mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-15 03:51:51 +00:00
Code Issues Releases Wiki Activity

Merge pull request #69 from Ysurac/develop

Browse source 
sync
This commit is contained in:
suyuan 2021-02-13 23:52:13 +08:00 committed by GitHub
commit c122aa2232
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 326 additions and 117 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/main.yml vendored
View file

@ -9,7 +9,7 @@ jobs:
build:
strategy:
matrix:
OMR_TARGET: [bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64]
OMR_TARGET: [bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64, ubnt-erx]
runs-on: ubuntu-latest
continue-on-error: true

4
bcm27xx-eeprom/Makefile
View file

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=bcm27xx-eeprom
PKG_VERSION:=3d6165304cb04bda4454e460dea791b5f92a122a
PKG_VERSION:=2fec47bd7f981c9cb21b0fb3fdd4fe07f23f9e3b
PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)?
PKG_HASH:=d6f25e3d962ea3c770ca1af78466371c47970381b48fb7c2acaf838966d327fc
PKG_HASH:=f54c26ec399801dee7d3d0cc0e969c28878b6f42c982e166c863edb91d2d2a21
PKG_LICENSE:=BSD-3-Clause Custom
PKG_LICENSE_FILES:=LICENSE

10
bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch
View file

@ -14,22 +14,24 @@ Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
--- a/rpi-eeprom-update
+++ b/rpi-eeprom-update
@@ -24,15 +24,15 @@ else
@@ -24,17 +24,17 @@ else
fi
# May be used to select beta or stable releases instead of the default critical updates.
-FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-critical}
# Selects the release sub-directory
-FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-default}
+FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-stable}
FIRMWARE_IMAGE_DIR=${FIRMWARE_IMAGE_DIR:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}}
-FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-/var/lib/raspberrypi/bootloader/backup}
+FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-${FIRMWARE_ROOT}/backup}
ENABLE_VL805_UPDATES=${ENABLE_VL805_UPDATES:-1}
USE_FLASHROM=${USE_FLASHROM:-0}
RECOVERY_BIN=${RECOVERY_BIN:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}/recovery.bin}
BOOTFS=${BOOTFS:-/boot}
-VCMAILBOX=${VCMAILBOX:-/opt/vc/bin/vcmailbox}
+VCMAILBOX=${VCMAILBOX:-/usr/bin/vcmailbox}
CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0}
RPI_EEPROM_UPDATE_CONFIG_TOOL="${RPI_EEPROM_UPDATE_CONFIG_TOOL:-raspi-config}"
DT_BOOTLOADER_TS=${DT_BOOTLOADER_TS:-/proc/device-tree/chosen/bootloader/build-timestamp}
EXIT_SUCCESS=0
EXIT_UPDATE_REQUIRED=1

9
bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch
View file

@ -24,12 +24,3 @@ Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
fi
LOCAL_MODE=0
@@ -345,7 +345,7 @@ Options:
-u Install the specified VL805 (USB EEPROM) image file.
Environment:
-Environment variables should be defined in /etc/default/rpi-eeprom-update
+Environment variables should be defined in /etc/bcm27xx-eeprom.conf
EEPROM_CONFIG_HOOK

4
bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch
View file

@ -1,6 +1,6 @@
--- a/rpi-eeprom-update 2020-11-05 21:58:02.247836497 +0100
+++ b/rpi-eeprom-update 2020-11-05 21:58:36.911266307 +0100
@@ -186,8 +186,8 @@
@@ -212,8 +212,8 @@
|| die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}"
# For NFS mounts ensure that the files are readable to the TFTP user
@ -11,7 +11,7 @@
fi
if [ -n "${VL805_UPDATE_IMAGE}" ]; then
@@ -198,8 +198,8 @@
@@ -224,8 +224,8 @@
|| die "Failed to copy ${VL805_UPDATE_IMAGE} to ${BOOTFS}/vl805.bin"
# For NFS mounts ensure that the files are readable to the TFTP user

2
luci-app-mptcp/luasrc/model/cbi/mptcp.lua
View file

@ -18,7 +18,7 @@ mtcpck:value(0, translate("disable"))
local mtcpck = s:option(ListValue, "mptcp_debug", translate("Multipath Debug"))
mtcpck:value(1, translate("enable"))
mtcpck:value(0, translate("disable"))
local mtcppm = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"))
local mtcppm = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"), translate("Default is fullmesh"))
mtcppm:value("default", translate("default"))
mtcppm:value("fullmesh", translate("fullmesh"))
mtcppm:value("ndiffports", translate("ndiffports"))

