Add MPTCP over VPN

luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua

@@ -101,6 +101,7 @@ function wizard_add()
 		ucic:set("network","wan" .. i,"interface")
 		ucic:set("network","wan" .. i,"ifname",defif)
 		ucic:set("network","wan" .. i,"proto","static")
+		ucic:set("openmptcprouter","wan" .. i,"interface")
 		if ointf ~= "" then
 			ucic:set("network","wan" .. i,"type","macvlan")
 			ucic:set("macvlan","wan" .. i,"macvlan")
@@ -202,6 +203,10 @@ function wizard_add()
 		ucic:delete("openmptcprouter",intf,"lc")
 		ucic:save("openmptcprouter")
 
+		local multipathvpn = luci.http.formvalue("multipathvpn.%s.enabled" % intf) or "0"
+		ucic:set("openmptcprouter",intf,"multipathvpn",multipathvpn)
+		ucic:save("openmptcprouter")
+
 		local downloadspeed = luci.http.formvalue("cbid.sqm.%s.download" % intf) or "0"
 		local uploadspeed = luci.http.formvalue("cbid.sqm.%s.upload" % intf) or "0"
 

luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm

@@ -281,8 +281,11 @@ end
 <% 
     for _, iface in ipairs(net:get_networks()) do
 	local ifname = iface:name()
-	local multipath = uci:get("network",ifname,"multipath")
-	if multipath ~= "off" then
+	--local multipath = uci:get("network",ifname,"multipath")
+	local multipath = uci:get("openmptcprouter",ifname,"multipath")
+	local multipathvpn = uci:get("openmptcprouter",ifname,"multipathvpn")
+	local vpn = uci:get("openmptcprouter",ifname,"vpn")
+	if (multipath ~= nil and multipath ~= "off" and vpn ~= "1") or multipathvpn == "1" then
 %>
 	    <div class="cbi-section-remove right">
 		<input type="submit" name="delete.<%=ifname%>" value="<%:Delete%>" class="cbi-button" />
@@ -346,16 +349,26 @@ end
 			end
 		%>
 		<div class="cbi-value" data-index="5">
+		    <label class="cbi-value-title"><%:MPTCP over VPN%></label>
+		    <div class="cbi-value-field">
+			<input class="cbi-input-checkbox" type="checkbox" name="multipathvpn.<%=ifname%>.enabled" value="1" <% if uci:get("openmptcprouter",ifname,"multipathvpn") == "1" then %>checked<% end %> />
+			<br />
+			<div class="cbi-value-description">
+			    <%:You can enable MPTCP over VPN if your provider filter Multipath TCP.%>
+			</div>
+		    </div>
+		</div>
+		<div class="cbi-value" data-index="6">
 		    <label class="cbi-value-title"><%:Enable SQM%></label>
 		    <div class="cbi-value-field">
-			<input class="cbi-input-checkbox" type="checkbox" name="cbid.sqm.<%=ifname%>.enabled" value="1" <% if uci:get("sqm",ifname,"enabled") == 1 then %>checked<% end %> />
+			<input class="cbi-input-checkbox" type="checkbox" name="cbid.sqm.<%=ifname%>.enabled" value="1" <% if uci:get("sqm",ifname,"enabled") == "1" then %>checked<% end %> />
 			<br />
 			<div class="cbi-value-description">
 			    <%:You should disable SQM for LTE or any interfaces with variable speed.%>
 			</div>
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="6">
+		<div class="cbi-value" data-index="7">
 		    <label class="cbi-value-title"><%:Download speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.download" class="cbi-input-text" value="<%=download%>" data-type="uinteger">
@@ -371,7 +384,7 @@ end
 			-->
 		    </div>
 		</div>
-		<div class="cbi-value" data-index="7">
+		<div class="cbi-value" data-index="8">
 		    <label class="cbi-value-title"><%:Upload speed (Kb/s)%></label>
 		    <div class="cbi-value-field">
 			<input type="text" name="cbid.sqm.<%=ifname%>.upload" class="cbi-input-text" value="<%=upload%>" data-type="uinteger">

