Merge pull request #79 from Ysurac/develop

sync
2025-02-15 03:51:51 +00:00 · 2021-03-03 19:03:22 +08:00 · 2021-03-03 19:03:22 +08:00 · 447307e821
commit 447307e821
parent 4ac8c7539b c939ab5a24
17 changed files with 352 additions and 232 deletions
--- a/https-dns-proxy/Makefile
+++ b/https-dns-proxy/Makefile
@ -1,14 +1,14 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=https-dns-proxy
-PKG_VERSION:=2019-12-03
+PKG_VERSION:=2021-01-17
-PKG_RELEASE=5
+PKG_RELEASE=2
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/aarond10/https_dns_proxy
-PKG_SOURCE_DATE:=2019-12-03
+PKG_SOURCE_DATE:=2021-01-17
-PKG_SOURCE_VERSION:=2adeafb67cbe8d67148219c48334856ae4f3bd75
+PKG_SOURCE_VERSION:=37511cc08712d7548978a4f6f1cc457b7594fb96
-PKG_MIRROR_HASH:=58088baa092cd9634652d65f9b5650db88d2e102cb370710654db7b15f2f0e42
+PKG_MIRROR_HASH:=4e6a7dcb69e350d1df9f17570439b589e031e249da7f91f2ec7600a955e0aaa3
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE
@ -22,14 +22,26 @@ define Package/https-dns-proxy
 	SECTION:=net
 	CATEGORY:=Network
 	TITLE:=DNS Over HTTPS Proxy
 	URL:=https://docs.openwrt.melmac.net/https-dns-proxy/
 	DEPENDS:=+libcares +libcurl +libev +ca-bundle
 	CONFLICTS:=https_dns_proxy
 endef
 define Package/https-dns-proxy/description
 https-dns-proxy is a light-weight DNS<-->HTTPS, non-caching translation proxy for the RFC 8484 DoH standard.
 It receives regular (UDP) DNS requests and issues them via DoH.
 Please see https://docs.openwrt.melmac.net/https-dns-proxy/ for more information.
 endef
 define Package/https-dns-proxy/conffiles
 /etc/config/https-dns-proxy
 endef
 define Package/https-dns-proxy/install
 	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d ${1}/etc/config
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/https_dns_proxy $(1)/usr/sbin/https-dns-proxy
 	$(INSTALL_BIN) ./files/https-dns-proxy.init $(1)/etc/init.d/https-dns-proxy
 	$(SED) "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/https-dns-proxy
 	$(INSTALL_CONF) ./files/https-dns-proxy.config $(1)/etc/config/https-dns-proxy
 endef
--- a/https-dns-proxy/files/https-dns-proxy.init
+++ b/https-dns-proxy/files/https-dns-proxy.init
@ -1,13 +1,25 @@
 #!/bin/sh /etc/rc.common
-# Copyright 2019 Stan Grishin (stangri@melmac.net)
+# Copyright 2019-2020 Stan Grishin (stangri@melmac.net)
 # shellcheck disable=SC2039
 PKG_VERSION='dev-test'
-export START=80
+# shellcheck disable=SC2034
-export USE_PROCD=1
+START=80
 # shellcheck disable=SC2034
 USE_PROCD=1
 if type extra_command 1>/dev/null 2>&1; then
 	extra_command 'version' 'Show version information'
 else
 # shellcheck disable=SC2034
 	EXTRA_COMMANDS='version'
 fi
 readonly PROG=/usr/sbin/https-dns-proxy
 dnsmasqConfig=''
 forceDNS='1'
-PROG=/usr/sbin/https-dns-proxy
+version() { echo "$PKG_VERSION"; }
 xappend() { param="$param $1"; }
@ -35,27 +47,27 @@ append_parm() {
 start_instance() {
 	local cfg="$1" param listen_addr listen_port i
-
+	append_parm "$cfg" 'resolver_url' '-r'
 	append_parm "$cfg" 'polling_interval' '-i'
 	append_parm "$cfg" 'listen_addr' '-a' '127.0.0.1'
 	append_parm "$cfg" 'listen_port' '-p' "$p"
 	append_parm "$cfg" 'dscp_codepoint' '-c'
 	append_parm "$cfg" 'bootstrap_dns' '-b'
 	append_parm "$cfg" 'resolver_url' '-r'
 	append_parm "$cfg" 'user' '-u' 'nobody'
 	append_parm "$cfg" 'group' '-g' 'nogroup'
 	append_parm "$cfg" 'edns_subnet' '-e'
 	append_parm "$cfg" 'proxy_server' '-t'
 	append_parm "$cfg" 'logfile' '-l'
 	append_bool "$cfg" 'use_http1' '-x'
 	config_get_bool ipv6_resolvers_only "$cfg" 'use_ipv6_resolvers_only' '0'
-	config_get verbosity "$cfg" 'verbosity' "0"
