From becf56df854590ab67265c7d7d4d171683b68638 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 25 Jan 2021 16:42:49 +0100 Subject: [PATCH 01/16] Fix issue when VPS have multiples IPs and IPs are redirected to multiples LAN IP --- shadowsocks-libev/files/ss-rules | 46 ++++++++++++------------- shadowsocks-libev/files/ss-rules6 | 48 +++++++++++++-------------- v2ray-core/files/usr/bin/v2ray-rules | 44 ++++++++++++------------ v2ray-core/files/usr/bin/v2ray-rules6 | 40 +++++++++++----------- 4 files changed, 89 insertions(+), 89 deletions(-) diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules index 732d9d620..74373efc3 100755 --- a/shadowsocks-libev/files/ss-rules +++ b/shadowsocks-libev/files/ss-rules @@ -125,28 +125,28 @@ ss_rules_flush() { iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip route flush table 100 || true - for setname in $(ipset -n list | grep "ss_rules_"); do + for setname in $(ipset -n list | grep "ssr_${rule}"); do ipset destroy "$setname" 2>/dev/null || true done } ss_rules_ipset_init() { ipset --exist restore <<-EOF - create ss_rules_src_bypass hash:net hashsize 64 - create ss_rules_src_forward hash:net hashsize 64 - create ss_rules_src_checkdst hash:net hashsize 64 - create ss_rules_dst_bypass_all hash:net hashsize 64 - create ss_rules_dst_bypass hash:net hashsize 64 - create ss_rules_dst_bypass_ hash:net hashsize 64 - create ss_rules_dst_forward hash:net hashsize 64 + create ssr_${rule}_src_bypass hash:net hashsize 64 + create ssr_${rule}_src_forward hash:net hashsize 64 + create ssr_${rule}_src_checkdst hash:net hashsize 64 + create ssr_rules_dst_bypass_all hash:net hashsize 64 + create ssr_${rule}_dst_bypass hash:net hashsize 64 + create ssr_${rule}_dst_bypass_ hash:net hashsize 64 + create ssr_${rule}_dst_forward hash:net hashsize 64 create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600 - $(ss_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") + $(ss_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") $(ss_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all") - $(ss_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") - $(ss_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass") - $(ss_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward") - $(ss_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst") - $(ss_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") + $(ss_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") + $(ss_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass") + $(ss_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward") + $(ss_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst") + $(ss_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") EOF } @@ -192,9 +192,9 @@ ss_rules_iptchains_init_tcp() { *nat :ssr_${rule}_local_out - -I OUTPUT 1 -p tcp -j ssr_${rule}_local_out - -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN -A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN -A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT @@ -250,19 +250,19 @@ ss_rules_iptchains_init_() { :ssr_${rule}_dst - :ssr_${rule}_forward - $(ss_rules_iptchains_mkprerules "$proto") - -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A ssr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539 -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A ssr_${rule}_pre_src -m mark --mark 0x539 -j RETURN -A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A ssr_${rule}_pre_src -p $proto $o_ipt_extra -j ssr_${rule}_src - -A ssr_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN - -A ssr_${rule}_src -m set --match-set ss_rules_src_forward src -j ssr_${rule}_forward - -A ssr_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ssr_${rule}_dst + -A ssr_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN + -A ssr_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j ssr_${rule}_forward + -A ssr_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j ssr_${rule}_dst -A ssr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ssr_${rule}_forward + -A ssr_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j ssr_${rule}_forward $recentrst_addset_rules -A ssr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6 index 1c25b43bf..c114dc268 100755 --- a/shadowsocks-libev/files/ss-rules6 +++ b/shadowsocks-libev/files/ss-rules6 @@ -108,28 +108,28 @@ ss_rules6_flush() { ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip -f inet6 route flush table 100 || true - for setname in $(ipset -n list | grep "ss_rules6_"); do + for setname in $(ipset -n list | grep "ssr6_${rule}"); do ipset destroy "$setname" 2>/dev/null || true done } ss_rules6_ipset_init() { ipset --exist restore <<-EOF - create ss_rules6_src_bypass hash:net family inet6 hashsize 64 - create ss_rules6_src_forward hash:net family inet6 hashsize 64 - create ss_rules6_src_checkdst hash:net family inet6 hashsize 64 - create ss_rules6_dst_bypass hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64 create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64 - create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64 - create ss_rules6_dst_forward hash:net family inet6 hashsize 64 - create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600 - $(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") + create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600 + $(ss_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") $(ss_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") - $(ss_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") - $(ss_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass") - $(ss_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward") - $(ss_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst") - $(ss_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") + $(ss_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") + $(ss_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass") + $(ss_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward") + $(ss_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst") + $(ss_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") EOF } @@ -174,9 +174,9 @@ ss_rules6_iptchains_init_tcp() { *nat :ssr6_${rule}_local_out - -I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out - -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN - -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN + -A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN + -A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_all dst -j RETURN + -A ssr6_${rule}_local_out -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN -A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN -A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT @@ -232,19 +232,19 @@ ss_rules6_iptchains_init_() { :ssr6_${rule}_dst - :ssr6_${rule}_forward - $(ss_rules6_iptchains_mkprerules "$proto") - -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN + -A ssr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539 -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ssr6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN -A ssr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ssr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN -A ssr6_${rule}_pre_src -p $proto $o_ipt_extra -j ssr6_${rule}_src - -A ssr6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN - -A ssr6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ssr6_${rule}_forward - -A ssr6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ssr6_${rule}_dst + -A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN + -A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j ssr6_${rule}_forward + -A ssr6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j ssr6_${rule}_dst -A ssr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ssr6_${rule}_forward + -A ssr6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j ssr6_${rule}_forward $recentrst_addset_rules -A ssr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules diff --git a/v2ray-core/files/usr/bin/v2ray-rules b/v2ray-core/files/usr/bin/v2ray-rules index 2d6642274..a43b19be7 100755 --- a/v2ray-core/files/usr/bin/v2ray-rules +++ b/v2ray-core/files/usr/bin/v2ray-rules @@ -125,28 +125,28 @@ v2r_rules_flush() { iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip route flush table 100 || true - for setname in $(ipset -n list | grep "ss_rules_"); do + for setname in $(ipset -n list | grep "ssr_${rule}"); do ipset destroy "$setname" 2>/dev/null || true done } v2r_rules_ipset_init() { ipset --exist restore <<-EOF - create ss_rules_src_bypass hash:net hashsize 64 - create ss_rules_src_forward hash:net hashsize 64 - create ss_rules_src_checkdst hash:net hashsize 64 + create ssr_${rule}_src_bypass hash:net hashsize 64 + create ssr_${rule}_src_forward hash:net hashsize 64 + create ssr_${rule}_src_checkdst hash:net hashsize 64 create ss_rules_dst_bypass_all hash:net hashsize 64 - create ss_rules_dst_bypass hash:net hashsize 64 - create ss_rules_dst_bypass_ hash:net hashsize 64 - create ss_rules_dst_forward hash:net hashsize 64 + create ssr_${rule}_dst_bypass hash:net hashsize 64 + create ssr_${rule}_dst_bypass_ hash:net hashsize 64 + create ssr_${rule}_dst_forward hash:net hashsize 64 create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600 - $(v2r_rules_ipset_mkadd ss_rules_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") + $(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") $(v2r_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all") - $(v2r_rules_ipset_mkadd ss_rules_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") - $(v2r_rules_ipset_mkadd ss_rules_src_bypass "$o_src_bypass") - $(v2r_rules_ipset_mkadd ss_rules_src_forward "$o_src_forward") - $(v2r_rules_ipset_mkadd ss_rules_src_checkdst "$o_src_checkdst") - $(v2r_rules_ipset_mkadd ss_rules_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") + $(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") + $(v2r_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass") + $(v2r_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward") + $(v2r_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst") + $(v2r_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')") EOF } @@ -192,9 +192,9 @@ v2r_rules_iptchains_init_tcp() { *nat :v2r_${rule}_local_out - -I OUTPUT 1 -p tcp -j v2r_${rule}_local_out - -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN -A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN -A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT @@ -250,19 +250,19 @@ v2r_rules_iptchains_init_() { :v2r_${rule}_dst - :v2r_${rule}_forward - $(v2r_rules_iptchains_mkprerules "$proto") - -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539 -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN -A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN -A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src - -A v2r_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN - -A v2r_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_${rule}_forward - -A v2r_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_${rule}_dst + -A v2r_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN + -A v2r_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j v2r_${rule}_forward + -A v2r_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j v2r_${rule}_dst -A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_${rule}_forward + -A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j v2r_${rule}_forward $recentrst_addset_rules -A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules diff --git a/v2ray-core/files/usr/bin/v2ray-rules6 b/v2ray-core/files/usr/bin/v2ray-rules6 index 14f51e5dd..b05c70c59 100755 --- a/v2ray-core/files/usr/bin/v2ray-rules6 +++ b/v2ray-core/files/usr/bin/v2ray-rules6 @@ -108,28 +108,28 @@ v2ray_rules6_flush() { ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip -f inet6 route flush table 100 || true - for setname in $(ipset -n list | grep "ss_rules6_"); do + for setname in $(ipset -n list | grep "ssr6_${rule}"); do ipset destroy "$setname" 2>/dev/null || true done } v2ray_rules6_ipset_init() { ipset --exist restore <<-EOF - create ss_rules6_src_bypass hash:net family inet6 hashsize 64 - create ss_rules6_src_forward hash:net family inet6 hashsize 64 - create ss_rules6_src_checkdst hash:net family inet6 hashsize 64 - create ss_rules6_dst_bypass hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64 + create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64 create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64 - create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64 - create ss_rules6_dst_forward hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64 + create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64 create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600 - $(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers") $(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") - $(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") - $(v2ray_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass") - $(v2ray_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward") - $(v2ray_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst") - $(v2ray_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst") + $(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')") EOF } @@ -240,20 +240,20 @@ v2ray_rules6_iptchains_init_() { :v2r6_${rule}_forward - $(v2ray_rules6_iptchains_mkprerules "udp") $(v2ray_rules6_iptchains_mkprerules "tcp") - -A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN + -A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN -A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539 -A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN -A v2r6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN -A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN -A v2r6_${rule}_pre_src -p tcp $o_ipt_extra -j v2r6_${rule}_src -A v2r6_${rule}_pre_src -p udp $o_ipt_extra -j v2r6_${rule}_src - -A v2r6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN - -A v2r6_${rule}_src -m set --match-set ss_rules6_src_forward src -j v2r6_${rule}_forward - -A v2r6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j v2r6_${rule}_dst + -A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN + -A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j v2r6_${rule}_forward + -A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j v2r6_${rule}_dst -A v2r6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j v2r6_${rule}_forward + -A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j v2r6_${rule}_forward $recentrst_addset_rules -A v2r6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules From a0da499c105c71960b014d36ade9fc5167d7803d Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 25 Jan 2021 16:43:15 +0100 Subject: [PATCH 02/16] Display IPv6 in status only when gateway exist --- .../luasrc/view/openmptcprouter/wanstatus.htm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm index cff1dbac6..1aa626cd5 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm @@ -469,7 +469,7 @@ local statuslogo = ucic:get("openmptcprouter","settings","statuslogo") or "openm { content += String.format('%s %s
','<%:ip address:%>', ipaddr); } - if(ip6addr !== '') + if(ip6addr !== '' && gateway6 != '') { content += String.format('%s %s
','<%:ipv6 address:%>', ip6addr); } @@ -477,7 +477,7 @@ local statuslogo = ucic:get("openmptcprouter","settings","statuslogo") or "openm { content += String.format('%s %s
','<%:wan address:%>', wanip); } - if(wanip6 !== '' && gateway6 != '') + if(wanip6 !== '') { content += String.format('%s %s
','<%:wan ipv6 address:%>', wanip6); } From b0e38240cc83d4f40f084d51344511d4b0787fe4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 27 Jan 2021 18:18:50 +0100 Subject: [PATCH 03/16] Fix shadowsocks iptables rules --- .../files/shadowsocks-libev.init | 5 ++++ shadowsocks-libev/files/ss-rules | 29 ++++++++++--------- shadowsocks-libev/files/ss-rules6 | 2 +- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init index 7c3056747..9e15c6241 100644 --- a/shadowsocks-libev/files/shadowsocks-libev.init +++ b/shadowsocks-libev/files/shadowsocks-libev.init @@ -1,6 +1,7 @@ #!/bin/sh /etc/rc.common # # Copyright (C) 2017-2019 Yousong Zhou +# Copyright (C) 2019-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter # # This is free software, licensed under the GNU General Public License v3. # See /LICENSE for more information. @@ -314,6 +315,10 @@ stop_service() { rm -rf "$ss_confdir" } +reload_service() { + restart "$@" +} + rules_exist() { [ -n "$(iptables -t nat -L -n | grep ssr)" ] && return 0 return 1 diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules index 74373efc3..396de706d 100755 --- a/shadowsocks-libev/files/ss-rules +++ b/shadowsocks-libev/files/ss-rules @@ -1,7 +1,7 @@ #!/bin/sh -e # # Copyright (C) 2017 Yousong Zhou -# Copyright (C) 2018 Ycarus (Yannick Chabanois) +# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) # # The design idea was derived from ss-rules by Jian Chang # @@ -135,7 +135,7 @@ ss_rules_ipset_init() { create ssr_${rule}_src_bypass hash:net hashsize 64 create ssr_${rule}_src_forward hash:net hashsize 64 create ssr_${rule}_src_checkdst hash:net hashsize 64 - create ssr_rules_dst_bypass_all hash:net hashsize 64 + create ss_rules_dst_bypass_all hash:net hashsize 64 create ssr_${rule}_dst_bypass hash:net hashsize 64 create ssr_${rule}_dst_bypass_ hash:net hashsize 64 create ssr_${rule}_dst_forward hash:net hashsize 64 @@ -187,18 +187,19 @@ ss_rules_iptchains_init_tcp() { forward) local_target=ssr_${rule}_forward ;; bypass|*) return 0;; esac - - iptables-restore -w --noflush <<-EOF - *nat - :ssr_${rule}_local_out - - -I OUTPUT 1 -p tcp -j ssr_${rule}_local_out - -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN - -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN - -A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN - -A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" - COMMIT - EOF + if [ "$(iptables -t nat -L ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then + iptables-restore -w --noflush <<-EOF + *nat + :ssr_${rule}_local_out - + -I OUTPUT 1 -p tcp -j ssr_${rule}_local_out + -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN + -A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN + -A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" + COMMIT + EOF + fi } ss_rules_iptchains_init_udp() { diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6 index c114dc268..84d04beb5 100755 --- a/shadowsocks-libev/files/ss-rules6 +++ b/shadowsocks-libev/files/ss-rules6 @@ -1,7 +1,7 @@ #!/bin/sh -e # # Copyright (C) 2017 Yousong Zhou -# Copyright (C) 2018 Ycarus (Yannick Chabanois) +# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) # # The design idea was derived from ss-rules by Jian Chang # From df1f5a791591115b98f19e2c24934804d4709f95 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:41:36 +0100 Subject: [PATCH 04/16] Fix omr-bypass with vlan --- .../root/etc/init.d/omr-bypass | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index 592d875ac..82a1e68f5 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -50,7 +50,8 @@ _bypass_domains() { _bypass_domain() { local domain=$1 local intf=$2 - + intf=$(echo $intf | sed -e 's/\./_/') + [ -z "$intf" ] && intf="all" if [ -n "$domain" ]; then domain=$(echo $domain | sed 's:^\.::') @@ -68,7 +69,7 @@ _bypass_domain() { fi fi if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then - uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf" + uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intfuci,omr6_dst_bypass_$intf" else dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g') for dnsipset in $dnsmasqipset; do @@ -90,8 +91,8 @@ _bypass_mac() { config_get intf $1 interface config_get enabled $1 enabled [ "$enabled" = "0" ] && return - intfuci=$(echo $intf | sed 's/\./_/') - local intfid="$(uci -q get omr-bypass.