openmptcprouter/files/etc/init.d/mptcpovervpn

@@ -0,0 +1,131 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Released under GPL 3. See LICENSE for the full terms.
+
+{
+	START=10
+	STOP=10
+	USE_PROCD=1
+}
+
+mptcp_over_vpn() {
+	local interface=$1
+	nbintf=$(($nbintf+1))
+	if [ "$(uci -q get openmptcprouter.${interface}.multipathvpn)" = "1" ]; then
+		nbintfvpn=$(($nbintfvpn+1))
+		logger -t "MPTCPoverVPN" "Enable MPTCP over VPN for ${interface}"
+		id=$(uci -q get network.${interface}.metric)
+		remoteip=$(uci -q get openmptcprouter.vps.ip)
+		localip=$(ubus call network.interface.$interface status | jsonfilter -e '@["ipv4-address"][0].address' | tr -d "\n")
+		multipath=$(uci -q get network.${interface}.multipath)
+		[ -z "$multipath" ] && multipath="on"
+		uci -q batch <<-EOF >/dev/null
+			set network.ovpn${interface}=interface
+			set network.ovpn${interface}.ifname="tun${id}"
+			set network.ovpn${interface}.defaultroute='0'
+			set network.ovpn${interface}.peerdns='0'
+			set network.ovpn${interface}.proto='none'
+			set network.ovpn${interface}.multipath='on'
+			commit network
+			set openvpn.${interface}=openvpn
+			set openvpn.${interface}.dev="tun${id}"
+			set openvpn.${interface}.cipher='AES-256-CBC'
+			set openvpn.${interface}.port='65301'
+			set openvpn.${interface}.remote="${remoteip}"
+			set openvpn.${interface}.local="${localip}"
+			set openvpn.${interface}.lport='0'
+			set openvpn.${interface}.ncp_disable='1'
+			set openvpn.${interface}.auth_nocache='1'
+			set openvpn.${interface}.proto='udp'
+			set openvpn.${interface}.client='1'
+			set openvpn.${interface}.enabled='1'
+			set openvpn.${interface}.allow_recursive_routing='1'
+			set openvpn.${interface}.key='/etc/luci-uploads/client.key'
+			set openvpn.${interface}.cert='/etc/luci-uploads/client.crt'
+			set openvpn.${interface}.ca='/etc/luci-uploads/ca.crt'
+			commit openvpn
+			set openmptcprouter.${interface}.multipath="off"
+			set openmptcprouter.${interface}.multipathvpn="1"
+			set openmptcprouter.ovpn${interface}="interface"
+			set openmptcprouter.ovpn${interface}.multipath="${multipath}"
+			set openmptcprouter.ovpn${interface}.vpn="1"
+			commit openmptcprouter
+		EOF
+	elif [ "$(uci -q get openmptcprouter.opvn${interface})" != "" ]; then
+		logger -t "MPTCPoverVPN" "Disable MPTCP over VPN for ${interface}"
+		multipath=$(uci -q get openmptcprouter.opvn${interface}.multipath)
+		[ -z "$multipath" ] && multipath="on"
+		uci -q batch <<-EOF >/dev/null
+			delete network.ovpn${interface}
+			commit network
+			delete openvpn.${interface}
+			commit openvpn
+			set openmptcprouter.${interface}.multipath="${multipath}"
+			set openmptcprouter.${interface}.multipathvpn="0"
+			commit openmptcprouter
+		EOF
+	fi
+}
+
+start_service()
+{
+	nbintf=0
+	nbintfvpn=0
+	config_load openmptcprouter
+	config_foreach mptcp_over_vpn interface
+	if [ "$nbintf" = "$nbintfvpn" ]; then
+		uci -q batch <<-EOF >/dev/null
+			set shadowsocks-libev.sss0.disabled='1'
+			set glorytun.vpn.host='10.255.250.1'
+		EOF
+	elif [ "$(uci -q get glorytun.vpn.host)" = "10.255.250.1" ]; then
+		uci -q batch <<-EOF >/dev/null
+			delete shadowsocks-libev.sss0.disabled
+			set glorytun.vpn.host="$(uci -q get openmptcprouter.vps.ip)"
+		EOF
+	fi
+	NBCPU=$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")
+	if [ "$nbintfvpn" != 0 ]; then
+		for c in $(seq 2 $NBCPU); do
+			uci -q batch <<-EOF >/dev/null
+				set shadowsocks-libev.mptcpovervpn=server
+				set shadowsocks-libev.mptcpovervpn.server_port="$(uci -q get shadowsocks-libev.sss0.server_port)"
+				set shadowsocks-libev.mptcpovervpn.key="$(uci -q get shadowsocks-libev.sss0.key)"
+				set shadowsocks-libev.mptcpovervpn.method="$(uci -q get shadowsocks-libev.sss0.method)"
+				set shadowsocks-libev.mptcpovervpn.server="10.255.250.1"
+				set shadowsocks-libev.hivpn$c=ss_redir
+				set shadowsocks-libev.hivpn$c.server="mptcpovervpn"
+				set shadowsocks-libev.hivpn$c.local_address='0.0.0.0'
+				set shadowsocks-libev.hivpn$c.local_port='1101'
+				set shadowsocks-libev.hivpn$c.mode='tcp_and_udp'
+				set shadowsocks-libev.hivpn$c.timeout='1000'
+				set shadowsocks-libev.hivpn$c.fast_open='1'
+				set shadowsocks-libev.hivpn$c.verbose='0'
+				set shadowsocks-libev.hivpn$c.syslog='1'
+				set shadowsocks-libev.hivpn$c.reuse_port='1'
+				set shadowsocks-libev.hivpn$c.mptcp='1'
+				set shadowsocks-libev.hivpn$c.ipv6_first='1'
+				set shadowsocks-libev.hivpn$c.no_delay='1'
+			EOF
+		done
+		uci -q batch <<-EOF >/dev/null
+			commit shadowsocks-libev
+		EOF
+	elif [ "$(shadowsocks-libev.hivpn1)" != "" ]; then
+		for c in $(seq 2 $NBCPU); do
+			uci -q batch <<-EOF >/dev/null
+				delete shadowsocks-libev.hivpn$c
+			EOF
+		done
+		uci -q batch <<-EOF >/dev/null
+			delete shadowsocks-libev.sss0.disabled
+		EOF
+		uci -q batch <<-EOF >/dev/null
+			commit shadowsocks-libev
+		EOF
+	fi
+}
+
+service_triggers() {
+	procd_add_reload_trigger mptcpovervpn network
+}