+	config_get verbosity "$cfg" 'verbosity' '0'
 # shellcheck disable=SC2086,SC2154
 	for i in $(seq 1 $verbosity); do
-		xappend "-v"
+		xappend '-v'
 	done
 # shellcheck disable=SC2154
 	if [ "$ipv6_resolvers_only" = 0 ]; then
-		xappend "-4"
+		xappend '-4'
 	fi
 	procd_open_instance
@ -80,19 +92,36 @@ start_instance() {
 	p="$((p+1))"
 }
-service_triggers() {
+is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; }
 	procd_add_reload_trigger 'https-dns-proxy'
 }
 start_service() {
 	local p=5053
 	config_load 'https-dns-proxy'
 	config_get dnsmasqConfig	'config' 'update_dnsmasq_config' '*'
 	config_get_bool forceDNS	'config' 'force_dns' '1'
 	dhcp_backup 'create'
 	config_load 'https-dns-proxy'
 	config_foreach start_instance 'https-dns-proxy'
-	if [ "$p" != "5053" ] && [ "$dnsmasqConfig" = "*" ]; then
+	if [ "$forceDNS" -ne 0 ]; then
-		uci -q del_list "dhcp.@dnsmasq[0].server=127.0.0.1#5353"
+		procd_open_instance 'main'
 		procd_set_param command /bin/true
 		procd_set_param stdout 1
 		procd_set_param stderr 1
 		procd_open_data
 		json_add_array firewall
 		json_add_object ''
 		json_add_string type redirect
 		json_add_string name https_dns_proxy_dns_redirect
 		json_add_string target DNAT
 		json_add_string src lan
 		json_add_string proto tcpudp
 		json_add_string src_dport 53
 		json_add_string dest_port 53
 		json_add_string reflection 0
 		json_close_object
 		json_close_array
 		procd_close_data
 		procd_close_instance
 	fi
 	if [ -n "$(uci -q changes dhcp)" ]; then
 		uci -q commit dhcp
@ -102,7 +131,7 @@ start_service() {
 stop_service() {
 	config_load 'https-dns-proxy'
-	config_get dnsmasqConfig	'config' 'update_dnsmasq_config' '*'
+	config_get dnsmasqConfig 'config' 'update_dnsmasq_config' '*'
 	dhcp_backup 'restore'
 	if [ -n "$(uci -q changes dhcp)" ]; then
 		uci -q commit dhcp
@ -111,9 +140,12 @@ stop_service() {
 }
 service_triggers() {
-		procd_add_reload_trigger 'https-dns-proxy'
+	procd_add_config_trigger "config.change" "https-dns-proxy" /etc/init.d/https-dns-proxy reload
 }
 service_started() { procd_set_config_changed firewall; }
 service_stopped() { procd_set_config_changed firewall; }
 dnsmasq_add_doh_server() {
 	local cfg="$1" address="$2" port="$3"
 	case $address in
--- a/iperf3/Makefile
+++ b/iperf3/Makefile
@ -1,84 +0,0 @@
 #
 # Copyright (C) 2007-2010 OpenWrt.org
 # Copyright (C) 2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 PKG_NAME:=iperf
 PKG_SOURCE_VERSION:=02a5f4755878b319f0db5ccd490daf61e6d76043
 PKG_VERSION:=3.7-$(PKG_SOURCE_VERSION)
 PKG_RELEASE:=2
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/esnet/iperf.git
 PKG_MAINTAINER:=Yannick Chabanois <ycarus@zugaina.org>
 PKG_LICENSE:=BSD-3-Clause
 PKG_BUILD_PARALLEL:=1
 PKG_INSTALL:=1
 PKG_FIXUP:=autoreconf
 include $(INCLUDE_DIR)/package.mk
 DISABLE_NLS:=
 define Package/iperf3/default
  SECTION:=net
  CATEGORY:=Network
  TITLE:=Internet Protocol bandwidth measuring tool
  URL:=https://github.com/esnet/iperf
 endef
 define Package/iperf3
 $(call Package/iperf3/default)
  VARIANT:=nossl
 endef
 define Package/iperf3-ssl
 $(call Package/iperf3/default)
  TITLE+= with iperf_auth support
  VARIANT:=ssl
  DEPENDS:= +libopenssl
 endef
 TARGET_CFLAGS += -D_GNU_SOURCE
 CONFIGURE_ARGS += --disable-shared
 ifeq ($(BUILD_VARIANT),ssl)
 	CONFIGURE_ARGS += --with-openssl="$(STAGING_DIR)/usr"
 else
 	CONFIGURE_ARGS += --without-openssl
 endif
 MAKE_FLAGS += noinst_PROGRAMS=
 define Package/iperf3/description
 Iperf is a modern alternative for measuring TCP and UDP bandwidth
 performance, allowing the tuning of various parameters and
 characteristics.