17
luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
View file

@ -36,6 +36,15 @@ end
function wizard_add()
local gostatus = true
-- Force WAN zone firewall members to be a list
local fwwan = sys.exec("uci -q get firewall.@zone[1].network")
luci.sys.call("uci -q delete firewall.@zone[1].network")
for interface in fwwan:gmatch("%S+") do
luci.sys.call("uci -q add_list firewall.@zone[1].network=" .. interface)
end
ucic:save("firewall")
-- Add new server
local add_server = luci.http.formvalue("add_server") or ""
local add_server_name = luci.http.formvalue("add_server_name") or ""
@ -190,7 +199,9 @@ function wizard_add()
for intf, _ in pairs(delete_intf) do
local defif = ucic:get("network",intf,"ifname")
ucic:delete("network",intf)
ucic:delete("network",intf .. "_dev")
if ucic:get("network",intf .. "_dev") ~= "" then
ucic:delete("network",intf .. "_dev")
end
ucic:save("network")
ucic:commit("network")
ucic:delete("sqm",intf)
@ -298,7 +309,9 @@ function wizard_add()
if proto == "dhcpv6" then
ucic:set("network",intf,"reqaddress","try")
ucic:set("network",intf,"reqprefix","auto")
ucic:set("network",intf,"reqprefix","no")
ucic:set("network",intf,"iface_map","0")
ucic:set("network",intf,"ipv6","1")
end
ucic:delete("openmptcprouter",intf,"lc")

14
luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
View file

@ -68,7 +68,7 @@
</div>
<h3><%=servername%></h3>
<div class="cbi-section-node" id="cbi-omr-wizard-<%=servername%>">
<div class="cbi-value" id="<%=servername%>.server_ip" data-depends="[{&#34;enableipv6&#34;:&#34;1&#34;}]" data-index="8">
<div class="cbi-value" id="<%=servername%>.server_ip" data-depends="[{&#34;enableipv6&#34;:&#34;1&#34;}]" data-index="1">
<label class="cbi-value-title" for="server_ip.1"><%:Server IP%></label>
<div class="cbi-value-field">
<input name="<%=servername%>.serverip.ip1" id="<%=servername%>.server_ip.1" placeholder="<%:Server IP%>" class="cbi-input-text" value="<%=uci:get_list("openmptcprouter",servername,"ip")[1]%>" data-optional="false">
@ -77,7 +77,7 @@
</div>
</div>
</div>
<div class="cbi-value" id="<%=servername%>.server_ipv6" data-depends="[{&#34;enableipv6&#34;:&#34;0&#34;}]" data-index="8">
<div class="cbi-value" id="<%=servername%>.server_ipv6" data-depends="[{&#34;enableipv6&#34;:&#34;0&#34;}]" data-index="1">
<label class="cbi-value-title" for="server_ip.1"><%:Server IP%></label>
<div class="cbi-value-field">
<input name="<%=servername%>.serverip.ip1" id="<%=servername%>.server_ip.1" placeholder="<%:Primary server IP%>" class="cbi-input-text" value="<%=uci:get_list("openmptcprouter",servername,"ip")[1]%>" data-optional="false">
@ -86,12 +86,12 @@
<%:Server IP will be set for proxy and VPN%>
</div>
<div class="cbi-value-description">
<%:A secondary server IP can be set for dual IPv4/IPv6 server contact if WAN IPv6 are set%>
<%:A second server's IP can be set for dual IPv4/IPv6 server if WAN IPv6 are set%>
</div>
</div>
</div>
<br />
<div class="cbi-value">
<div class="cbi-value" data-index="2">
<label class="cbi-value-title"><%:Server username%></label>
<div class="cbi-value-field">
<input type="text" name="<%=servername%>.openmptcprouter_vps_username" placeholder="<%:Server username%>" class="cbi-input-text" value="<%=uci:get("openmptcprouter",servername,"username")%>" data-optional="false">
@ -101,7 +101,7 @@
</div>
</div>
</div>
<div class="cbi-value">
<div class="cbi-value" data-index="3">
<label class="cbi-value-title"><%:Server key%></label>
<div class="cbi-value-field">
<input type="text" name="<%=servername%>.openmptcprouter_vps_key" placeholder="<%:Server key%>" class="cbi-input-text" value="<%=uci:get("openmptcprouter",servername,"password")%>" data-optional="false">
@ -115,7 +115,7 @@
if nbserver > 1 then
%>
<br />
<div class="cbi-value">
<div class="cbi-value" data-index="4">
<label class="cbi-value-title"><%:Set server as master%></label>
<div class="cbi-value-field">
<input class="cbi-input-radio" type="radio" name="master" value="<%=servername%>" <% if uci:get("openmptcprouter",servername,"master") == "1" then %>checked<% end %>/>
@ -129,7 +129,7 @@
end
%>
<br />
<div class="cbi-value">
<div class="cbi-value" data-index="5">
<label class="cbi-value-title"><%:Disable server%></label>
<div class="cbi-value-field">
<input class="cbi-input-radio" type="checkbox" name="<%=servername%>.openmptcprouter_vps_disabled" value="1" <% if uci:get("openmptcprouter",servername,"disabled") == "1" then %>checked<% end %>/>

