mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Merge branch 'test' into develop
This commit is contained in:
suyuan
commit
30b9f47d69
16 changed files with 352 additions and 148 deletions
|
|
@ -9,7 +9,10 @@
|
|||
}
|
||||
|
||||
_getremoteip() {
|
||||
[ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}')
|
||||
[ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && {
|
||||
remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}')
|
||||
wg_server_key=$(uci -q get openmptcprouter.$1.wgkey)
|
||||
}
|
||||
}
|
||||
|
||||
mptcp_over_vpn() {
|
||||
|
|
@ -20,19 +23,22 @@ mptcp_over_vpn() {
|
|||
uci -q batch <<-EOF >/dev/null
|
||||
delete openmptcprouter.${interface}
|
||||
delete network.ovpn${interface}
|
||||
delete network.wg${interface}
|
||||
delete openvpn.${interface}
|
||||
commit openvpn
|
||||
delete openmptcprouter.${interface}
|
||||
delete openmptcprouter.ovpn${interface}
|
||||
delete openmptcprouter.wg${interface}
|
||||
commit openmptcprouter
|
||||
commit network
|
||||
del_list firewall.zone_vpn.network="ovpn${interface}"
|
||||
del_list firewall.zone_vpn.network="wg${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
return
|
||||
fi
|
||||
nbintfvpn=$(($nbintfvpn+1))
|
||||
if [ "$(uci -q get network.ovpn${interface})" = "" ]; then
|
||||
if [ "$(uci -q get network.ovpn${interface})" = "" ] && [ "$vpn" = "openvpn" ]; then
|
||||
logger -t "MPTCPoverVPN" "Enable MPTCP over VPN for ${interface}"
|
||||
id=$(uci -q get network.${interface}.metric)
|
||||
remoteip=""
|
||||
|
|
@ -43,42 +49,108 @@ mptcp_over_vpn() {
|
|||
[ -n "$(uci -q get openmptcprouter.ovpn${interface}.multipath)" ] && multipath=$(uci -q get openmptcprouter.ovpn${interface}.multipath)
|
||||
[ -z "$multipath" ] && multipath="on"
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.ovpn${interface}=interface
|
||||
set network.ovpn${interface}.ifname="tun${id}"
|
||||
set network.ovpn${interface}.defaultroute='0'
|
||||
set network.ovpn${interface}.peerdns='0'
|
||||
set network.ovpn${interface}.proto='none'
|
||||
set network.ovpn${interface}.ip4table='wan'
|
||||
set network.ovpn${interface}.multipath="${multipath}"
|
||||
set network.${interface}.multipath='off'
|
||||
commit network
|
||||
set openvpn.${interface}=openvpn
|
||||
set openvpn.${interface}.dev="tun${id}"
|
||||
set openvpn.${interface}.cipher='AES-256-CBC'
|
||||
set openvpn.${interface}.port='65301'
|
||||
set openvpn.${interface}.remote="${remoteip}"
|
||||
set openvpn.${interface}.local="${localip}"
|
||||
set openvpn.${interface}.lport='0'
|
||||
set openvpn.${interface}.ncp_disable='1'
|
||||
set openvpn.${interface}.auth_nocache='1'
|
||||
set openvpn.${interface}.proto='udp'
|
||||
set openvpn.${interface}.client='1'
|
||||
set openvpn.${interface}.enabled='1'
|
||||
set openvpn.${interface}.allow_recursive_routing='1'
|
||||
set openvpn.${interface}.key='/etc/luci-uploads/client.key'
|
||||
set openvpn.${interface}.cert='/etc/luci-uploads/client.crt'
|
||||
set openvpn.${interface}.ca='/etc/luci-uploads/ca.crt'
|
||||
commit openvpn
|
||||
set openmptcprouter.${interface}.multipath="off"
|
||||
set openmptcprouter.${interface}.multipathvpn="1"
|
||||
set openmptcprouter.ovpn${interface}="interface"
|
||||
set openmptcprouter.ovpn${interface}.multipath="${multipath}"
|
||||
set openmptcprouter.ovpn${interface}.vpn="1"
|
||||
set openmptcprouter.ovpn${interface}.baseintf="${interface}"
|
||||
delete network.wg${interface}
|
||||
delete openmptcprouter.wg${interface}
|
||||
commit openmptcprouter
|
||||
add_list firewall.zone_vpn.network="ovpn${interface}"
|
||||
commit network
|
||||
del_list firewall.zone_vpn.network="wg${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.ovpn${interface}=interface
|
||||
set network.ovpn${interface}.ifname="tun${id}"
|
||||
set network.ovpn${interface}.defaultroute='0'
|
||||
set network.ovpn${interface}.peerdns='0'
|
||||
set network.ovpn${interface}.proto='none'
|
||||