 endef
 # autoreconf fails if the README file isn't present
 define Build/Prepare
 	$(call Build/Prepare/Default)
 	touch $(PKG_BUILD_DIR)/README
 endef
 define Package/iperf3/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
 endef
 define Package/iperf3-ssl/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/iperf3 $(1)/usr/bin/
 endef
 $(eval $(call BuildPackage,iperf3))
 $(eval $(call BuildPackage,iperf3-ssl))
--- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass
+++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
@ -44,7 +44,34 @@ _bypass_domains() {
 	config_get intf $1 interface
 	config_get enabled $1 enabled
 	[ "$enabled" = "0" ] && return
-	_bypass_domain $domain $intf
+	if [ "$(echo $domain | grep '\.$')" != "" ] || [ "$(echo $domain | grep '\.\*$')" != "" ]; then
 		tlds=`curl --max-time 4 -s -k https://data.iana.org/TLD/tlds-alpha-by-domain.txt`
 		domain="$(echo '"$domain"' | sed 's:*::')"
 		domainlist=""
 		# construct list of domains to query
 		for tld in $tlds; do
 			i=$((i+1))
 			# trim off header
 			if [ "$i" -lt "12" ] || [ "$i" -gt "50" ]; then
 				continue
 			fi 
 			# add to command
 			domainlist="${domainlist} ${domain}${tld}"
 		done
 		domainlist="$(echo $domainlist  `# Get the list of valid domains, pass it to awk` \
 			| awk '{print tolower($0)}'   `# awk lowercases the whole string and passes it to ` \
 			| xargs -n8 -P12              `# xargs sends 8 arguments at a time to` \
 			dig a +timeout=1 +tries=1 +retry=1 +nocmd +noall +answer `# dig, which passes results (if any) to` \
 			| awk '{print $1}'            `# awk, which outputs queried domain to` \
 			| sed -e 's/.$//'             `# sed, which trims off the trailing dot (google.com. -> google.com)` to \
 			| grep $domain                `# grep, only keep wanted domain` \
 			| awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')" # deduplicate
 		for validdomain in $domainlist; do
 			_bypass_domain $validdomain $intf
 		done
 	else
 		_bypass_domain $domain $intf
 	fi
 }
 _bypass_domain() {
--- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
+++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
@ -497,6 +497,11 @@ function wizard_add()
 		ucic:save("openmptcprouter")
 	end
 	-- Get VPN used for MPTCP over VPN
 	local mptcpovervpn_vpn = luci.http.formvalue("mptcpovervpn_vpn") or "wireguard"
 	ucic:set("openmptcprouter","settings","mptcpovervpn",mptcpovervpn_vpn)
 	ucic:save("openmptcprouter")
 	-- Get Proxy set by default
 	local default_proxy = luci.http.formvalue("default_proxy") or "shadowsocks"
 	if default_proxy == "shadowsocks" and serversnb > 0 and serversnb > disablednb then
--- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
+++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm
@ -108,8 +108,8 @@
 		<label class="cbi-value-title"><%:Obfuscating type%></label>
 		<div class="cbi-value-field">
 		    <select class="cbi-input-select" name="obfs_type">
-			<option value="http" <% if luci.model.uci.cursor():get("shadowsocks-libev","tracker","obfs_type") == "http" then %>selected="selected"<% end %>>http</option>
+			<option value="http" <% if luci.model.uci.cursor():get("shadowsocks-libev","tracker_sss0","obfs_type") == "http" then %>selected="selected"<% end %>>http</option>
-			<option value="tls" <% if luci.model.uci.cursor():get("shadowsocks-libev","tracker","obfs_type") == "tls" then %>selected="selected"<% end %>>tls</option>
+			<option value="tls" <% if luci.model.uci.cursor():get("shadowsocks-libev","tracker_sss0","obfs_type") == "tls" then %>selected="selected"<% end %>>tls</option>
 		    </select>
 		</div>
 	    </div>
--- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
+++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
@ -365,6 +365,23 @@
 		</div>
 	    </div>
 	</fieldset>
 	<fieldset class="cbi-section" id="mptcpovervpn">
 	    <legend><%:MPTCP over VPN settings%></legend>
 	    <div class="cbi-section-descr"><%:MPTCP over VPN should be used only when Multipath TCP is blocked on a connection.%></div>
 	    <div class="cbi-value">
 		<label class="cbi-value-title"><%:MPTCP over VPN%></label>
 		<div class="cbi-value-field">
 		    <select class="cbi-input-select" name="mptcpovervpn_vpn" size="1">
 			<% if nixio.fs.access("/etc/init.d/openvpn") then %><option value="openvpn" <% if uci:get("openmptcprouter","settings","mptcpovervpn") == "openvpn" then %>selected="selected"<% end %>>OpenVPN</option><% end %>
 			<% if nixio.fs.access("/usr/bin/wg") then %><option value="wireguard" <% if uci:get("openmptcprouter","settings","mptcpovervpn") == "wireguard" or uci:get("openmptcprouter","settings","mptcpovervpn") == nil then %>selected="selected"<% end %>>WireGuard</option><% end %>
 		    </select>
 		    <br />
 		    <div class="cbi-value-description">