11
luci-app-openmptcprouter/root/etc/init.d/openmptcprouter
View file

@ -1,5 +1,5 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Released under GPL 3. See LICENSE for the full terms.
START=5
@ -66,7 +66,7 @@ omr_set_settings() {
uci -q set openmptcprouter.$1=interface
uci -q set openmptcprouter.$1.multipath="$multipath"
config_get disable_ipv6 settings disable_ipv6 "0"
if [ "$disable_ipv6" = "1" ] || [ "$1" != "omr6in4" ]; then
if [ "$proto" != "dhcpv6" ] && ([ "$disable_ipv6" = "1" ] || [ "$1" != "omr6in4" ]); then
uci -q set network.$1.ipv6=0
else
uci -q set network.$1.ipv6=1
@ -78,6 +78,13 @@ omr_set_settings() {
[ -z "$ifname" ] && ifname=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
if [ -n "$ifname" ]; then
if [ "$proto" = "dhcpv6" ]; then
# Change interface name for sysctl in case of VLAN (eth0.2 => eth0/2)
ifnamesys=$(echo $ifname | sed 's:\.:/:')
sysctl -qw net.ipv6.conf.${ifnamesys}.disable_ipv6=0
sysctl -qw net.ipv6.conf.${ifnamesys}.accept_ra=1
fi
if [ "$addlatency" = "0" ] && [ "$(tc qdisc show dev $ifname | grep delay)" != "" ]; then
tc qdisc del dev ${ifname} root netem
fi

14
luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
View file

@ -1232,7 +1232,12 @@ function interfaces_status()
if gateway ~= "" or gateway6 ~= "" then
if uci:get("openmptcprouter", "settings", "disablegwping") ~= "1" and connectivity ~= "ERROR" then
if gateway ~= "" then
local gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway .. " | grep '100% packet loss'"))
local gw_ping_test = ""
if ifname ~= "" and ifname ~= nil then
gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 -I " .. ifname .. " " .. gateway .. " | grep '100% packet loss'"))
else
gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway .. " | grep '100% packet loss'"))
end
if gw_ping_test ~= "" then
gw_ping = "DOWN"
if connectivity == "OK" then
@ -1241,7 +1246,12 @@ function interfaces_status()
end
end
if gateway6 ~= "" then
local gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway6 .. " | grep '100% packet loss'"))
local gw_ping6_test = ""
if ifname ~= "" and ifname ~= nil then
gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 -I " .. ifname .. " " .. gateway6 .. " | grep '100% packet loss'"))
else
gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway6 .. " | grep '100% packet loss'"))
end
if gw_ping6_test ~= "" then
gw_ping6 = "DOWN"
if connectivity == "OK" then

2
luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js
View file

@ -491,7 +491,7 @@ return view.extend({
so.datatype = 'or(ip4addr,"ignore")';
so.rmempty = true;
so = ss.option(form.Value, 'leasetime', _('Lease time'), _('The lease time is minutes (mini 2m), hours (eg 1h) or "infinite"'));
so = ss.option(form.Value, 'leasetime', _('Lease time'), _('The lease time is in minutes (mini 2m), hours (eg 1h) or "infinite"'));
so.placeholder = '12h';
so.rmempty = true;