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -685,6 +685,18 @@ _set_config_from_vps() {
 		logger -t "OMR-VPS" "OpenVPN restart..."
 		/etc/init.d/openvpn restart
 	}
+	openvpn_client_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_key')"
+	[ -n "$openvpn_client_key" ] && {
+		echo $openvpn_client_key | base64 -d > /etc/luci-uploads/client.key
+	}
+	openvpn_client_crt="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_crt')"
+	[ -n "$openvpn_client_crt" ] && {
+		echo $openvpn_client_crt | base64 -d > /etc/luci-uploads/client.crt
+	}
+	openvpn_client_ca="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_ca')"
+	[ -n "$openvpn_client_ca" ] && {
+		echo $openvpn_client_ca | base64 -d > /etc/luci-uploads/ca.crt
+	}
 
 	# MLVPN settings
 	mlvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.mlvpn.key')"

openmptcprouter/files/etc/uci-defaults/2021-omr-mptcpovervpn

@@ -0,0 +1,14 @@
+#!/bin/sh
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@mptcpovervpn[-1]
+	add ucitrack mptcpovervpn
+	set ucitrack.@mptcpovervpn[-1].init="mptcpovervpn"
+	commit ucitrack
+EOF
+if [ "$(uci -q get ucitrack.@network[-1].affects | grep mptcpovervpn)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		add_list ucitrack.@network[-1].affects="mptcpovervpn"
+		commit ucitrack
+	EOF
+fi
+exit 0