 		        <%:Set VPN to use for MPTCP over VPN.%>
 		    </div>
 		</div>
 	    </div>
 	</fieldset>
 	</span>
 	<hr />
 	<fieldset class="cbi-section" id="laninterfaces">
--- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
+++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
@ -810,9 +810,9 @@ function interfaces_status()
 		-- shadowsocksaddr
 		mArray.openmptcprouter["ss_addr"] = uci:get("openmptcprouter","omr","detected_ss_ipv4") or ""
 		if mArray.openmptcprouter["ss_addr"] == "" and mArray.openmptcprouter["service_addr"] ~= "" then
-			tracker_ip = uci:get("shadowsocks-libev","tracker","local_address") or ""
+			tracker_ip = uci:get("shadowsocks-libev","tracker_sss0","local_address") or ""
 			if tracker_ip ~= "" then
-				local tracker_port = uci:get("shadowsocks-libev","tracker","local_port")
+				local tracker_port = uci:get("shadowsocks-libev","tracker_sss0","local_port")
 				if mArray.openmptcprouter["external_check"] ~= false then
 					mArray.openmptcprouter["ss_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " " .. check_ipv4_website))
 					if mArray.openmptcprouter["ss_addr"] == "" then
--- a/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js
+++ b/luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js
@ -502,7 +502,35 @@ return view.extend({
 				ifname_multi.optional = true;
 				ifname_multi.network = ifc.getName();
 				ifname_multi.display_size = 6;
-				ifname_multi.write = ifname_multi.remove = function() {};
+				ifname_multi.write = ifname_multi.remove = function(section_id, value) {
 					var old_ifnames = [],
 					    devs = ifc.getDevices() || L.toArray(ifc.getDevice());
 					for (var i = 0; i < devs.length; i++)
 						old_ifnames.push(devs[i].getName());
 					var new_ifnames = L.toArray(value);
 					if (!value)
 						new_ifnames.length = Math.max(new_ifnames.length, 1);
 					old_ifnames.sort();
 					new_ifnames.sort();
 					for (var i = 0; i < Math.max(old_ifnames.length, new_ifnames.length); i++) {
 						if (old_ifnames[i] != new_ifnames[i]) {
 							// backup_ifnames()
 							for (var j = 0; j < old_ifnames.length; j++)
 								ifc.deleteDevice(old_ifnames[j]);
 							for (var j = 0; j < new_ifnames.length; j++)
 								ifc.addDevice(new_ifnames[j]);
 							break;
 						}
 					}
 				};
 				ifname_single.cfgvalue = ifname_multi.cfgvalue = function(section_id) {
 					var devs = ifc.getDevices() || L.toArray(ifc.getDevice()),
@ -839,7 +867,7 @@ return view.extend({
 										else if (ifname_master.isActive('_new_')) {
 											uci.set('network', section_id, 'type', 'macvlan');
 											uci.set('network', section_id, 'ifname', section_id);
-											uci.set('network', section_id, 'masterintf', L.toArray(ifname_multi.formvalue('_new_')).join(' '));
+											uci.set('network', section_id, 'masterintf', L.toArray(ifname_master.formvalue('_new_')).join(' '));
 										}
 									}).then(L.bind(m.children[0].renderMoreOptionsModal, m.children[0], nameval));
--- a/openmptcprouter-full/Makefile
+++ b/openmptcprouter-full/Makefile
@ -81,7 +81,8 @@ MY_DEPENDS := \
    !TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 \
    luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang (TARGET_x86_64||aarch64):kmod-tcp-bbr2 iptables-mod-ipopt igmpproxy ss iptraf-ng \
    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-wolfssl (TARGET_x86||TARGET_x86_64):kmod-ixgbevf \
-    hwinfo (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade
+    hwinfo (TARGET_x86||TARGET_x86_64):dmidecode luci-app-packet-capture kmod-bonding luci-proto-bonding luci-app-sysupgrade \
    luci-theme-openwrt-2020 luci-proto-wireguard luci-app-wireguard
 #     luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status
 #  luci-proto-bonding luci-app-statistics luci-proto-gre
 #    softethervpn5-client softethervpn5-server luci-app-nginx-ha
--- a/openmptcprouter/files/etc/init.d/mptcpovervpn
+++ b/openmptcprouter/files/etc/init.d/mptcpovervpn
@ -9,7 +9,10 @@
 }
 _getremoteip() {
-	[ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}')
+	[ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && {
 		remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}')
 		wg_server_key=$(uci -q get openmptcprouter.$1.wgkey)
 	}
 }
 mptcp_over_vpn() {
@ -20,19 +23,22 @@ mptcp_over_vpn() {
 			uci -q batch <<-EOF >/dev/null
 				delete openmptcprouter.${interface}
 				delete network.ovpn${interface}
 				delete network.wg${interface}
 				delete openvpn.${interface}
 				commit openvpn
 				delete openmptcprouter.${interface}
 				delete openmptcprouter.ovpn${interface}
 				delete openmptcprouter.wg${interface}
 				commit openmptcprouter
 				commit network
 				del_list firewall.zone_vpn.network="ovpn${interface}"