159
omr-tracker/files/bin/omr-tracker-server
View file

@ -37,9 +37,26 @@ _check_server() {
done
}
_disable_redir() {
local redir=$1
config_get server $redir server
if [ "$server" = "sss${count}" ]; then
config_set $redir disabled "1"
fi
}
_enable_redir() {
local redir=$1
config_get server $redir server
if [ "$server" = "sss${count}" ]; then
config_set $redir disabled "0"
fi
}
_check_master() {
local name=$1
local count=0
local countips=0
config_get master $1 master
config_get ip $1 ip
config_get port $1 port "65500"
@ -49,39 +66,47 @@ _check_master() {
local ip=$1
#_ping_server $ip
_check_server $ip $port
[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ] && {
logger -t "OMR-Tracker-Server" "Master server up, set it back"
logger -t "OMR-Tracker-Server" "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n') - $ip"
uci -q batch <<-EOF >/dev/null
set shadowsocks-libev.sss${count}.server=$ip
commit shadowsocks-libev
EOF
if [ "$count" -eq "0" ]; then
if [ "$server_ping" = true ]; then
if [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ]; then
logger -t "OMR-Tracker-Server" "Master server ${name} up ($ip), set it back"
#logger -t "OMR-Tracker-Server" "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n') - $ip"
uci -q batch <<-EOF >/dev/null
set v2ray.omrout.s_vmess_address=$ip
set v2ray.omrout.s_vless_address=$ip
commit v2ray
set glorytun.vpn.host=$ip
commit glorytun
set dsvpn.vpn.host=$ip
commit dsvpn
set mlvpn.general.host=$ip
commit mlvpn
del openvpn.omr.remote
add_list openvpn.omr.remote=$ip
commit openvpn
set shadowsocks-libev.sss${count}.server=$ip
commit shadowsocks-libev
EOF
/etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null
/etc/init.d/v2ray restart >/dev/null 2>/dev/null
/etc/init.d/glorytun restart >/dev/null 2>/dev/null
/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
/etc/init.d/openvpn restart >/dev/null 2>/dev/null
/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
if [ "$count" -eq "0" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.omrout.s_vmess_address=$ip
set v2ray.omrout.s_vless_address=$ip
commit v2ray
set glorytun.vpn.host=$ip
commit glorytun
set dsvpn.vpn.host=$ip
commit dsvpn
set mlvpn.general.host=$ip
commit mlvpn
del openvpn.omr.remote
add_list openvpn.omr.remote=$ip
commit openvpn
EOF
/etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null
/etc/init.d/v2ray restart >/dev/null 2>/dev/null
/etc/init.d/glorytun restart >/dev/null 2>/dev/null
/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
/etc/init.d/openvpn restart >/dev/null 2>/dev/null
/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
fi
/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
fi
/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
}
count=$((count+1))
config_load shadowsocks-libev
config_foreach _enable_redir ss_redir
count=$((count+1))
else
config_load shadowsocks-libev
config_foreach _disable_redir ss_redir
fi
countips=$((countips+1))
}
config_list_foreach $1 ip set_ip
break
@ -91,6 +116,7 @@ _check_master() {
_check_backup() {
local name=$1
local count=0
local countips=0
config_get backup $1 backup
config_get ip $1 ip
config_get port $1 port
@ -99,43 +125,52 @@ _check_backup() {
set_ip() {
#_ping_server $ip
_check_server $ip $port
[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" = "$ip" ] && break
[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ] && {
logger -t "OMR-Tracker-Server" "Use backup server $1 ($ip)"
uci -q batch <<-EOF >/dev/null
set shadowsocks-libev.sss${count}.server=$ip
commit shadowsocks-libev
EOF
if [ "$count" -eq "0" ]; then
#[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" = "$ip" ] && break
if [ "$server_ping" = true ]; then
if [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ]; then
logger -t "OMR-Tracker-Server" "Use backup server $1 ($ip)"
uci -q batch <<-EOF >/dev/null
set v2ray.omrout.s_vmess_address=$ip
set v2ray.omrout.s_vless_address=$ip
commit v2ray
set glorytun.vpn.host=$ip
commit glorytun
set dsvpn.vpn.host=$ip
commit dsvpn
set mlvpn.general.host=$ip
commit mlvpn
del openvpn.omr.remote
add_list openvpn.omr.remote=$ip
commit openvpn
set shadowsocks-libev.sss${count}.server=$ip
commit shadowsocks-libev
EOF
/etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null
/etc/init.d/v2ray restart >/dev/null 2>/dev/null
/etc/init.d/glorytun restart >/dev/null 2>/dev/null
/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
/etc/init.d/openvpn restart >/dev/null 2>/dev/null
/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
if [ "$count" -eq "0" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.omrout.s_vmess_address=$ip
set v2ray.omrout.s_vless_address=$ip
commit v2ray
set glorytun.vpn.host=$ip
commit glorytun
set dsvpn.vpn.host=$ip
commit dsvpn
set mlvpn.general.host=$ip
commit mlvpn
del openvpn.omr.remote
add_list openvpn.omr.remote=$ip
commit openvpn
EOF
/etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null
/etc/init.d/v2ray restart >/dev/null 2>/dev/null
/etc/init.d/glorytun restart >/dev/null 2>/dev/null
/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
/etc/init.d/openvpn restart >/dev/null 2>/dev/null
/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
fi
/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
sleep $waittest
fi
/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
sleep $waittest
break
}
count=$((count+1))
config_load shadowsocks-libev
config_foreach _enable_redir ss_redir
count=$((count+1))
else
config_load shadowsocks-libev
config_foreach _disable_redir ss_redir
fi
countips=$((countips+1))
}
config_list_foreach $1 ip set_ip
uci -q commit shadowsocks-libev
[ "$server_ping" = true ] && break
}
}

