mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Add ByPass via server VPN support
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
2160d47f4f
commit
5427b7a40c
3 changed files with 84 additions and 16 deletions
|
|
@ -48,10 +48,13 @@ return L.view.extend({
|
|||
o = s.option(form.Value, 'name', _('Domain'));
|
||||
o.rmempty = false;
|
||||
|
||||
o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
|
||||
|
||||
o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
|
||||
o.noaliases = true;
|
||||
o.noinactive = true;
|
||||
o.nocreate = true;
|
||||
o.depends('vpn', '0');
|
||||
|
||||
o = s.option(form.Value, 'note', _('Note'));
|
||||
o.rmempty = true;
|
||||
|
|
@ -78,10 +81,13 @@ return L.view.extend({
|
|||
o = s.option(form.Value, 'ip', _('IP'));
|
||||
o.rmempty = false;
|
||||
|
||||
o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
|
||||
|
||||
o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
|
||||
o.noaliases = true;
|
||||
o.noinactive = true;
|
||||
o.nocreate = true;
|
||||
o.depends('vpn', '0');
|
||||
|
||||
o = s.option(form.Value, 'note', _('Note'));
|
||||
o.rmempty = true;
|
||||
|
|
@ -199,10 +205,14 @@ return L.view.extend({
|
|||
o = s.option(form.Value, 'asn', _('ASN'));
|
||||
o.rmempty = false;
|
||||
|
||||
o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
|
||||
|
||||
|
||||
o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
|
||||
o.noaliases = true;
|
||||
o.noinactive = true;
|
||||
o.nocreate = true;
|
||||
o.depends('vpn', '0');
|
||||
|
||||
o = s.option(form.Value, 'note', _('Note'));
|
||||
o.rmempty = true;
|
||||
|
|
@ -255,10 +265,13 @@ return L.view.extend({
|
|||
},this));
|
||||
};
|
||||
|
||||
o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
|
||||
|
||||
o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used (or an other interface if master is down).'));
|
||||
o.noaliases = true;
|
||||
o.noinactive = true;
|
||||
o.nocreate = true;
|
||||
o.depends('vpn', '0');
|
||||
|
||||
o = s.option(form.Value, 'note', _('Note'));
|
||||
o.rmempty = true;
|
||||
|
|
@ -278,6 +291,7 @@ return L.view.extend({
|
|||
o = s.option(form.Flag, 'ndpi', _('Enable ndpi'));
|
||||
o.default = o.enabled;
|
||||
o.modalonly = true
|
||||
o.depends('vpn', '0');
|
||||
}
|
||||
|
||||
return m.render();
|
||||
|
|
|
|||
|
|
@ -73,8 +73,8 @@ _bypass_domains() {
|
|||
config_get enabled $1 enabled
|
||||
config_get noipv6 $1 noipv6
|
||||
config_get family $1 family
|
||||
config_get vpn $1 vpn
|
||||
[ -z "$intf" ] && intf="all"
|
||||
config_get vpn $1 vpn
|
||||
[ "$vpn" = "1" ] && intf="srv_vpn1"
|
||||
[ "$enabled" = "0" ] && return
|
||||
[ -z "$domain" ] && return
|
||||
|
|
@ -391,6 +391,9 @@ _bypass_proto() {
|
|||
config_get ndpi $1 ndpi
|
||||
config_get noipv6 $1 noipv6
|
||||
config_get family $1 family
|
||||
config_get vpn $1 vpn
|
||||
[ "$vpn" = "1" ] && intf="srv_vpn1"
|
||||
|
||||
[ "$enabled" = "0" ] && return
|
||||
[ -z "$noipv6" ] && noipv6="0"
|
||||
[ -z "$family" ] && family="ipv4ipv6"
|
||||
|
|
@ -400,7 +403,7 @@ _bypass_proto() {
|
|||
|
||||
[ -z "$intf" ] && intf="all"
|
||||
[ -z "$proto" ] && return
|
||||
if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ]; then
|
||||
if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ] && [ "$vpn" != "1" ]; then
|
||||
if [ "$intf" = "all" ]; then
|
||||
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
|
|
@ -487,6 +490,9 @@ _bypass_proto_without_ndpi() {
|
|||
config_get ndpi $1 ndpi "0"
|
||||
config_get noipv6 $1 noipv6
|
||||
config_get family $1 family
|
||||
config_get vpn $1 vpn
|
||||
[ "$vpn" = "1" ] && intf="srv_vpn1"
|
||||
|
||||
[ "$enabled" = "0" ] && return
|
||||
[ -z "$noipv6" ] && noipv6="0"
|
||||
[ -z "$family" ] && family="ipv4ipv6"
|
||||
|
|
@ -496,22 +502,32 @@ _bypass_proto_without_ndpi() {
|
|||
|
||||
[ -z "$intf" ] && intf="all"
|
||||
[ -z "$proto" ] && return
|
||||
if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ]; then
|
||||
if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ] || [ "$vpn" = "1" ]; then
|
||||
ALLIPS=$(sqlite3 /usr/share/omr-bypass/omr-bypass.db "select ip from ipproto where proto=\"$proto\";" ".exit")
|
||||
if [ -n "$ALLIPS" ]; then
|
||||
ipset -q flush bypass_$proto > /dev/null 2>&1
|
||||
ipset -q flush bypass6_$proto > /dev/null 2>&1
|
||||
ipset -q --exist restore <<-EOF