 				del_list firewall.zone_vpn.network="wg${interface}"
 				commit firewall
 			EOF
 			return
 		fi
 		nbintfvpn=$(($nbintfvpn+1))
-		if [ "$(uci -q get network.ovpn${interface})" = "" ]; then
+		if [ "$(uci -q get network.ovpn${interface})" = "" ] && [ "$vpn" = "openvpn" ]; then
 			logger -t "MPTCPoverVPN" "Enable MPTCP over VPN for ${interface}"
 			id=$(uci -q get network.${interface}.metric)
 			remoteip=""
@ -43,42 +49,108 @@ mptcp_over_vpn() {
 			[ -n "$(uci -q get openmptcprouter.ovpn${interface}.multipath)" ] && multipath=$(uci -q get openmptcprouter.ovpn${interface}.multipath)
 			[ -z "$multipath" ] && multipath="on"
 			uci -q batch <<-EOF >/dev/null
-				set network.ovpn${interface}=interface
+				delete network.wg${interface}
-				set network.ovpn${interface}.ifname="tun${id}"
+				delete openmptcprouter.wg${interface}
 				set network.ovpn${interface}.defaultroute='0'
 				set network.ovpn${interface}.peerdns='0'
 				set network.ovpn${interface}.proto='none'
 				set network.ovpn${interface}.ip4table='wan'
 				set network.ovpn${interface}.multipath="${multipath}"
 				set network.${interface}.multipath='off'
 				commit network
 				set openvpn.${interface}=openvpn
 				set openvpn.${interface}.dev="tun${id}"
 				set openvpn.${interface}.cipher='AES-256-CBC'
 				set openvpn.${interface}.port='65301'
 				set openvpn.${interface}.remote="${remoteip}"
 				set openvpn.${interface}.local="${localip}"
 				set openvpn.${interface}.lport='0'
 				set openvpn.${interface}.ncp_disable='1'
 				set openvpn.${interface}.auth_nocache='1'
 				set openvpn.${interface}.proto='udp'
 				set openvpn.${interface}.client='1'
 				set openvpn.${interface}.enabled='1'
 				set openvpn.${interface}.allow_recursive_routing='1'
 				set openvpn.${interface}.key='/etc/luci-uploads/client.key'
 				set openvpn.${interface}.cert='/etc/luci-uploads/client.crt'
 				set openvpn.${interface}.ca='/etc/luci-uploads/ca.crt'
 				commit openvpn
 				set openmptcprouter.${interface}.multipath="off"
 				set openmptcprouter.${interface}.multipathvpn="1"
 				set openmptcprouter.ovpn${interface}="interface"
 				set openmptcprouter.ovpn${interface}.multipath="${multipath}"
 				set openmptcprouter.ovpn${interface}.vpn="1"
 				set openmptcprouter.ovpn${interface}.baseintf="${interface}"
 				commit openmptcprouter
-				add_list firewall.zone_vpn.network="ovpn${interface}"
+				commit network
 				del_list firewall.zone_vpn.network="wg${interface}"
 				commit firewall
 			EOF
 				uci -q batch <<-EOF >/dev/null
 					set network.ovpn${interface}=interface
 					set network.ovpn${interface}.ifname="tun${id}"
 					set network.ovpn${interface}.defaultroute='0'
 					set network.ovpn${interface}.peerdns='0'
 					set network.ovpn${interface}.proto='none'
 					set network.ovpn${interface}.ip4table='wan'
 					set network.ovpn${interface}.multipath="${multipath}"
 					set network.${interface}.multipath='off'
 					commit network
 					set openvpn.${interface}=openvpn
 					set openvpn.${interface}.dev="tun${id}"
 					set openvpn.${interface}.cipher='AES-256-CBC'
 					set openvpn.${interface}.port='65301'
 					set openvpn.${interface}.remote="${remoteip}"
 					set openvpn.${interface}.local="${localip}"
 					set openvpn.${interface}.lport='0'
 					set openvpn.${interface}.ncp_disable='1'
 					set openvpn.${interface}.auth_nocache='1'
 					set openvpn.${interface}.proto='udp'
 					set openvpn.${interface}.client='1'
 					set openvpn.${interface}.enabled='1'
 					set openvpn.${interface}.allow_recursive_routing='1'
 					set openvpn.${interface}.key='/etc/luci-uploads/client.key'
 					set openvpn.${interface}.cert='/etc/luci-uploads/client.crt'
 					set openvpn.${interface}.ca='/etc/luci-uploads/ca.crt'
 					commit openvpn
 					set openmptcprouter.${interface}.multipath="off"
 					set openmptcprouter.${interface}.multipathvpn="1"
 					set openmptcprouter.ovpn${interface}="interface"
 					set openmptcprouter.ovpn${interface}.multipath="${multipath}"
 					set openmptcprouter.ovpn${interface}.vpn="1"
 					set openmptcprouter.ovpn${interface}.baseintf="${interface}"
 					commit openmptcprouter
 					add_list firewall.zone_vpn.network="ovpn${interface}"
 					commit firewall
 				EOF
 		elif [ "$(uci -q get network.wg${interface})" = "" ] && [ "$vpn" = "wireguard" ]; then
 			logger -t "MPTCPoverVPN" "Enable MPTCP over VPN for ${interface}"
 			id=$(uci -q get network.${interface}.metric)
 			remoteip=""
 			wg_server_key=""
 			config_load openmptcprouter
 			config_foreach _getremoteip server
 			metric=$(uci -q get network.${interface}.metric)
 			[ -z "$(uci -q get openmptcprouter.wg${interface}.multipath)" ] && multipath=$(uci -q get network.${interface}.multipath)