16
openmptcprouter/files/bin/omr-test-speed
View file

@ -28,11 +28,15 @@ if [ -z "$INTERFACE" ]; then
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset add ss_rules_dst_bypass_all $ip
done
fi
curl -4 --interface $INTERFACE $HOST >/dev/null || echo
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then
for ip in $hostip; do
ipset del ss_rules_dst_bypass_all $ip
done
fi
fi

22
openmptcprouter/files/bin/omr-test-speedv6
View file

@ -3,14 +3,14 @@
INTERFACE="$1"
echo "Select best test server..."
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin"
bestping="999"
for pinghost in $HOSTLST; do
domain=$(echo $pinghost | awk -F/ '{print $3}')
if [ -z "$INTERFACE" ]; then
ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1)
else
ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1)
fi
echo "host: $domain - ping: $ping"
if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then
@ -28,11 +28,15 @@ if [ -z "$INTERFACE" ]; then
else
domain=$(echo $HOST | awk -F/ '{print $3}')
hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ')
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset add ss_rules6_dst_bypass_all $ip
done
fi
curl -6 --interface $INTERFACE $HOST >/dev/null || echo
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then
for ip in $hostip; do
ipset del ss_rules6_dst_bypass_all $ip
done
fi
fi

19
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -804,6 +804,9 @@ _vps_firewall_redirect_port() {
config_get src_ip $1 src_ip
config_get v2ray $1 v2ray "0"
config_get dmz $1 dmz "0"
if [ -z "$src_dport" ] && [ -n "$dest_port" ]; then
src_dport=$dest_port
fi
if [ "$dmz" = "1" ] && [ "$src_dport" != "2-64999" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.${section}.src_dport='2-64999'
@ -971,6 +974,15 @@ _vps_firewall_close_port() {
}
_set_vps_firewall() {
fw3 -q print | grep 'vpn.* -d' |
while IFS=$"\n" read -r c; do
eval $(echo $c | sed 's/iptables/iptables -w/' | sed 's/-A/-D/') 2>&1 >/dev/null
newrule=$(echo $c | sed 's/iptables/iptables -w/' | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//')
eval $(echo $newrule | sed 's/-A/-D/') || true
eval $newrule
done
#'
fwservername=$1
[ -z "$servername" ] && servername=$fwservername
[ -z "$fwservername" ] && fwservername=$servername
@ -1005,13 +1017,6 @@ _set_vps_firewall() {
}
set_vps_firewall() {
fw3 -q print | grep 'vpn.* -d' |
while IFS=$"\n" read -r c; do
eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null
newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//')
eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule
done
#'
config_load openmptcprouter
config_foreach _set_vps_firewall server
}