$intfuci.id)" + intf=$(echo $intf | sed -e 's/\./_/') + local intfid="$(uci -q get omr-bypass.$intf.id)" [ -z "$intf" ] && intf="all" [ -z "$mac" ] && return @@ -132,8 +133,8 @@ _bypass_lan_ip() { config_get intf $1 interface config_get enabled $1 enabled [ "$enabled" = "0" ] && return - intfuci=$(echo $intf | sed 's/\./_/') - local intfid="$(uci -q get omr-bypass.$intfuci.id)" + intf=$(echo $intf | sed -e 's/\./_/') + local intfid="$(uci -q get omr-bypass.$intf.id)" [ -z "$intf" ] && intf="all" [ -z "$ip" ] && return @@ -190,8 +191,8 @@ _bypass_dest_port() { config_get intf $1 interface config_get enabled $1 enabled [ "$enabled" = "0" ] && return - intfuci=$(echo $intf | sed 's/\./_/') - local intfid="$(uci -q get omr-bypass.$intfuci.id)" + intf=$(echo $intf | sed -e 's/\./_/') + local intfid="$(uci -q get omr-bypass.$intf.id)" [ -z "$intf" ] && intf="all" [ -z "$dport" ] && return @@ -246,8 +247,8 @@ _bypass_src_port() { config_get intf $1 interface config_get enabled $1 enabled [ "$enabled" = "0" ] && return - intfuci=$(echo $intf | sed 's/\./_/') - local intfid="$(uci -q get omr-bypass.$intfuci.id)" + intf=$(echo $intf | sed -e 's/\./_/') + local intfid="$(uci -q get omr-bypass.$intf.id)" [ -z "$intf" ] && intf="all" [ -z "$sport" ] && return @@ -300,8 +301,8 @@ _bypass_proto() { config_get intf $1 interface config_get enabled $1 enabled [ "$enabled" = "0" ] && return - intfuci=$(echo $intf | sed 's/\./_/') - local intfid="$(uci -q get omr-bypass.$intfuci.id)" + intf=$(echo $intf | sed -e 's/\./_/') + local intfid="$(uci -q get omr-bypass.$intf.id)" [ -z "$intf" ] && intf="all" [ -z "$proto" ] && return @@ -459,6 +460,7 @@ _intf_rule() { #[ "$mode" = "off" ] && return [ -z "$count" ] && return [ -z "$intf" ] && return + intf=$(echo $intf | sed -e 's/\./_/') [ "$(echo $1 | grep _dev)" != "" ] && return [ -z "$RELOAD" ] || [ "$(ipset --list | grep omr_dst_bypass_$intf)" = "" ] && { unset RELOAD @@ -498,9 +500,8 @@ _intf_rule() { config_foreach _intf_rule_ss_rules ss_rules _intf_rule_v2ray_rules - intfuci=$(echo $intf | sed 's/\./_/') - uci -q set omr-bypass.$intfuci=interface - uci -q set omr-bypass.$intfuci.id=$count + uci -q set omr-bypass.$intf=interface + uci -q set omr-bypass.$intf.id=$count } _bypass_ip_set() { From 1518776a8be6f8ffc5b9c6cb53e187518c0f55a2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:42:01 +0100 Subject: [PATCH 05/16] Fix typo --- .../luasrc/view/openmptcprouter/settings.htm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm index c23724f44..7ae4100b4 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm @@ -255,7 +255,7 @@
- +
checked<% end %>>
From 4f6b1d263eb9970ff5798e6e09084e45f467f7c6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:43:01 +0100 Subject: [PATCH 06/16] Support 2 IPs on server --- .../luasrc/controller/openmptcprouter.lua | 54 +++++++++++++++---- .../luasrc/view/openmptcprouter/wizard.htm | 26 +++++++-- 2 files changed, 68 insertions(+), 12 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index 29ec07420..62974d55b 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -66,7 +66,8 @@ function wizard_add() ucic:foreach("openmptcprouter", "server", function(s) local servername = s[".name"] nbserver = nbserver + 1 - server_ip = ucic:get("openmptcprouter",servername,"ip") + server_ips = ucic:get_list("openmptcprouter",servername,"ip") + server_ip = server_ips[1] end) if nbserver == 1 and server_ip ~= "" and server_ip ~= nil then ucic:set("shadowsocks-libev","sss0","server",server_ip) @@ -425,8 +426,14 @@ function wizard_add() local disablednb = 0 local servers = luci.http.formvaluetable("server") for server, _ in pairs(servers) do - local server_ip = {} - server_ip[1] = luci.http.formvalue("%s.server_ip" % server) or "" + local serverips = luci.http.formvaluetable("%s.serverip" % server) or {} + local aserverips = {} + for _, ip in pairs(serverips) do + if ip ~= "" and ip ~= nil then + table.insert(aserverips,ip) + end + end + local master = luci.http.formvalue("master") or "" -- OpenMPTCProuter VPS @@ -447,14 +454,14 @@ function wizard_add() if openmptcprouter_vps_disabled == "1" then disablednb = disablednb + 1 end - if server_ip[1] ~= "" then + if next(aserverips) ~= nil then serversnb = serversnb + 1 end ucic:set("openmptcprouter",server,"server") ucic:set("openmptcprouter",server,"username",openmptcprouter_vps_username) ucic:set("openmptcprouter",server,"password",openmptcprouter_vps_key) ucic:set("openmptcprouter",server,"disabled",openmptcprouter_vps_disabled) - ucic:set_list("openmptcprouter",server,"ip",server_ip) + ucic:set_list("openmptcprouter",server,"ip",aserverips) ucic:set("openmptcprouter",server,"port","65500") ucic:save("openmptcprouter") end @@ -488,6 +495,13 @@ function wizard_add() ucic:save("shadowsocks-libev") ucic:save("v2ray") + ucic:foreach("shadowsocks-libev","server", function(s) + local sectionname = s[".name"] + if sectionname:match("^sss.*") then + ucic:delete("shadowsocks-libev",sectionname,"ip") + ucic:set("shadowsocks-libev",sectionname,"disabled","1") + end + end) local ss_servers_nginx = {} local ss_servers_ha = {} @@ -497,14 +511,20 @@ function wizard_add() for server, _ in pairs(servers) do local master = luci.http.formvalue("master") or "" - local server_ip = luci.http.formvalue("%s.server_ip" % server) or "" + local server_ips = luci.http.formvaluetable("%s.serverip" % server) or {} + local server_ip = "" + for _, ip in pairs(server_ips) do + if server_ip == "" and ip ~= "" and ip ~= nil then + server_ip=ip + end + end -- We have an IP, so set it everywhere - if server_ip ~= "" and luci.http.formvalue("%s.openmptcprouter_vps_disabled" % server) ~= "1" then + if server_ip ~= "" and server_ip ~= nil and luci.http.formvalue("%s.openmptcprouter_vps_disabled" % server) ~= "1" then -- Check if we have more than one IP, in this case use Nginx HA if serversnb > 1 then if master == server then ss_ip=server_ip - ucic:set("shadowsocks-libev","sss0","server",server_ip) + --ucic:set("shadowsocks-libev","sss0","server",server_ip) ucic:set("glorytun","vpn","host",server_ip) ucic:set("glorytun-udp","vpn","host",server_ip) ucic:set("dsvpn","vpn","host",server_ip) @@ -516,6 +536,14 @@ function wizard_add() luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip) ucic:set("qos","serverin","srchost",server_ip) ucic:set("qos","serverout","dsthost",server_ip) + local nbip = 0 + for _, ssip in pairs(server_ips) do + ucic:set("shadowsocks-libev","sss" .. nbip,"server",ssip) + if default_proxy == "shadowsocks" then + ucic:set("shadowsocks-libev","sss" .. nbip,"disabled","0") + end + nbip = nbip + 1 + end end k = k + 1 ucic:set("nginx-ha","ShadowSocks","enable","0") @@ -526,7 +554,7 @@ function wizard_add() ucic:set("openmptcprouter","settings","ha","0") ucic:set("nginx-ha","ShadowSocks","enable","0") ucic:set("nginx-ha","VPN","enable","0") - ucic:set("shadowsocks-libev","sss0","server",server_ip) + --ucic:set("shadowsocks-libev","sss0","server",server_ip) ucic:set("glorytun","vpn","host",server_ip) ucic:set("glorytun-udp","vpn","host",server_ip) ucic:set("dsvpn","vpn","host",server_ip) @@ -538,6 +566,14 @@ function wizard_add() luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip) ucic:set("qos","serverin","srchost",server_ip) ucic:set("qos","serverout","dsthost",server_ip) + local nbip = 0 + for _, ssip in pairs(server_ips) do + ucic:set("shadowsocks-libev","sss" .. nbip,"server",ssip) + if default_proxy == "shadowsocks" then + ucic:set("shadowsocks-libev","sss" .. nbip,"disabled","0") + end + nbip = nbip + 1 + end end end end diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm index 89da6bc85..d966771d9 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm @@ -55,9 +55,19 @@

<%=servername%>

- +
- " data-optional="false"> + " data-optional="false"> +
+ <%:Server IP will be set for proxy and VPN%> +
+
+
+
+
+ +
+ " data-optional="false">
<%:Server IP will be set for proxy and VPN%>
@@ -147,7 +157,10 @@
- checked<% end %> /> +
<%:You should disable IPv6 here if server doesn't provide IPv6.%> @@ -874,6 +887,13 @@ if not (ifacea == "lo" or ifacea == "6in4-omr6in4" or ifacea == "mlvpn0" or ifacea:match("^ifb.*") or ifacea:match("^sit.*") or ifacea:match("^gre.*") or ifacea:match("^ip6.*") or ifacea:match("^teql.*") or ifacea:match("^erspan.*")) and device_notvirtual(ifacea) then %> + <% + end + end + for _, ifacea in ipairs(net:get_networks()) do + if not (ifacea:name() == "loopback" or ifacea:name() == "omr6in4" or ifacea:name() == "omrvpn" or ifacea:name():match("^omrip.*")) then + %> + <% end end From ea850cea047c99cdec43954b183e4a0c4f367230 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:43:31 +0100 Subject: [PATCH 07/16] Support alias interfaces --- .../root/usr/libexec/rpcd/openmptcprouter | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter index 9f88a0cc4..b80a81a7d 100755 --- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter +++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter @@ -1115,6 +1115,7 @@ function interfaces_status() local gateway6 = section["ip6gw"] or "" local multipath = section["multipath"] local enabled = section["auto"] + local proto = section["proto"] or "" --if not ipaddr or not gateway then return end -- Don't show if0 in the overview @@ -1130,7 +1131,7 @@ function interfaces_status() duplicateif = false if ifname ~= "" and ifname ~= nil then - if allintf[ifname] then + if allintf[ifname] and not section["ifname"]:match("^@.*") then connectivity = "ERROR" duplicateif = true else @@ -1144,10 +1145,10 @@ function interfaces_status() if enabled == "0" then return end local connectivity = "OK" - if ipaddr == "" and ifname ~= nil and ifname ~= "" then + if ipaddr == "" and ifname ~= nil and ifname ~= "" and proto ~= "dhcpv6" then ipaddr = ut.trim(sys.exec("ip -4 -br addr ls dev " .. ifname .. " | awk -F'[ /]+' '{print $3}' | tr -d '\n'")) end - if ipaddr == "" and ifname ~= nil and ifname ~= "" then + if ipaddr == "" and ifname ~= nil and ifname ~= "" and proto ~= "dhcpv6" then ipaddr = ut.trim(sys.exec("ip -4 addr show dev " .. ifname .. " | grep -m 1 inet | awk '{print $2}' | cut -d'/' -s -f1 | tr -d '\n'")) end if ip6addr == "" and ifname ~= nil and ifname ~= "" then @@ -1195,14 +1196,16 @@ function interfaces_status() local gw_ping = "UP" local gw_ping6 = "UP" if ifname ~= nil and not (ifname:match("^tun.*") or interface:match("^ovpn.*")) then - gateway = ut.trim(sys.exec("ip -4 r list dev " .. ifname .. " | grep via | grep -v default | grep -v metric | awk '{print $1}' | tr -d '\n'")) + if proto ~= "dhcpv6" then + gateway = ut.trim(sys.exec("ip -4 r list dev " .. ifname .. " | grep via | grep -v default | grep -v metric | awk '{print $1}' | tr -d '\n'")) + end gateway6 = ut.trim(sys.exec("ip -6 r list dev " .. ifname .. " | grep via | grep -v default | grep -v metric | awk '{print $1}' | tr -d '\n'")) end - if gateway == "" then + if gateway == "" and proto ~= "dhcpv6" then gateway = get_gateway(interface) end - if gateway == "" and ifname ~= nil and ifname ~= "" then + if gateway == "" and ifname ~= nil and ifname ~= "" and proto ~= "dhcpv6" then if fs.access("/sys/class/net/" .. ifname) then gateway = ut.trim(sys.exec("ip -4 r list dev " .. ifname .. " | grep kernel | awk '/proto kernel/ {print $1}' | grep -v / | tr -d '\n'")) if gateway == "" then @@ -1263,7 +1266,7 @@ function interfaces_status() end if ifname ~= "" and ifname ~= nil then - local proto = section['proto'] + --local proto = section['proto'] if proto == "qmi" then local device = section['device'] intfdata = ut.trim(sys.exec("omr-qmi " .. device .. " all")) @@ -1438,6 +1441,7 @@ function interfaces_status() phonenumber = phonenumber, donglestate = donglestate, networktype = networktype, + proto = proto, rx = rx, tx = tx, } From e05f1b8e02b1e2f494b282cd2fbad359f1ab1eef Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:44:10 +0100 Subject: [PATCH 08/16] Update ndpi netfiler2 --- ndpi-netfilter2/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile index 9f04c4e87..b74ed75c1 100644 --- a/ndpi-netfilter2/Makefile +++ b/ndpi-netfilter2/Makefile @@ -10,8 +10,8 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=ndpi-netfilter2 -PKG_RELEASE:=2 -PKG_REV:=0a03249da911f4033fd2a0d38a97cdba72eee2b6 +PKG_RELEASE:=3 +PKG_REV:=25a5c2e1d619aa2d819b18bed8276b3bd7eb4c5b PKG_VERSION:=3.2-$(PKG_REV) PKG_SOURCE_PROTO:=git From 6ab5f128a943fb2e19c44618314bc17bf8b7b142 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:44:38 +0100 Subject: [PATCH 09/16] Support multi servers with glorytun UDP --- .../share/omr/post-tracking.d/post-tracking | 86 +++++++++++-------- 1 file changed, 48 insertions(+), 38 deletions(-) diff --git a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking index a8ce3ed18..9c51d7b7c 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking +++ b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking @@ -891,45 +891,55 @@ if [ "$multipath_config" = "on" ] || [ "$multipath_config" = "backup" ]; then if [ "$(uci -q show | grep mptcpr)" = "" ]; then touch /etc/config/openmptcprouter fi - gtudpst="up" - [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipathvpn)" != "1" ] && [ "$multipath_config" = "backup" ] && [ "$(pgrep glorytun-udp)" != "" ] && gtudpst="backup" - if [ "$OMR_TRACKER_DEVICE_IP" != "" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp path | grep $OMR_TRACKER_DEVICE_IP)" = "" ]; then - if [ "$download" != "0" ] && [ "$download" != "" ] && [ "$upload" != "0" ] && [ "$upload" != "" ]; then - if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP dev tun0 set up rate auto tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 - else - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP dev tun0 set up rate fixed tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 + glorytunudppath() { + gtudp_port="$(uci -q get glorytun-udp.vpn.port)" + gtudp_dev="$(uci -q get glorytun-udp.vpn.dev)" + addpath() { + serverip=$1 + #gtudpst="up" + #[ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipathvpn)" != "1" ] && [ "$multipath_config" = "backup" ] && [ "$(pgrep glorytun-udp)" != "" ] && gtudpst="backup" + if [ "$OMR_TRACKER_DEVICE_IP" != "" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp path | grep $OMR_TRACKER_DEVICE_IP)" = "" ] && [ -n "$(resolveip -4 $serverip)" ]; then + if [ "$download" != "0" ] && [ "$download" != "" ] && [ "$upload" != "0" ] && [ "$upload" != "" ]; then + if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate auto tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 + else + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate fixed tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 + fi + else + if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate auto tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 + else + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate fixed tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 + fi + fi fi - else - if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP dev tun0 set up rate auto tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 - else - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP dev tun0 set up rate fixed tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 + if [ "$OMR_TRACKER_DEVICE_IP6" != "" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp path | grep $OMR_TRACKER_DEVICE_IP6)" = "" ] && [ -n "$(resolveip -6 $serverip)" ]; then + if [ "$download" != "0" ] && [ "$download" != "" ] && [ "$upload" != "0" ] && [ "$upload" != "" ]; then + if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate auto tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 + else + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate fixed tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 + fi + else + if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate auto tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 + else + glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 to addr $serverip dev ${gtudp_dev} port ${gtudp_port} set up rate fixed tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 + fi + fi fi - fi - fi - if [ "$OMR_TRACKER_DEVICE_IP6" != "" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp path | grep $OMR_TRACKER_DEVICE_IP6)" = "" ]; then - if [ "$download" != "0" ] && [ "$download" != "" ] && [ "$upload" != "0" ] && [ "$upload" != "" ]; then - if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 dev tun0 set up rate auto tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 - else - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 dev tun0 set up rate fixed tx $((upload*1000/8)) rx $((download*1000/8)) pref 1 > /dev/null 2>&1 - fi - else - if [ "$(uci -q get glorytun-udp.vpn.rateauto)" = "1" ]; then - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 dev tun0 set up rate auto tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 - else - glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 dev tun0 set up rate fixed tx 12500000 rx 12500000 pref 1 > /dev/null 2>&1 - fi - fi - fi -# if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp set | grep 'kxtimeout 7d')" = "" ]; then -# glorytun-udp set dev tun0 kxtimeout 7d > /dev/null 2>&1 -# fi - [ "$multipath_config" = "backup" ] && [ "$(pgrep glorytun-udp)" != "" ] && { - [ -n "$OMR_TRACKER_DEVICE_IP" ] && glorytun-udp path addr $OMR_TRACKER_DEVICE_IP dev tun0 set pref 125 > /dev/null 2>&1 - [ -n "$OMR_TRACKER_DEVICE_IP6" ] && glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 dev tun0 set pref 125 > /dev/null 2>&1 +# if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" != "1" ] && [ "$(pgrep glorytun-udp)" != "" ] && [ "$(glorytun-udp set | grep 'kxtimeout 7d')" = "" ]; then +# glorytun-udp set dev tun0 kxtimeout 7d > /dev/null 2>&1 + # fi + [ "$multipath_config" = "backup" ] && [ "$(pgrep glorytun-udp)" != "" ] && { + [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$(resolveip -4 $serverip)" ] && glorytun-udp path addr $OMR_TRACKER_DEVICE_IP to addr $serverip port ${gtudp_port} dev ${gtudp_dev} set pref 125 > /dev/null 2>&1 + [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$(resolveip -6 $serverip)" ] && glorytun-udp path addr $OMR_TRACKER_DEVICE_IP6 to addr $serverip port ${gtudp_port} dev ${gtudp_dev} set pref 125 > /dev/null 2>&1 + } + } + config_list_foreach $1 ip addpath } + config_load openmptcprouter + config_foreach glorytunudppath server fi [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipathvpn)" != "1" ] && { [ "$multipath_status" = "$multipath_config" ] || { @@ -1230,7 +1240,7 @@ if [ "$(pgrep rpcd)" = "" ] && [ -f /etc/init.d/rpcd ]; then sleep 5 fi -if [ "$(uci -q get v2ray.main.enabled)" = "1" ] && [ -f /etc/init.d/v2ray ] && [ "$(pgrep -f omr-tracker-v2ray)" = "" ]; then +if [ "$(uci -q get v2ray.main.enabled)" = "1" ] && [ -f /etc/init.d/v2ray ] && [ "$(pgrep -f omr-tracker-v2ray)" = "" ] && [ "$(pgrep -f '/etc/init.d/omr-tracker')" = "" ]; then _log "Can't find omr-tracker-v2ray, restart omr-tracker..." /etc/init.d/omr-tracker restart fi @@ -1246,7 +1256,7 @@ if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get uci -q commit openmptcprouter fi -if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get shadowsocks-libev.sss0.key)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "192.18.1.3" ] && [ "$(pgrep -f omr-tracker-ss)" = "" ]; then +if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get shadowsocks-libev.sss0.key)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "192.18.1.3" ] && [ "$(pgrep -f omr-tracker-ss)" = "" ] && [ "$(pgrep -f '/etc/init.d/omr-tracker')" = "" ]; then _log "Can't find omr-tracker-ss, restart omr-tracker..." /etc/init.d/omr-tracker restart fi From afcb30eb2d23c0d21e672fa686ad85f605250ace Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:45:45 +0100 