From 48259f75020ebc18351d80892f473c262307a3f7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 22 Jul 2020 20:32:50 +0200 Subject: [PATCH] Fix gre-tunnel --- openmptcprouter/files/etc/firewall.gre-tunnel | 41 ++++++++++++++++++- .../files/etc/init.d/openmptcprouter-vps | 8 ++-- 2 files changed, 43 insertions(+), 6 deletions(-) diff --git a/openmptcprouter/files/etc/firewall.gre-tunnel b/openmptcprouter/files/etc/firewall.gre-tunnel index ec631582b..037f135f7 100644 --- a/openmptcprouter/files/etc/firewall.gre-tunnel +++ b/openmptcprouter/files/etc/firewall.gre-tunnel @@ -3,10 +3,47 @@ _setup_rules() { config_get lookup $1 lookup - [ -z "$(ip rule list fwmark 0x${lookup})" ] && { + [ -n "$lookup" ] && [ -z "$(ip rule list fwmark 0x${lookup})" ] && { ip rule add fwmark 0x${lookup} table ${lookup} pref 2 } } +_setup_routes() { + config_get lookup $1 lookup + config_get gateway $1 gateway + intf=$(ifstatus | jsonfilter -e '@.l3_device' | tr -d "\n") + ip route replace default via $gateway dev $intf table $lookup +} config_load network -config_foreach _setup_rules interface \ No newline at end of file +config_foreach _setup_rules interface +config_foreach _setup_routes interface + +_setup_fw() { + config_get src_ips_forward $1 src_ips_forward + config_get redir_tcp $1 redir_tcp + config_get ifnames $1 ifnames + lookup="$(uci -q get network.${redir_tcp}.lookup)" + rule="" + [ -n "$src_ips_forward" ] && rule="$rule -s $(echo "${src_ips_forward}" | sed 's/ /,/g')" + [ -n "$ifnames" ] && rule="$rule -i $(echo "${ifnames}" | sed 's/ /-i /g')" + if [ -n "$rule" ] && [ -n "$lookup" ]; then + iptables-save --counters | grep -v "0x${lookup}" | iptables-restore -w --counters + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-gre-tunnel ${rule} -j MARK --set-mark 0x${lookup} + COMMIT + EOF + fi +} + +if [ -z "$(iptables-save | grep omr-gre-tunnel)" ]; then + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + :omr-gre-tunnel - + -I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-gre-tunnel + COMMIT + EOF +fi + +config_load shadowsocks-libev +config_foreach _setup_fw ss_rules \ No newline at end of file diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 9a54f5202..841fe88db 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -397,16 +397,16 @@ _get_gre_tunnel() { set network.omrip${i}.label="Tunnel for $publicaddr" set network.omrip${i}.proto=static set network.omrip${i}.nohostroute='1' - set network.omrip${i}.ifname="@omrip${i}" + set network.omrip${i}.ifname="@omrip${i}gre" set network.omrip${i}.ipv6='0' set network.omrip${i}.defaultroute='0' set network.omrip${i}.multipath='off' set network.omrip${i}.peerdns='0' set network.omrip${i}.ip4table='vpn' - set network.omrip${i}.gateway="$peeraddr" - set network.omrip${i}.ipaddr="$ipaddr" + set network.omrip${i}.gateway="$ipaddr" + set network.omrip${i}.ipaddr="$peeraddr" set network.omrip${i}.netmask="255.255.255.252" - set network.omrip${i}.lookup="6670" + set network.omrip${i}.lookup="667${i}" commit network add_list firewall.zone_vpn.network="omrip${i}gre" add_list firewall.zone_vpn.network="omrip${i}"