|
||||
create bypass_$proto hash:net hashsize 64
|
||||
create bypass6_$proto hash:net family inet6 hashsize 64
|
||||
EOF
|
||||
if [ "$vpn" != "1" ]; then
|
||||
ipset -q flush bypass_$proto > /dev/null 2>&1
|
||||
ipset -q flush bypass6_$proto > /dev/null 2>&1
|
||||
ipset -q --exist restore <<-EOF
|
||||
create bypass_$proto hash:net hashsize 64
|
||||
create bypass6_$proto hash:net family inet6 hashsize 64
|
||||
EOF
|
||||
fi
|
||||
for ip in $ALLIPS; do
|
||||
valid_ip4=$( valid_subnet4 $ip)
|
||||
valid_ip6=$( valid_subnet6 $ip)
|
||||
if [ "$valid_ip4" = "ok" ]; then
|
||||
ipset -q add bypass_$proto $ip
|
||||
if [ "$vpn" != "1" ]; then
|
||||
ipset -q add bypass_$proto $ip
|
||||
else
|
||||
ipset -q add omr_dst_bypass_$intf $ip
|
||||
fi
|
||||
elif [ "$valid_ip6" = "ok" ]; then
|
||||
ipset -q add bypass6_$proto $ip
|
||||
if [ "$vpn" != "1" ]; then
|
||||
ipset -q add bypass6_$proto $ip
|
||||
else
|
||||
ipset -q add omr6_dst_bypass_$intf $ip
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$intf" = "all" ]; then
|
||||
|
|
@ -531,7 +547,7 @@ _bypass_proto_without_ndpi() {
|
|||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
else
|
||||
elif [ "$vpn" != "1" ]; then
|
||||
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
|
||||
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
|
|
@ -1025,6 +1041,12 @@ start_service() {
|
|||
-A PREROUTING -j omr-bypass6
|
||||
COMMIT
|
||||
EOF
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
:omr-bypass6-local -
|
||||
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-local
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
|
||||
config_load network
|
||||
|
|
@ -1080,7 +1102,22 @@ start_service() {
|
|||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "$disableipv6" = "0" ]; then
|
||||
if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A omr-bypass6 -m mark --mark 0x539 -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
|
||||
*mangle
|
||||
-A omr-bypass6-local -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||
-A omr-bypass6-local -m mark --mark 0x539 -j RETURN
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
config_load shadowsocks-libev
|
||||
config_foreach _ss_rules_config
|
||||
config_load shadowsocks-rust
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||
# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||
# Released under GPL 3. See LICENSE for the full terms.
|
||||
|
||||
START=99
|
||||
|
||||
USE_PROCD=1
|
||||
|
||||
EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token"
|
||||
EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token set_bypass_ips"
|
||||
|
||||
. /usr/lib/unbound/iptools.sh
|
||||
|
||||
|
|
@ -944,6 +944,22 @@ _set_lan_ip() {
|
|||
fi
|
||||
}
|
||||
|
||||
_set_bypass_ips() {
|
||||
local settings
|
||||
[ -z "$servername" ] && servername=$1
|
||||
bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
|
||||
bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
|
||||
if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
|
||||
settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
|
||||
result=$(_set_json "bypass" "$settings")
|
||||
fi
|
||||
}
|
||||
|
||||
set_bypass_ips() {
|
||||
config_load openmptcprouter
|
||||
config_foreach _set_bypass_ips server
|
||||
}
|
||||
|
||||
_set_vpn_ip() {
|
||||
local settings
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
|
|
@ -997,7 +1013,7 @@ _set_client2client() {
|
|||
c2cid=$((c2cid+1))
|
||||
targetip=$(echo $lanip | awk -F '/' '{print $1}' | tr -d "\n")
|
||||
netmask=$(echo $lanip | awk -F '/' '{print $2}' | tr -d "\n")
|
||||
target=$(ipcalc.sh $targetip $netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
|
||||
target=$(ipcalc.sh $targetip/$netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.omr_client2client_${c2cid}=route
|
||||
set network.omr_client2client_${c2cid}.interface=omrvpn
|
||||
|
|
@ -2264,6 +2280,7 @@ _config_service() {
|
|||
config_foreach _get_lan_ip interface
|
||||
_set_lan_ip
|
||||
_set_sipalg
|
||||
_set_bypass_ips
|
||||
config_foreach _delete_client2client route
|
||||
if [ "$(uci -q get openmptcprouter.settings.vpn)" != "openvpn" ] && [ "$(echo "$vps_config" | jsonfilter -q -e '@.client2client.enabled')" == "true" ]; then
|
||||
_set_client2client
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue