Fix gre-tunnel

2025-03-09 15:40:03 +00:00 · 2020-07-22 20:32:50 +02:00 · 2020-07-22 20:32:50 +02:00 · 48259f7502
commit 48259f7502
parent 0ba988bc89
2 changed files with 43 additions and 6 deletions
--- a/openmptcprouter/files/etc/firewall.gre-tunnel
+++ b/openmptcprouter/files/etc/firewall.gre-tunnel
@ -3,10 +3,47 @@

 _setup_rules() {
 	config_get lookup $1 lookup
-	[ -z "$(ip rule list fwmark 0x${lookup})" ] && {
+	[ -n "$lookup" ] && [ -z "$(ip rule list fwmark 0x${lookup})" ] && {
 		ip rule add fwmark 0x${lookup} table ${lookup} pref 2
 	}
 }

+_setup_routes() {
+	config_get lookup $1 lookup
+	config_get gateway $1 gateway
+	intf=$(ifstatus | jsonfilter -e '@.l3_device' | tr -d "\n")
+	ip route replace default via $gateway dev $intf table $lookup
+}
 config_load network
-config_foreach _setup_rules interface
+config_foreach _setup_rules interface
+config_foreach _setup_routes interface
+
+_setup_fw() {
+	config_get src_ips_forward $1 src_ips_forward
+	config_get redir_tcp $1 redir_tcp
+	config_get ifnames $1 ifnames
+	lookup="$(uci -q get network.${redir_tcp}.lookup)"
+	rule=""
+	[ -n "$src_ips_forward" ] && rule="$rule -s $(echo "${src_ips_forward}" | sed 's/ /,/g')"
+	[ -n "$ifnames" ] && rule="$rule -i $(echo "${ifnames}" | sed 's/ /-i /g')"
+	if [ -n "$rule" ] && [ -n "$lookup" ]; then
+		iptables-save --counters | grep -v "0x${lookup}" | iptables-restore -w --counters
+		iptables-restore -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-gre-tunnel ${rule} -j MARK --set-mark 0x${lookup}
+			COMMIT
+		EOF
+	fi
+}
+
+if [ -z "$(iptables-save | grep omr-gre-tunnel)" ]; then
+	iptables-restore -w --wait=60  --noflush <<-EOF
+		*mangle
+		:omr-gre-tunnel -
+		-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-gre-tunnel
+		COMMIT
+	EOF
+fi
+
+config_load shadowsocks-libev
+config_foreach _setup_fw ss_rules
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@ -397,16 +397,16 @@ _get_gre_tunnel() {
 					set network.omrip${i}.label="Tunnel for $publicaddr"
 					set network.omrip${i}.proto=static
 					set network.omrip${i}.nohostroute='1'
-					set network.omrip${i}.ifname="@omrip${i}"
+					set network.omrip${i}.ifname="@omrip${i}gre"
 					set network.omrip${i}.ipv6='0'
 					set network.omrip${i}.defaultroute='0'
 					set network.omrip${i}.multipath='off'
 					set network.omrip${i}.peerdns='0'
 					set network.omrip${i}.ip4table='vpn'
-					set network.omrip${i}.gateway="$peeraddr"
-					set network.omrip${i}.ipaddr="$ipaddr"
+					set network.omrip${i}.gateway="$ipaddr"
+					set network.omrip${i}.ipaddr="$peeraddr"
 					set network.omrip${i}.netmask="255.255.255.252"
-					set network.omrip${i}.lookup="6670"
+					set network.omrip${i}.lookup="667${i}"
 					commit network
 					add_list firewall.zone_vpn.network="omrip${i}gre"
 					add_list firewall.zone_vpn.network="omrip${i}"