addfix

2025-03-09 15:40:03 +00:00 · 2023-01-18 20:37:29 +08:00 · 2023-01-18 20:37:29 +08:00 · 8e11c19dc0
commit 8e11c19dc0
parent 2bb0dca0e2
43 changed files with 2004 additions and 0 deletions
--- a/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
+++ b/luci-app-ipsec-vpnd/root/etc/uci-defaults/luci-ipsec
@ -0,0 +1,81 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete firewall.ipsecd
+	set firewall.ipsecd=include
+	set firewall.ipsecd.type=script
+	set firewall.ipsecd.path=/etc/ipsec.include
+	set firewall.ipsecd.reload=1
+	commit firewall
+EOF
+
+uci -q batch <<-EOF >/dev/null
+	delete network.VPN
+	set network.VPN=interface
+	set network.VPN.ifname="ipsec0"
+	set network.VPN.proto="static"
+	set network.VPN.ipaddr="10.10.10.1"
+	set network.VPN.netmask="255.255.255.0"
+	
+	commit network
+		
+	delete firewall.ike
+	add firewall rule
+	rename firewall.@rule[-1]="ike"
+	set firewall.@rule[-1].name="ike"
+	set firewall.@rule[-1].target="ACCEPT"
+	set firewall.@rule[-1].src="wan"
+	set firewall.@rule[-1].proto="udp"
+	set firewall.@rule[-1].dest_port="500"
+  
+	delete firewall.ipsec
+	add firewall rule
+	rename firewall.@rule[-1]="ipsec"
+	set firewall.@rule[-1].name="ipsec"
+	set firewall.@rule[-1].target="ACCEPT"
+	set firewall.@rule[-1].src="wan"
+	set firewall.@rule[-1].proto="udp"
+	set firewall.@rule[-1].dest_port="4500"
+  
+	delete firewall.ah
+	add firewall rule
+	rename firewall.@rule[-1]="ah"
+	set firewall.@rule[-1].name="ah"
+	set firewall.@rule[-1].target="ACCEPT"
+	set firewall.@rule[-1].src="wan"
+	set firewall.@rule[-1].proto="ah"
+  
+	delete firewall.esp
+	add firewall rule
+	rename firewall.@rule[-1]="esp"
+	set firewall.@rule[-1].name="esp"
+	set firewall.@rule[-1].target="ACCEPT"
+	set firewall.@rule[-1].src="wan"
+	set firewall.@rule[-1].proto="esp"
+  
+	delete firewall.VPN
+	set firewall.VPN=zone
+	set firewall.VPN.name="VPN"
+	set firewall.VPN.input="ACCEPT"
+	set firewall.VPN.forward="ACCEPT"
+	set firewall.VPN.output="ACCEPT"
+	set firewall.VPN.network="VPN"
+	
+	delete firewall.vpn
+	set firewall.vpn=forwarding
+	set firewall.vpn.name="vpn"
+	set firewall.vpn.dest="wan"
+	set firewall.vpn.src="VPN"
+  
+	commit firewall
+EOF
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@ipsec[-1]
+	add ucitrack ipsec
+	set ucitrack.@ipsec[-1].init=ipsec
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0