Subject: [PATCH 10/16] Set public IP for uPnP --- omr-tracker/files/bin/omr-tracker-ss | 7 ++++++- omr-tracker/files/bin/omr-tracker-v2ray | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/omr-tracker/files/bin/omr-tracker-ss b/omr-tracker/files/bin/omr-tracker-ss index 9a7234c93..be0074b01 100755 --- a/omr-tracker/files/bin/omr-tracker-ss +++ b/omr-tracker/files/bin/omr-tracker-ss @@ -27,7 +27,12 @@ _get_ip() { [ -z "$check_ipv4_website" ] && check_ipv4_website="http://ip.openmptcprouter.com" check_ipv6_website="$(uci -q get openmptcprouter.settings.check_ipv6_website)" [ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com" - uci -q set openmptcprouter.omr.detected_public_ipv4="$(curl -s -4 -m 3 $check_ipv4_website)" + public_ipv4="$(curl -s -4 -m 3 $check_ipv4_website)" + uci -q set openmptcprouter.omr.detected_public_ipv4="${public_ipv4}" + [ -n "$public_ipv4" ] && { + uci -q set upnpd.config.external_ip="${public_ipv4}" + uci -q commit upnpd + } if [ "$(uci -q get openmptcprouter.omr.shadowsocks)" != "down" ]; then uci -q set openmptcprouter.omr.detected_ss_ipv4="$(curl -s -4 --socks5 "${proxy}" --max-time 3 $check_ipv4_website)" else diff --git a/omr-tracker/files/bin/omr-tracker-v2ray b/omr-tracker/files/bin/omr-tracker-v2ray index 32ef73c6b..e8e0dcffe 100755 --- a/omr-tracker/files/bin/omr-tracker-v2ray +++ b/omr-tracker/files/bin/omr-tracker-v2ray @@ -27,7 +27,12 @@ _get_ip() { [ -z "$check_ipv4_website" ] && check_ipv4_website="http://ip.openmptcprouter.com" check_ipv6_website="$(uci -q get openmptcprouter.settings.check_ipv6_website)" [ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com" - uci -q set openmptcprouter.omr.detected_public_ipv4="$(curl -s -4 -m 3 $check_ipv4_website)" + public_ipv4="$(curl -s -4 -m 3 $check_ipv4_website)" + uci -q set openmptcprouter.omr.detected_public_ipv4="${public_ipv4}" + [ -n "${public_ipv4}" ] && { + uci -q set upnpd.config.external_ip="${public_ipv4}" + uci -q commit upnpd + } if [ "$(uci -q get openmptcprouter.omr.v2ray)" != "down" ]; then uci -q set openmptcprouter.omr.detected_ss_ipv4="$(curl -s -4 --socks5 "${proxy}" --max-time 3 $check_ipv4_website)" else From 07afc6ce8e80557b0c97f88883de53750cfdc8fa Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:46:36 +0100 Subject: [PATCH 11/16] Support multiples IPs on server for MPTCPoverVPN and OpenVPN Bonding --- openmptcprouter/files/etc/init.d/mptcpovervpn | 6 +++--- openmptcprouter/files/etc/init.d/openvpnbonding | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/mptcpovervpn b/openmptcprouter/files/etc/init.d/mptcpovervpn index 870148e5b..a2f7d97e4 100755 --- a/openmptcprouter/files/etc/init.d/mptcpovervpn +++ b/openmptcprouter/files/etc/init.d/mptcpovervpn @@ -9,7 +9,7 @@ } _getremoteip() { - [ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip) + [ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}') } mptcp_over_vpn() { @@ -139,8 +139,8 @@ start_service() elif [ "$(uci -q get glorytun.vpn.host)" = "10.255.250.1" ] && [ "$nbintf" != "$nbintfvpn" ]; then uci -q batch <<-EOF >/dev/null delete shadowsocks-libev.sss0.disabled - set glorytun.vpn.host="$(uci -q get openmptcprouter.vps.ip)" - set glorytun-udp.vpn.host="$(uci -q get openmptcprouter.vps.ip)" + set glorytun.vpn.host="$(uci -q get openmptcprouter.vps.ip | awk '{print $1}')" + set glorytun-udp.vpn.host="$(uci -q get openmptcprouter.vps.ip | awk '{print $1}')" commit glorytun commit glorytun-udp EOF diff --git a/openmptcprouter/files/etc/init.d/openvpnbonding b/openmptcprouter/files/etc/init.d/openvpnbonding index d36eeb584..87dfdf483 100755 --- a/openmptcprouter/files/etc/init.d/openvpnbonding +++ b/openmptcprouter/files/etc/init.d/openvpnbonding @@ -9,7 +9,7 @@ } _getremoteip() { - [ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip) + [ "$(uci -q get openmptcprouter.$1.master)" = "1" ] && remoteip=$(uci -q get openmptcprouter.$1.ip | awk '{print $1}') } _openvpnbonding() { From 58eb27a3440b9db5d57db6dd6940f9836da696ed Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 28 Jan 2021 20:47:14 +0100 Subject: [PATCH 12/16] Fix on openmptcprouter-vps with multiples IPs --- openmptcprouter/files/etc/init.d/openmptcprouter-vps | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 19a7d68bb..853891f9d 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -362,10 +362,11 @@ _get_vps_config() { fi fi fi - vpsip="$(uci -q get openmptcprouter.${servername}.ip)" + vpsip="$(uci -q get openmptcprouter.${servername}.ip | awk '{print $1}')" if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]; then config_foreach _set_ss_server server "server" $vpsip uci -q batch <<-EOF >/dev/null + set shadowsocks-libev.sss0.server="$vpsip" commit shadowsocks-libev EOF if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" = "0" ]; then @@ -1033,7 +1034,9 @@ _set_ss_server() { elif [ "$value" = "false" ]; then value=0 fi - [ "$(echo $1 | grep omr)" != "" ] && uci -q set shadowsocks-libev.$1.$option=$value + if [ "$(echo $1 | grep omr)" != "" ] || [ "$(echo $1 | grep sss)" ]; then + uci -q set shadowsocks-libev.$1.$option=$value + fi } _set_config_from_vps() { @@ -1044,7 +1047,7 @@ _set_config_from_vps() { logger -t "OMR-VPS" "Get config from server ${servername}..." noerror=1 # get VPS ip - vpsip="$(uci -q get openmptcprouter.${servername}.ip)" + vpsip="$(uci -q get openmptcprouter.${servername}.ip | awk '{print $1}')" vps_lastchange="$(echo "$vps_config" | jsonfilter -q -e '@.vps.lastchange')" lastchange="$(uci -q get openmptcprouter.${servername}.lastchange)" [ -z "$lastchange" ] && lastchange=0 From 6a9ec1d08cf728ab56af64e9a6451cb34b487871 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Jan 2021 10:50:57 +0100 Subject: [PATCH 13/16] Display ipv6 parameters only if IPv6 is enabled --- .../luasrc/view/openmptcprouter/wizard.htm | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm index d966771d9..e1fb06c4c 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm @@ -57,19 +57,13 @@
- " data-optional="false"> + " data-optional="false"> + " data-optional="false">
<%:Server IP will be set for proxy and VPN%>
-
-
-
-
- -
- " data-optional="false">
- <%:Server IP will be set for proxy and VPN%> + <%:A secondary server IP can be set for dual IPv4/IPv6 server contact if WAN IPv6 are set%>
@@ -157,7 +151,7 @@
- @@ -621,7 +615,7 @@ <% else %> -
+
@@ -631,7 +625,7 @@
-
+
" data-type="ip6addr"> From 76265b24bd9f5187d24f4a644e0e0e2bdc418af6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Jan 2021 10:51:21 +0100 Subject: [PATCH 14/16] Add -tt as SSH arg --- .github/workflows/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 8ebdbeb63..a837a7293 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -98,6 +98,7 @@ jobs: user: deploy port: ${{ secrets.OMR_DEPLOY_PORT }} key: ${{ secrets.PRIVATE_KEY }} + args: -tt - if: steps.branch_name.outputs.SOURCE_BRANCH != '' name: Deploy - Create directory uses: ysurac/ssh-action@master @@ -112,6 +113,7 @@ jobs: user: deploy port: ${{ secrets.OMR_DEPLOY_PORT }} key: ${{ secrets.PRIVATE_KEY }} + args: -tt - name: Move binaries for rsync working-directory: ../../omr env: From db48ca879438b59b22a5c07b3db90e18a50a731c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Jan 2021 10:52:07 +0100 Subject: [PATCH 15/16] Add default ip route for wan --- mptcp/files/usr/share/omr/post-tracking.d/post-tracking | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking index 9c51d7b7c..eb495ac43 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking +++ b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking @@ -872,6 +872,9 @@ if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then elif [ "$(uci -q get openmptcprouter.settings.master)" != "failover" ]; then config_foreach set_server_route server fi + if [ "$(ip r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then + ip r replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1 + fi fi if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then config_load openmptcprouter @@ -881,6 +884,9 @@ if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; th elif [ "$(uci -q get openmptcprouter.settings.master)" != "failover" ]; then config_foreach set_server_route6 server fi + if [ "$(ip -6 r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then + ip -6 r replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1 + fi fi if [ "$multipath_config" = "on" ] || [ "$multipath_config" = "backup" ]; then From bea2f5f6298b037bddc14aa98f2edf3068d05ad2 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 29 Jan 2021 14:31:44 +0100 Subject: [PATCH 16/16] Add mac address to OMR Rename ident --- .../root/etc/hotplug.d/net/99-omr-rename | 15 ++++++++++----- .../root/etc/init.d/openmptcprouter | 12 ++++++++++-- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/luci-app-openmptcprouter/root/etc/hotplug.d/net/99-omr-rename b/luci-app-openmptcprouter/root/etc/hotplug.d/net/99-omr-rename index f2c19dc55..4ff952d0e 100644 --- a/luci-app-openmptcprouter/root/etc/hotplug.d/net/99-omr-rename +++ b/luci-app-openmptcprouter/root/etc/hotplug.d/net/99-omr-rename @@ -20,17 +20,22 @@ _set_intf_name() { fi [ -n "$modalias" ] && { if [ -f /sys/class/net/${INTERFACE}/device/uevent ]; then + mac="" + if [ -f /sys/class/net/${INTERFACE}/address ]; then + mac="$(cat /sys/class/net/${INTERFACE}/address | tr -d '\n')" + fi chk_modalias=$MODALIAS [ -z "$chk_modalias" ] && chk_modalias="$(cat /sys/class/net/${INTERFACE}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')" if [ -n "$chk_modalias" ]; then + chk_modalias="${chk_modalias}-${mac}" logger -t "OMR-Rename" "modalias: $modalias - chk_modalias: $chk_modalias - ifname: $ifname - INTERFACE: $INTERFACE" if [ "$modalias" = "$chk_modalias" ] && [ "$INTERFACE" != "$ifname" ]; then logger -t "OMR-Rename" "Rename ${INTERFACE} to ${ifname}" - existif=0 + existif="0" ip link set ${INTERFACE} down 2>&1 >/dev/null [ "$(ip link show ${ifname} 2>/dev/null)" != "" ] && { ip link set ${ifname} name ${ifname}tmp 2>&1 >/dev/null - existif=1 + existif="1" } ip link set ${INTERFACE} name ${ifname} 2>&1 >/dev/null ip link set ${ifname} up 2>&1 >/dev/null @@ -48,10 +53,10 @@ _set_intf_name() { logger -t "OMR-Rename" "device: $device - devpath: $DEVPATH - ifname: $ifname - INTERFACE: $INTERFACE" logger -t "OMR-Rename" "Rename ${INTERFACE} to ${ifname}" ip link set ${INTERFACE} down 2>&1 >/dev/null - existif=0 + existif="0" [ "$(ip link show ${ifname} 2>/dev/null)" != "" ] && { ip link set ${ifname} name ${ifname}tmp 2>&1 >/dev/null - existif=1 + existif="1" } ip link set ${INTERFACE} name ${ifname} 2>&1 >/dev/null ip link set ${ifname} up 2>&1 >/dev/null @@ -62,5 +67,5 @@ _set_intf_name() { if [ "$(uci -q get openmptcprouter.settings.disableintfrename)" != "1" ]; then config_load network config_foreach _set_intf_name interface - config_foreach _set_intf_name interface +# config_foreach _set_intf_name interface fi \ No newline at end of file diff --git a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter index 44188939f..decb1fdcc 100755 --- a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter +++ b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter @@ -27,7 +27,11 @@ omr_intf_set() { if [ "$type" != "macvlan" ] && [ -n "$ifname" ] && [ -f /sys/class/net/${ifname}/device/uevent ]; then devicepath=$(readlink -f /sys/class/net/${ifname}) if [ -n "$devicepath" ] && [ "$(echo ${devicepath} | grep virtual)" = "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" != "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PCI_SLOT_NAME)" = "" ]; then - uci -q set network.$1.modalias="$(cat /sys/class/net/${ifname}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')" + mac="" + if [ -f /sys/class/net/${ifname}/address ]; then + mac="$(cat /sys/class/net/${ifname}/address | tr -d '\n')" + fi + uci -q set network.$1.modalias="$(cat /sys/class/net/${ifname}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')-$mac" uci -q set network.$1.product="$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT | cut -d '=' -f2 | tr -d '\n')" elif [ -n "$devicepath" ] && ([ "$(echo ${devicepath} | grep virtual)" != "" ] || [ "$(echo ${devicepath} | grep virtual)" = "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" = "" ] || [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PCI_SLOT_NAME)" != "" ] || [ "$(cat /sys/class/net/${ifname}tmp/device/uevent)" != "" ]); then uci -q delete network.$1.device @@ -35,7 +39,11 @@ omr_intf_set() { uci -q delete network.$1.product fi elif [ "$type" != "macvlan" ] && [ -n "$device" ] && [ -f /sys/bus/usb-serial/devices/${devicename}/device/uevent ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" != "" ]; then - uci -q set network.$1.modalias="$(cat /sys/bus/usb-serial/devices/${devicename}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')" + mac="" + if [ -f /sys/class/net/${ifname}/address ]; then + mac="$(cat /sys/class/net/${ifname}/address | tr -d '\n')" + fi + uci -q set network.$1.modalias="$(cat /sys/bus/usb-serial/devices/${devicename}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')-$mac" uci -q set network.$1.product="$(cat /sys/bus/usb-serial/devices/${devicename}/device/uevent | grep PRODUCT | cut -d '=' -f2 | tr -d '\n')" else uci -q delete network.$1.modalias