138
openmptcprouter/files/etc/uci-defaults/1940-omr-dns
View file

@ -66,6 +66,144 @@ fi
# commit unbound
#EOF
if [ -z "$(uci -q unbound.auth_icann)" ]; then
uci -q batch <<-EOF >/dev/null
set unbound.auth_icann=zone
set unbound.auth_icann.fallback='1'
set unbound.auth_icann.url_dir='https://www.internic.net/domain/'
set unbound.auth_icann.zone_type='auth_zone'
add_list unbound.auth_icann.server='lax.xfr.dns.icann.org'
add_list unbound.auth_icann.server='iad.xfr.dns.icann.org'
add_list unbound.auth_icann.zone_name='.'
add_list unbound.auth_icann.zone_name='arpa.'
add_list unbound.auth_icann.zone_name='in-addr.arpa.'
add_list unbound.auth_icann.zone_name='ip6.arpa.'
set unbound.auth_icann.enabled='1'
set unbound.fwd_isp=zone
set unbound.fwd_isp.enabled='0'
set unbound.fwd_isp.fallback='1'
set unbound.fwd_isp.resolv_conf='1'
set unbound.fwd_isp.zone_type='forward_zone'
add_list unbound.fwd_isp.zone_name='isp-bill.example.com.'
add_list unbound.fwd_isp.zone_name='isp-mail.example.net.'
set unbound.fwd_google=zone
set unbound.fwd_google.enabled='0'
set unbound.fwd_google.fallback='1'
set unbound.fwd_google.tls_index='dns.google'
set unbound.fwd_google.tls_upstream='1'
set unbound.fwd_google.zone_type='forward_zone'
add_list unbound.fwd_google.server='8.8.4.4'
add_list unbound.fwd_google.server='8.8.8.8'
add_list unbound.fwd_google.server='2001:4860:4860::8844'
add_list unbound.fwd_google.server='2001:4860:4860::8888'
set unbound.fwd_google.zone_name='.'
set unbound.fwd_cloudflare=zone
set unbound.fwd_cloudflare.enabled='0'
set unbound.fwd_cloudflare.fallback='1'
set unbound.fwd_cloudflare.tls_index='cloudflare-dns.com'
set unbound.fwd_cloudflare.tls_upstream='1'
set unbound.fwd_cloudflare.zone_type='forward_zone'
add_list unbound.fwd_cloudflare.server='1.1.1.1'
add_list unbound.fwd_cloudflare.server='1.0.0.1'
add_list unbound.fwd_cloudflare.server='2606:4700:4700::1111'
add_list unbound.fwd_cloudflare.server='2606:4700:4700::1001'
set unbound.fwd_cloudflare.zone_name='.'
EOF
fi
if [ -z "$(uci -q get unbound.fwd_adguard_family)" ]; then
uci -q batch <<-EOF >/dev/null
set unbound.fwd_adguard_family=zone
set unbound.fwd_adguard_family.enabled='0'
set unbound.fwd_adguard_family.fallback='1'
set unbound.fwd_adguard_family.tls_index='dns-family.adguard.com'
set unbound.fwd_adguard_family.tls_upstream='1'
set unbound.fwd_adguard_family.zone_type='forward_zone'
add_list unbound.fwd_adguard_family.server='176.103.130.132'
add_list unbound.fwd_adguard_family.server='176.103.130.134'
set unbound.fwd_adguard_family.zone_name='.'
set unbound.fwd_adguard_standard=zone
set unbound.fwd_adguard_standard.enabled='0'
set unbound.fwd_adguard_standard.fallback='1'
set unbound.fwd_adguard_standard.tls_index='dns.adguard.com'
set unbound.fwd_adguard_standard.tls_upstream='1'
set unbound.fwd_adguard_standard.zone_type='forward_zone'
add_list unbound.fwd_adguard_standard.server='176.103.130.130'
add_list unbound.fwd_adguard_standard.server='176.103.130.131'
set unbound.fwd_adguard_standard.zone_name='.'
set unbound.fwd_cloudflare_family=zone
set unbound.fwd_cloudflare_family.enabled='0'
set unbound.fwd_cloudflare_family.fallback='1'
set unbound.fwd_cloudflare_family.tls_index='family.cloudflare-dns.com'