 			[ -n "$(uci -q get openmptcprouter.wg${interface}.multipath)" ] && multipath=$(uci -q get openmptcprouter.wg${interface}.multipath)
 			[ -z "$multipath" ] && multipath="on"
 				private_key=$(wg genkey | tr -d "\n")
 				public_key=$(echo $private_key | wg pubkey | tr -d "\n")
 			uci -q batch <<-EOF >/dev/null
 				delete network.ovpn${interface}
 				delete openvpn.${interface}
 				commit openvpn
 				delete openmptcprouter.ovpn${interface}
 				commit openmptcprouter
 				commit network
 				del_list firewall.zone_vpn.network="ovpn${interface}"
 				commit firewall
 			EOF
 				uci -q batch <<-EOF >/dev/null
 					set network.wg${interface}=interface
 					set network.wg${interface}.nohostroute='1'
 					set network.wg${interface}.proto='wireguard'
 					set network.wg${interface}.fwmark="0x539${metric}"
 					del_list network.wg${interface}.addresses
 					add_list network.wg${interface}.addresses='10.255.247.${metric}/24'
 					set network.wg${interface}.private_key="${private_key}"
 					set network.wg${interface}.gateway="10.255.247.1"
 					set network.wg${interface}.public_key="${public_key}"
 					set network.wg${interface}.multipath="${multipath}"
 					set network.${interface}.multipath='off'
 					add network wireguard_wg${interface}
 					set network.@wireguard_wg${interface}[0]=wireguard_wg${interface}
 					set network.@wireguard_wg${interface}[0].description="Wireguard on ${interface}"
 					set network.@wireguard_wg${interface}[0].endpoint_host="${remoteip}"
 					set network.@wireguard_wg${interface}[0].endpoint_port="65311"
 					set network.@wireguard_wg${interface}[0].persistent_keepalive="28"
 					del_list network.@wireguard_wg${interface}[0].allowed_ips
 					add_list network.@wireguard_wg${interface}[0].allowed_ips="0.0.0.0/0"
 					set network.@wireguard_wg${interface}[0].public_key="${wg_server_key}"
 					commit network
 					set openmptcprouter.${interface}.multipath="off"
 					set openmptcprouter.${interface}.multipathvpn="1"
 					set openmptcprouter.wg${interface}="interface"
 					set openmptcprouter.wg${interface}.multipath="${multipath}"
 					set openmptcprouter.wg${interface}.vpn="1"
 					set openmptcprouter.wg${interface}.baseintf="${interface}"
 					commit openmptcprouter
 					add_list firewall.zone_vpn.network="wg${interface}"
 					commit firewall
 				EOF
 			ubus call network reload 2>&1 >/dev/null
 		else
 			uci -q batch <<-EOF >/dev/null
 				set network.${interface}.multipath='off'
@ -92,6 +164,7 @@ mptcp_over_vpn() {
 		multipath=$(uci -q get openmptcprouter.ovpn${interface}.multipath)
 		[ -z "$multipath" ] && multipath="on"
 		uci -q batch <<-EOF >/dev/null
 			delete network.wg${interface}
 			delete network.ovpn${interface}
 			delete openvpn.${interface}
 			commit openvpn
@ -99,13 +172,16 @@ mptcp_over_vpn() {
 			set network.${interface}.multipath="${multipath}"
 			set openmptcprouter.${interface}.multipathvpn="0"
 			delete openmptcprouter.ovpn${interface}
 			delete openmptcprouter.wg${interface}
 			commit openmptcprouter
 			commit network
 			del_list firewall.zone_vpn.network="ovpn${interface}"
 			del_list firewall.zone_vpn.network="wg${interface}"
 			commit firewall
 		EOF
 	elif [ "$(uci -q get openmptcprouter.${interface}.vpn)" = "1" ]; then
 		intf="$(echo ${interface} | sed 's/ovpn//g')"
 		[ "$intf" = "$interface" ] && intf="$(echo ${interface} | sed 's/wg//g')"
 		if [ -n "$intf" ] && [ "$intf" != "$interface" ] && [ "$(uci -q get network.${intf})" = "" ]; then
 			uci -q batch <<-EOF >/dev/null
 				delete network.${interface}
@ -126,6 +202,8 @@ start_service()
 {
 	nbintf=0
 	nbintfvpn=0
 	vpn="$(uci -q get openmptcprouter.settings.mptcpovervpn)"
 	[ -z "$vpn" ] && vpn="openvpn"
 	config_load openmptcprouter
 	config_foreach mptcp_over_vpn interface
 	if [ "$nbintf" = "$nbintfvpn" ] &&  [ "$nbintf" != "0" ]; then
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@ -140,6 +140,29 @@ _set_openvpn_vps() {
 	fi
 }
 _set_wireguard_vps() {
 	local enabled port key
 	ipskey=""
 	_get_wg_ipskey() {
 		local interface=$1
 		proto=$(uci -q get network.${interface}.proto)
 		if [ "$proto" = "wireguard" ]; then
 			ip="$(uci -q get network.${interface}.addresses)"
 			key="$(uci -q get network.${interface}.public_key)"
 			if [ -z "$ipskey" ]; then
 				ipskey='{"ip": "'$ip'", "key": "'$key'"}'
 			else
 				ipskey=$ipskey',{"ip": "'$ip'", "key": "'$key'"}'
 			fi
 		fi
 	}
 	config_load network
 	config_foreach _get_wg_ipskey interface
 	local settings
 	settings='{"peers": ['$ipskey']}'
 	echo $(_set_json "wireguard" "$settings")
 }
 get_openvpn_key() {
 	servername=$2
 	[ -z "$vps_config" ] && vps_config=$(_get_json "config")
@ -728,14 +751,28 @@ _set_wan_ip() {
 	fi
 }
 _get_lan_ip() {
 	local intf=$1
 	if [ "$(uci -q get firewall.zone_lan.network | grep $intf)" != "" ]; then
