q changes openvpn)" ]; then
uci -q commit openvpn
logger -t "OMR-VPS" "OpenVPN restart..."
/etc/init.d/openvpn restart
fi
@ -1864,8 +1924,8 @@ _set_config_from_vps() {
if [ "$(uci -q get mlvpn.general.host)" != "127.0.0.1" ]; then
uci -q set mlvpn.general.host="$vpsip"
fi
uci -q commit mlvpn
if [ -n "$(uci -q changes mlvpn)" ]; then
uci -q commit mlvpn
logger -t "OMR-VPS" "MLVPN restart..."
/etc/init.d/mlvpn restart
fi
@ -1888,8 +1948,8 @@ _set_config_from_vps() {
if [ "$(uci -q get dsvpn.vpn.host)" != "127.0.0.1" ]; then
uci -q set dsvpn.vpn.host="$vpsip"
fi
uci -q commit dsvpn
if [ -n "$(uci -q changes dsvpn)" ]; then
uci -q commit dsvpn
logger -t "OMR-VPS" "DSVPN restart..."
/etc/init.d/dsvpn restart
fi
@ -1959,9 +2019,9 @@ _set_config_from_vps() {
uci -q batch <<-EOF >/dev/null
set network.omr6in4.ip6addr="$omr6in4_vps_remoteip"
set network.omr6in4.gateway="$omr6in4_vps_localip"
commit network
EOF
if [ -n "$(uci -q changes network)" ]; then
uci -q commit network
/etc/init.d/network reload
sleep 6
fi

113
openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
View file

@ -30,54 +30,6 @@ if [ "$(uci -q get network.omrvpn.txqueuelen)" = "1000" ]; then
EOF
fi
if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ]; then
uci -q batch <<-EOF >/dev/null
set openvpn.omr=openvpn
set openvpn.omr.dev=tun0
set openvpn.omr.port=65301
set openvpn.omr.cipher=AES-256-GCM
set openvpn.omr.proto=tcp-client
set openvpn.omr.auth_nocache=1
set openvpn.omr.client=1
set openvpn.omr.tls_client=1
set openvpn.omr.reneg_sec=0
set openvpn.omr.allow_recursive_routing=1
set openvpn.omr.sndbuf=0
set openvpn.omr.rcvbuf=0
set openvpn.omr.route_delay=5
set openvpn.omr.disable_dco=1
set openvpn.omr.ping_restart=60
commit openvpn
EOF
fi
if [ -z "$(uci -q get openvpn.omr.disable_dco)" ]; then
uci -q batch <<-EOF >/dev/null
set openvpn.omr.disable_dco=1
commit openvpn
EOF
fi
if [ -z "$(uci -q get openvpn.omr.ping_restart)" ]; then
uci -q batch <<-EOF >/dev/null
set openvpn.omr.ping_restart=60
commit openvpn
EOF
fi
if [ -z "$(uci -q get openvpn.omr.tun_mtu)" ]; then
uci -q batch <<-EOF >/dev/null
set openvpn.omr.tun_mtu=1420
commit openvpn
EOF
fi
uci -q delete openvpn.omr.secret
uci -q delete openvpn.omr.ncp_disable=0
#if [ "$(uci -q get openvpn.omr.com_lzo)" = "" ]; then
# uci -q batch <<-EOF >/dev/null
# set openvpn.omr.comp_lzo=adaptive
# EOF
#fi
if [ "$(uci -q get ipsec.ipsec.password)" = "myvpn" ]; then
uci -q batch <<-EOF >/dev/null
set ipsec.ipsec.enabled='0'
@ -86,6 +38,7 @@ if [ "$(uci -q get ipsec.ipsec.password)" = "myvpn" ]; then
chmod u+x /etc/init.d/ipsec
fi
if [ "$(uci -q get dsvpn.vpn)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set dsvpn.vpn=dsvpn
@ -185,5 +138,69 @@ if [ "$(uci -q get openmptcprouter.settings.vpn)" = "" ]; then
EOF
fi
if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ] || [ -z "$(uci -q get openvpn.omr.disable_dco)" ] || [ -z "$(uci -q get openvpn.omr.ping_restart)" ] || [ -z "$(uci -q get openvpn.omr.tun_mtu)" ]; then
uci -q batch <<-EOF >/dev/null
set openvpn.omr=openvpn
set openvpn.omr.dev=tun0
set openvpn.omr.port=65301
set openvpn.omr.cipher=AES-256-GCM
set openvpn.omr.proto=tcp-client
set openvpn.omr.auth_nocache=1
set openvpn.omr.client=1
set openvpn.omr.tls_client=1
set openvpn.omr.reneg_sec=0
set openvpn.omr.allow_recursive_routing=1
set openvpn.omr.sndbuf=0
set openvpn.omr.rcvbuf=0
set openvpn.omr.route_delay=5
set openvpn.omr.disable_dco=1
set openvpn.omr.ping_restart=60
set openvpn.omr.tun_mtu=1420
delete openvpn.omr.secret
delete openvpn.omr.ncp_disable=0
commit openvpn
EOF
fi
NBCPU=$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")
if [ "$NBCPU" -gt 1 ] && [ -z "$(uci -q get openvpn.omr2)" ]; then
[ "$NBCPU" -gt 4 ] && NBCPU=4
for c in $(seq 2 $NBCPU); do
uci -q batch <<-EOF >/dev/null
set openvpn.omr$c=openvpn
set openvpn.omr$c.dev=tun$((c-1))
set openvpn.omr$c.port=65301
set openvpn.omr$c.cipher=AES-256-GCM
set openvpn.omr$c.proto=tcp-client
set openvpn.omr$c.auth_nocache=1
set openvpn.omr$c.client=1
set openvpn.omr$c.tls_client=1
set openvpn.omr$c.reneg_sec=0
set openvpn.omr$c.allow_recursive_routing=1
set openvpn.omr$c.sndbuf=0
set openvpn.omr$c.rcvbuf=0
set openvpn.omr$c.route_delay=5
set openvpn.omr$c.disable_dco=1
set openvpn.omr$c.ping_restart=60
set openvpn.omr$c.tun_mtu=1420
del_list firewall.zone_vpn.device=tun$((c-1))
add_list firewall.zone_vpn.device=tun$((c-1))
EOF
done
uci -q commit openvpn
uci -q commit firewall
uci set -q openmptcprouter.vps.get_config="1"
uci -q commit openmptcprouter
fi
# This must not be enabled, this break everything
#if [ "$(uci -q get openvpn.omr.com_lzo)" = "" ]; then
# uci -q batch <<-EOF >/dev/null
# set openvpn.omr.comp_lzo=adaptive
# EOF
#fi
rm -f /tmp/luci-indexcache
exit 0