set unbound.fwd_cloudflare_family.tls_upstream='1'
set unbound.fwd_cloudflare_family.zone_type='forward_zone'
add_list unbound.fwd_cloudflare_family.server='1.1.1.3'
add_list unbound.fwd_cloudflare_family.server='1.0.0.3'
set unbound.fwd_cloudflare_family.zone_name='.'
set unbound.fwd_cloudflare_malware=zone
set unbound.fwd_cloudflare_malware.enabled='0'
set unbound.fwd_cloudflare_malware.fallback='1'
set unbound.fwd_cloudflare_malware.tls_index='security.cloudflare-dns.com'
set unbound.fwd_cloudflare_malware.tls_upstream='1'
set unbound.fwd_cloudflare_malware.zone_type='forward_zone'
add_list unbound.fwd_cloudflare_malware.server='1.1.1.2'
add_list unbound.fwd_cloudflare_malware.server='1.0.0.2'
set unbound.fwd_cloudflare_malware.zone_name='.'
set unbound.fwd_odvr=zone
set unbound.fwd_odvr.enabled='0'
set unbound.fwd_odvr.fallback='1'
set unbound.fwd_odvr.tls_index='odvr.nic.cz'
set unbound.fwd_odvr.tls_upstream='1'
set unbound.fwd_odvr.zone_type='forward_zone'
add_list unbound.fwd_odvr.server='193.17.47.1'
add_list unbound.fwd_odvr.server='185.43.135.1'
set unbound.fwd_odvr.zone_name='.'
set unbound.fwd_libredns=zone
set unbound.fwd_libredns.enabled='0'
set unbound.fwd_libredns.fallback='1'
set unbound.fwd_libredns.tls_index='doh.libredns.gr'
set unbound.fwd_libredns.tls_upstream='1'
set unbound.fwd_libredns.zone_type='forward_zone'
add_list unbound.fwd_libredns.server='116.202.176.26'
set unbound.fwd_libredns.zone_name='.'
set unbound.fwd_quad9_recommended=zone
set unbound.fwd_quad9_recommended.enabled='0'
set unbound.fwd_quad9_recommended.fallback='1'
set unbound.fwd_quad9_recommended.tls_index='dns.quad9.net'
set unbound.fwd_quad9_recommended.tls_upstream='1'
set unbound.fwd_quad9_recommended.zone_type='forward_zone'
add_list unbound.fwd_quad9_recommended.server='9.9.9.9'
add_list unbound.fwd_quad9_recommended.server='149.112.112.112'
set unbound.fwd_quad9_recommended.zone_name='.'
set unbound.fwd_quad9_unsecured=zone
set unbound.fwd_quad9_unsecured.enabled='0'
set unbound.fwd_quad9_unsecured.fallback='1'
set unbound.fwd_quad9_unsecured.tls_index='dns10.quad9.net'
set unbound.fwd_quad9_unsecured.tls_upstream='1'
set unbound.fwd_quad9_unsecured.zone_type='forward_zone'
add_list unbound.fwd_quad9_unsecured.server='9.9.9.10'
add_list unbound.fwd_quad9_unsecured.server='149.112.112.10'
set unbound.fwd_quad9_unsecured.zone_name='.'
set unbound.fwd_quad9_ecs=zone
set unbound.fwd_quad9_ecs.enabled='0'
set unbound.fwd_quad9_ecs.fallback='1'
set unbound.fwd_quad9_ecs.tls_index='dns11.quad9.net'
set unbound.fwd_quad9_ecs.tls_upstream='1'
set unbound.fwd_quad9_ecs.zone_type='forward_zone'
add_list unbound.fwd_quad9_ecs.server='9.9.9.11'
add_list unbound.fwd_quad9_ecs.server='149.112.112.11'
set unbound.fwd_quad9_ecs.zone_name='.'
set unbound.fwd_quad9_secured=zone
set unbound.fwd_quad9_secured.enabled='0'
set unbound.fwd_quad9_secured.fallback='1'
set unbound.fwd_quad9_secured.tls_index='dns9.quad9.net'
set unbound.fwd_quad9_secured.tls_upstream='1'
set unbound.fwd_quad9_secured.zone_type='forward_zone'
add_list unbound.fwd_quad9_secured.server='9.9.9.9'
add_list unbound.fwd_quad9_secured.server='149.112.112.9'
set unbound.fwd_quad9_secured.zone_name='.'
EOF
fi
rm -f /tmp/luci-indexcache