 		lanip="$(uci -q get network.${intf}.ipaddr)/$(uci -q get network.${intf}.netmask)"
 		if [ "$lanip" != "/" ]; then
 			if [ -z "$lanips" ]; then
 				lanips='"'${lanip}'"'
 			else
 				lanips='"'$lanips'" "'${lanip}'"'
 			fi
 		fi
 	fi
 }
 _set_lan_ip() {
 	local settings
 	[ -z "$vps_config" ] && vps_config=$(_get_json "config")
 	[ -z "$vps_config" ] && return
-	lanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.lan.ips')"
+	#lanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.lan.ips')"
-	lanips="$(uci -q get network.lan.ipaddr)/$(uci -q get network.lan.netmask)"
+	#if [ "$lanips" != "" ] && [ "$lanip_current" != "$lanips" ]; then
-	if [ "$lanips" != "/" ] && [ "$lanip_current" != "$lanips" ]; then
+	if [ "$lanips" != "" ]; then
-		settings='{"lanips" : ["'$lanips'"]}'
+		settings='{"lanips" : ['$lanips']}'
 		result=$(_set_json "lan" "$settings")
 	fi
 }
@ -814,6 +851,7 @@ _vps_firewall_redirect_port() {
 		EOF
 		src_dport='2-64999'
 	fi
 	[ -n "$src_dport" ] && src_dport=$(echo $src_dport | sed 's/:/-/')
 	if [ -n "$src_dport" ] && [ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ]; then
 		logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
 		enabled="0"
@ -1371,6 +1409,12 @@ _set_config_from_vps() {
 		set openmptcprouter.${servername}.redirect_ports=$redirect
 	EOF
 	# Wireguard settings
 	wireguard_key="$(echo "$vps_config" | jsonfilter -q -e '@.wireguard.key')"
 	uci -q batch <<-EOF >/dev/null
 		set openmptcprouter.${servername}.wgkey=$wireguard_key
 	EOF
 	# MPTCP settings
 	mptcp_path_manager="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')"
 	mptcp_scheduler="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')"
@ -1684,6 +1728,7 @@ _config_service() {
 		[ -z "$(_set_glorytun_vps)" ] && error=1
 		[ -z "$(_set_openvpn_vps)" ] && error=1
 		_set_vps_firewall
 		_set_wireguard_vps
 	fi
 	_backup_list
 	redirect_port="0"
@ -1700,9 +1745,11 @@ _config_service() {
 	#_set_pihole
 	[ -n "$wanips" ] && _set_wan_ip
 	_set_lan_ip
 	_set_vpn_ip
 	config_load network
 	lanips=""
 	config_foreach _get_lan_ip interface
 	_set_lan_ip
 	config_foreach _delete_client2client route
 	if [ "$(uci -q get openmptcprouter.settings.vpn)" != "openvpn" ] && [ "$(echo "$vps_config" | jsonfilter -q -e '@.client2client.enabled')" == "true" ]; then
 		_set_client2client
--- a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
+++ b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
@ -6,6 +6,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			set unbound.@unbound[-1].protocol="ip4_only"
 			set unbound.@unbound[-1].enabled=1
 			set unbound.@unbound[-1].recursion="aggressive"
 			set unbound.@unbound[-1].validator='1'
 			set unbound.@unbound[-1].validator_ntp='1'
 			commit unbound
 		EOF
 	fi
@ -13,6 +15,7 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 		uci -q batch <<-EOF >/dev/null
 			add_list dhcp.@dnsmasq[-1].server="127.0.0.1#5353"
 			add_list dhcp.@dnsmasq[-1].server="/lan/"
 			set dhcp.@dnsmasq[-1].dnssec='1'
 			commit dhcp
 		EOF
 	fi
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@ -105,14 +105,14 @@ if [ "$(uci -q show firewall | grep ICMPv6-Lan-to-OMR)" = "" ]; then
 		commit firewall
 	EOF
 fi
-uci -q batch <<-EOF >/dev/null
+#uci -q batch <<-EOF >/dev/null
-	del_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
+#	del_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
-	del_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
+#	del_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
-	del_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
+#	del_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
-	add_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
+#	add_list firewall.zone_wan.masq_dest='!10.0.0.0/8'
-	add_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
+#	add_list firewall.zone_wan.masq_dest='!172.16.0.0/12'
-	add_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
+#	add_list firewall.zone_wan.masq_dest='!192.168.0.0/16'
-EOF
+#EOF
 if [ "$(ubus call system board | jsonfilter -e '@.board_name')" = "bananapi,bpi-r2" ] || [ "$(ubus call system board | jsonfilter -e '@.board_name' | grep -i wrt)" != "" ]; then
 	uci -q batch <<-EOF >/dev/null
 	set firewall.@defaults[0].flow_offloading='1'
--- a/shadowsocks-libev/Makefile
+++ b/shadowsocks-libev/Makefile
@ -14,12 +14,12 @@ include $(TOPDIR)/rules.mk
 # - check if default mode has changed from being tcp_only
 #
 PKG_NAME:=shadowsocks-libev
-PKG_VERSION:=3.3.4
+PKG_VERSION:=3.3.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)
-PKG_HASH:=fce47a956fad0c30def9c71821bcec450a40d3f881548e31e66cedf262b89eb1
+PKG_HASH:=cfc8eded35360f4b67e18dc447b0c00cddb29cc57a3cec48b135e5fb87433488
 PKG_MAINTAINER:=Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
--- a/shadowsocks-libev/patches/020-NOCRYPTO.patch
+++ b/shadowsocks-libev/patches/020-NOCRYPTO.patch
@ -40,8 +40,8 @@ index 0186ccc4..57fa318b 100644
 {
     local cur prev opts ciphers
     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --fast-open --acl --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
     cur=${COMP_WORDS[COMP_CWORD]}
     prev="${COMP_WORDS[COMP_CWORD-1]}"
     case "$prev" in
@ -53,8 +53,8 @@ index d3168a3b..de13c9e9 100644
 {
     local cur prev opts ciphers
     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -v -h --reuse-port --manager-address --executable --mtu --mptcp --plugin --plugin-opts --help'
-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
     cur=${COMP_WORDS[COMP_CWORD]}
     prev="${COMP_WORDS[COMP_CWORD-1]}"
     case "$prev" in
@ -65,9 +65,9 @@ index 9a14efe8..fdc7b21e 100644
@@ -2,7 +2,7 @@ _ss_redir()
 {
     local cur prev opts ciphers
-     opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
+     opts='-s -p -l -k -m -a -f -t -c -n -b -u -U -T -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
     cur=${COMP_WORDS[COMP_CWORD]}
     prev="${COMP_WORDS[COMP_CWORD-1]}"
     case "$prev" in
@ -80,9 +80,9 @@ index cec983ce..d8f3c298 100644
 {
     local cur prev opts ciphers
 -    opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --no-delay --key --plugin --plugin-opts --help'
-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
 +    opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -6 -d -v -h --reuse-port --fast-open --acl --manager-address --mtu --mptcp --key --plugin --plugin-opts --help'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
     COMPREPLY=()
     cur=${COMP_WORDS[COMP_CWORD]}
     prev="${COMP_WORDS[COMP_CWORD-1]}"
@ -94,8 +94,8 @@ index 707dc7a9..2e119098 100644
 {
     local cur prev opts ciphers
     opts='-s -p -l -k -m -a -f -t -c -n -i -b -u -U -L -v -h --reuse-port --mtu --mptcp --key --plugin --plugin-opts --help'
-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+-    ciphers='rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
-+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
+    ciphers='none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf'
     cur=${COMP_WORDS[COMP_CWORD]}
     prev="${COMP_WORDS[COMP_CWORD-1]}"
     compopt +o nospace
@ -107,8 +107,8 @@ index c56ed521..8b12b767 100644
 #compdef ss-local
 local ciphers
-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
 _arguments "-h::" \
            "-s:server host:_hosts" \
@ -120,8 +120,8 @@ index 3e65f6c8..66c101a1 100644
 #compdef ss-manager
 local ciphers
-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
 _arguments "-h::" \
            "-s:server host:_hosts" \
@ -133,8 +133,8 @@ index 4f3b065e..6ef867f3 100644
 #compdef ss-redir
 local ciphers
-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
 _arguments "-h::" \
            "-s:server host:_hosts" \
@ -146,8 +146,8 @@ index 8d9f4316..76bae33c 100644
 #compdef ss-server
 local ciphers
-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
 _arguments "-h::" \
            "-s:server host:_hosts" \
@ -159,8 +159,8 @@ index 5a269900..248451f9 100644
 #compdef ss-tunnel
 local ciphers
-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+-ciphers='(rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
-+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
+ciphers='(none rc4-md5 aes-128-gcm aes-192-gcm aes-256-gcm aes-128-cfb aes-192-cfb aes-256-cfb aes-128-ctr aes-192-ctr aes-256-ctr camellia-128-cfb camellia-192-cfb camellia-256-cfb bf-cfb chacha20-ietf-poly1305 xchacha20-ietf-poly1305 salsa20 chacha20 chacha20-ietf)'
 _arguments "-h::" \
            "-s:server host:_hosts" \
--- a/whois/Makefile
+++ b/whois/Makefile
@ -1,46 +0,0 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=whois
 PKG_VERSION:=5.5.7
 PKG_RELEASE:=1
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(BUILD_VARIANT)/$(PKG_NAME)
 PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/w/whois
 PKG_HASH:=3efa700dbf38d127c31b21af3176cd6e5a69f96a056be60ac1dcd13df7717393
 PKG_CAT:=xzcat
 PKG_INSTALL:=1
 PKG_BUILD_PARALLEL:=1
 include $(INCLUDE_DIR)/package.mk
 define Package/whois
  SECTION:=net
  CATEGORY:=Network
  TITLE:=WHOIS commandline utility
  URL:=http://ftp.debian.org/debian/pool/main/w/whois
  MAINTAINER:=Kihamo <dev@kihamo.ru>
 endef
 define Package/whois/description
  Utility to display information from WHOIS servers
 endef
 define Package/whois/conffiles
 /etc/whois.conf
 endef
 MAKE_FLAGS += \
 	prefix=$(PKG_BUILD_DIR)
 define Package/whois/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/whois $(1)/usr/sbin
 	$(INSTALL_DIR) $(1)/etc
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/whois.conf $(1)/etc/whois.conf
 endef
 $(eval $(call BuildPackage,whois))