set network.ovpn${interface}.ip4table='wan'
|
||||
set network.ovpn${interface}.multipath="${multipath}"
|
||||
set network.${interface}.multipath='off'
|
||||
commit network
|
||||
set openvpn.${interface}=openvpn
|
||||
set openvpn.${interface}.dev="tun${id}"
|
||||
set openvpn.${interface}.cipher='AES-256-CBC'
|
||||
set openvpn.${interface}.port='65301'
|
||||
set openvpn.${interface}.remote="${remoteip}"
|
||||
set openvpn.${interface}.local="${localip}"
|
||||
set openvpn.${interface}.lport='0'
|
||||
set openvpn.${interface}.ncp_disable='1'
|
||||
set openvpn.${interface}.auth_nocache='1'
|
||||
set openvpn.${interface}.proto='udp'
|
||||
set openvpn.${interface}.client='1'
|
||||
set openvpn.${interface}.enabled='1'
|
||||
set openvpn.${interface}.allow_recursive_routing='1'
|
||||
set openvpn.${interface}.key='/etc/luci-uploads/client.key'
|
||||
set openvpn.${interface}.cert='/etc/luci-uploads/client.crt'
|
||||
set openvpn.${interface}.ca='/etc/luci-uploads/ca.crt'
|
||||
commit openvpn
|
||||
set openmptcprouter.${interface}.multipath="off"
|
||||
set openmptcprouter.${interface}.multipathvpn="1"
|
||||
set openmptcprouter.ovpn${interface}="interface"
|
||||
set openmptcprouter.ovpn${interface}.multipath="${multipath}"
|
||||
set openmptcprouter.ovpn${interface}.vpn="1"
|
||||
set openmptcprouter.ovpn${interface}.baseintf="${interface}"
|
||||
commit openmptcprouter
|
||||
add_list firewall.zone_vpn.network="ovpn${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
elif [ "$(uci -q get network.wg${interface})" = "" ] && [ "$vpn" = "wireguard" ]; then
|
||||
logger -t "MPTCPoverVPN" "Enable MPTCP over VPN for ${interface}"
|
||||
id=$(uci -q get network.${interface}.metric)
|
||||
remoteip=""
|
||||
wg_server_key=""
|
||||
config_load openmptcprouter
|
||||
config_foreach _getremoteip server
|
||||
metric=$(uci -q get network.${interface}.metric)
|
||||
[ -z "$(uci -q get openmptcprouter.wg${interface}.multipath)" ] && multipath=$(uci -q get network.${interface}.multipath)
|
||||
[ -n "$(uci -q get openmptcprouter.wg${interface}.multipath)" ] && multipath=$(uci -q get openmptcprouter.wg${interface}.multipath)
|
||||
[ -z "$multipath" ] && multipath="on"
|
||||
private_key=$(wg genkey | tr -d "\n")
|
||||
public_key=$(echo $private_key | wg pubkey | tr -d "\n")
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
delete network.ovpn${interface}
|
||||
delete openvpn.${interface}
|
||||
commit openvpn
|
||||
delete openmptcprouter.ovpn${interface}
|
||||
commit openmptcprouter
|
||||
commit network
|
||||
del_list firewall.zone_vpn.network="ovpn${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.wg${interface}=interface
|
||||
set network.wg${interface}.nohostroute='1'
|
||||
set network.wg${interface}.proto='wireguard'
|
||||
set network.wg${interface}.fwmark="0x539${metric}"
|
||||
del_list network.wg${interface}.addresses
|
||||
add_list network.wg${interface}.addresses='10.255.247.${metric}/24'
|
||||
set network.wg${interface}.private_key="${private_key}"
|
||||
set network.wg${interface}.gateway="10.255.247.1"
|
||||
set network.wg${interface}.public_key="${public_key}"
|
||||
set network.wg${interface}.multipath="${multipath}"
|
||||
set network.${interface}.multipath='off'
|
||||
add network wireguard_wg${interface}
|
||||
set network.@wireguard_wg${interface}[0]=wireguard_wg${interface}
|
||||
set network.@wireguard_wg${interface}[0].description="Wireguard on ${interface}"
|
||||
set network.@wireguard_wg${interface}[0].endpoint_host="${remoteip}"
|
||||
set network.@wireguard_wg${interface}[0].endpoint_port="65311"
|
||||
set network.@wireguard_wg${interface}[0].persistent_keepalive="28"
|
||||
del_list network.@wireguard_wg${interface}[0].allowed_ips
|
||||
add_list network.@wireguard_wg${interface}[0].allowed_ips="0.0.0.0/0"
|
||||
set network.@wireguard_wg${interface}[0].public_key="${wg_server_key}"
|
||||
commit network
|
||||
set openmptcprouter.${interface}.multipath="off"
|
||||
set openmptcprouter.${interface}.multipathvpn="1"
|
||||
set openmptcprouter.wg${interface}="interface"
|
||||
set openmptcprouter.wg${interface}.multipath="${multipath}"
|
||||
set openmptcprouter.wg${interface}.vpn="1"
|
||||
set openmptcprouter.wg${interface}.baseintf="${interface}"
|
||||
commit openmptcprouter
|
||||
add_list firewall.zone_vpn.network="wg${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
ubus call network reload 2>&1 >/dev/null
|
||||
else
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.${interface}.multipath='off'
|
||||
|
|
@ -92,6 +164,7 @@ mptcp_over_vpn() {
|
|||
multipath=$(uci -q get openmptcprouter.ovpn${interface}.multipath)
|
||||
[ -z "$multipath" ] && multipath="on"
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
delete network.wg${interface}
|
||||
delete network.ovpn${interface}
|
||||
delete openvpn.${interface}
|
||||
commit openvpn
|
||||
|
|
@ -99,13 +172,16 @@ mptcp_over_vpn() {
|
|||
set network.${interface}.multipath="${multipath}"
|
||||
set openmptcprouter.${interface}.multipathvpn="0"
|
||||
delete openmptcprouter.ovpn${interface}
|
||||
delete openmptcprouter.wg${interface}
|
||||
commit openmptcprouter
|
||||
commit network
|
||||
del_list firewall.zone_vpn.network="ovpn${interface}"
|
||||
del_list firewall.zone_vpn.network="wg${interface}"
|
||||
commit firewall
|
||||
EOF
|
||||
elif [ "$(uci -q get openmptcprouter.${interface}.vpn)" = "1" ]; then
|
||||
intf="$(echo ${interface} | sed 's/ovpn//g')"
|
||||
[ "$intf" = "$interface" ] && intf="$(echo ${interface} | sed 's/wg//g')"
|
||||
if [ -n "$intf" ] && [ "$intf" != "$interface" ] && [ "$(uci -q get network.${intf})" = "" ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
delete network.${interface}
|
||||
|
|
@ -126,6 +202,8 @@ start_service()
|
|||
{
|
||||
nbintf=0
|
||||
nbintfvpn=0
|
||||
vpn="$(uci -q get openmptcprouter.settings.mptcpovervpn)"
|
||||
[ -z "$vpn" ] && vpn="openvpn"
|
||||
config_load openmptcprouter
|
||||
config_foreach mptcp_over_vpn interface
|
||||
if [ "$nbintf" = "$nbintfvpn" ] && [ "$nbintf" != "0" ]; then
|
||||
|
|
|
|||
|
|
@ -140,6 +140,29 @@ _set_openvpn_vps() {
|
|||
fi
|
||||
}
|
||||
|
||||
_set_wireguard_vps() {
|
||||
local enabled port key
|
||||
ipskey=""
|
||||
_get_wg_ipskey() {
|
||||
local interface=$1
|
||||
proto=$(uci -q get network.${interface}.proto)
|
||||
if [ "$proto" = "wireguard" ]; then
|
||||
ip="$(uci -q get network.${interface}.addresses)"
|
||||
key="$(uci -q get network.${interface}.public_key)"
|
||||
if [ -z "$ipskey" ]; then
|
||||
ipskey='{"ip": "'$ip'", "key": "'$key'"}'
|
||||
else
|
||||
ipskey=$ipskey',{"ip": "'$ip'", "key": "'$key'"}'
|
||||
fi
|
||||
fi
|
||||
}
|
||||
config_load network
|
||||
config_foreach _get_wg_ipskey interface
|
||||
local settings
|
||||
settings='{"peers": ['$ipskey']}'
|
||||
echo $(_set_json "wireguard" "$settings")
|
||||
}
|
||||
|
||||
get_openvpn_key() {
|
||||
servername=$2
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
|
|
@ -728,14 +751,28 @@ _set_wan_ip() {
|
|||
fi
|
||||
}
|
||||
|
||||
_get_lan_ip() {
|
||||
local intf=$1
|
||||
if [ "$(uci -q get firewall.zone_lan.network | grep $intf)" != "" ]; then
|
||||
lanip="$(uci -q get network.${intf}.ipaddr)/$(uci -q get network.${intf}.netmask)"
|
||||
if [ "$lanip" != "/" ]; then
|
||||
if [ -z "$lanips" ]; then
|
||||
lanips='"'${lanip}'"'
|
||||
else
|
||||
lanips='"'$lanips'" "'${lanip}'"'
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
_set_lan_ip() {
|
||||
local settings
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
[ -z "$vps_config" ] && return
|
||||
lanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.lan.ips')"
|
||||
lanips="$(uci -q get network.lan.ipaddr)/$(uci -q get network.lan.netmask)"
|
||||
if [ "$lanips" != "/" ] && [ "$lanip_current" != "$lanips" ]; then
|
||||
settings='{"lanips" : ["'$lanips'"]}'
|
||||
#lanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.lan.ips')"
|
||||
#if [ "$lanips" != "" ] && [ "$lanip_current" != "$lanips" ]; then
|
||||
if [ "$lanips" != "" ]; then
|
||||
settings='{"lanips" : ['$lanips']}'
|
||||
result=$(_set_json "lan" "$settings")
|
||||
fi
|
||||
}
|
||||
|
|
@ -814,6 +851,7 @@ _vps_firewall_redirect_port() {
|
|||
EOF
|
||||
src_dport='2-64999'
|
||||
fi
|
||||
[ -n "$src_dport" ] && src_dport=$(echo $src_dport | sed 's/:/-/')
|
||||
if [ -n "$src_dport" ] && [ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ]; then
|
||||
logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
|
||||
enabled="0"
|
||||
|
|
@ -1371,6 +1409,12 @@ _set_config_from_vps() {
|
|||
set openmptcprouter.${servername}.redirect_ports=$redirect
|
||||
EOF
|
||||
|
||||
# Wireguard settings
|
||||
wireguard_key="$(echo "$vps_config" | jsonfilter -q -e '@.wireguard.key')"
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set openmptcprouter.${servername}.wgkey=$wireguard_key
|
||||
EOF
|
||||
|
||||
# MPTCP settings
|
||||
mptcp_path_manager="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')"
|
||||
mptcp_scheduler="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')"
|
||||
|
|
@ -1684,6 +1728,7 @@ _config_service() {
|
|||
[ -z "$(_set_glorytun_vps)" ] && error=1
|
||||
[ -z "$(_set_openvpn_vps)" ] && error=1
|
||||
_set_vps_firewall
|
||||
_set_wireguard_vps
|
||||
fi
|
||||
_backup_list
|
||||
redirect_port="0"
|
||||
|
|
@ -1700,9 +1745,11 @@ _config_service() {
|
|||
|
||||
#_set_pihole
|
||||
[ -n "$wanips" ] && _set_wan_ip
|
||||
_set_lan_ip
|
||||
_set_vpn_ip
|
||||
config_load network
|
||||
lanips=""
|
||||
config_foreach _get_lan_ip interface
|
||||
_set_lan_ip
|
||||
config_foreach _delete_client2client route
|
||||
if [ "$(uci -q get openmptcprouter.settings.vpn)" != "openvpn" ] && [ "$(echo "$vps_config" | jsonfilter -q -e '@.client2client.enabled')" == "true" ]; then
|
||||
_set_client2client
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
|
|||
set unbound.@unbound[-1].protocol="ip4_only"
|
||||
set unbound.@unbound[-1].enabled=1
|
||||
set unbound.@unbound[-1].recursion="aggressive"
|
||||
set unbound.@unbound[-1].validator='1'
|
||||
set unbound.@unbound[-1].validator_ntp='1'
|
||||
commit unbound
|
||||
EOF
|
||||
fi
|
||||
|
|
@ -16,6 +18,7 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
|
|||
#add_list dhcp.@dnsmasq[-1].server="223.5.5.5"
|
||||
#add_list dhcp.@dnsmasq[-1].server="223.6.6.6"
|
||||
#add_list dhcp.@dnsmasq[-1].server="180.76.76.76"
|
||||
set dhcp.@dnsmasq[-1].dnssec='1'
|
||||
commit dhcp
|
||||
EOF
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -105,14 +105,14 @@ if [ "$(uci -q show firewall | grep ICMPv6-Lan-to-OMR)" = "" ]; then
|
|||
commit firewall
|
||||
EOF
|
||||
fi
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
del_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
|
||||
del_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
|
||||
del_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
|
||||
add_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
|
||||
add_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
|
||||
add_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
|
||||
EOF
|
||||
#uci -q batch <<-EOF >/dev/null
|
||||
# del_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
|
||||
# del_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
|
||||
# del_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
|
||||
# add_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
|
||||
# add_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
|
||||
# add_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
|
||||
#EOF
|
||||
if [ "$(ubus call system board | jsonfilter -e '@.board_name')" = "bananapi,bpi-r2" ] || [ "$(ubus call system board | jsonfilter -e '@.board_name' | grep -i wrt)" != "" ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set firewall.@defaults[0].flow_offloading='1'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue