From e7279f36abc5d8947defe87daf9b3dc2fe91f8f1 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 14:34:41 +0100 Subject: [PATCH 01/15] Add default information for luci-app-mptcp --- luci-app-mptcp/luasrc/model/cbi/mptcp.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/luci-app-mptcp/luasrc/model/cbi/mptcp.lua b/luci-app-mptcp/luasrc/model/cbi/mptcp.lua index a69f69e3e..27654e021 100644 --- a/luci-app-mptcp/luasrc/model/cbi/mptcp.lua +++ b/luci-app-mptcp/luasrc/model/cbi/mptcp.lua @@ -18,7 +18,7 @@ mtcpck:value(0, translate("disable")) local mtcpck = s:option(ListValue, "mptcp_debug", translate("Multipath Debug")) mtcpck:value(1, translate("enable")) mtcpck:value(0, translate("disable")) -local mtcppm = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager")) +local mtcppm = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"), translate("Default is fullmesh")) mtcppm:value("default", translate("default")) mtcppm:value("fullmesh", translate("fullmesh")) mtcppm:value("ndiffports", translate("ndiffports")) From 4b68351f4c80b012a36626da9cee9be536779956 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 14:35:14 +0100 Subject: [PATCH 02/15] Fix wizard display when IPv6 enabled --- .../luasrc/view/openmptcprouter/wizard.htm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm index ba31c9dd7..317d7051c 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm @@ -68,7 +68,7 @@

<%=servername%>

-
+
" data-optional="false"> @@ -77,7 +77,7 @@
-
+
" data-optional="false"> From 57fff1658e2b6a2179b4a5ea7baa242482b950d3 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 14:35:48 +0100 Subject: [PATCH 03/15] Track both server IP --- omr-tracker/files/bin/omr-tracker-server | 159 ++++++++++++++--------- 1 file changed, 97 insertions(+), 62 deletions(-) diff --git a/omr-tracker/files/bin/omr-tracker-server b/omr-tracker/files/bin/omr-tracker-server index 5bd212fdb..8c0e7c577 100755 --- a/omr-tracker/files/bin/omr-tracker-server +++ b/omr-tracker/files/bin/omr-tracker-server @@ -37,9 +37,26 @@ _check_server() { done } +_disable_redir() { + local redir=$1 + config_get server $redir server + if [ "$server" = "sss${count}" ]; then + config_set $redir disabled "1" + fi +} + +_enable_redir() { + local redir=$1 + config_get server $redir server + if [ "$server" = "sss${count}" ]; then + config_set $redir disabled "0" + fi +} + _check_master() { local name=$1 local count=0 + local countips=0 config_get master $1 master config_get ip $1 ip config_get port $1 port "65500" @@ -49,39 +66,47 @@ _check_master() { local ip=$1 #_ping_server $ip _check_server $ip $port - [ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ] && { - logger -t "OMR-Tracker-Server" "Master server up, set it back" - logger -t "OMR-Tracker-Server" "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n') - $ip" - uci -q batch <<-EOF >/dev/null - set shadowsocks-libev.sss${count}.server=$ip - commit shadowsocks-libev - EOF - if [ "$count" -eq "0" ]; then + if [ "$server_ping" = true ]; then + if [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ]; then + logger -t "OMR-Tracker-Server" "Master server ${name} up ($ip), set it back" + #logger -t "OMR-Tracker-Server" "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n') - $ip" uci -q batch <<-EOF >/dev/null - set v2ray.omrout.s_vmess_address=$ip - set v2ray.omrout.s_vless_address=$ip - commit v2ray - set glorytun.vpn.host=$ip - commit glorytun - set dsvpn.vpn.host=$ip - commit dsvpn - set mlvpn.general.host=$ip - commit mlvpn - del openvpn.omr.remote - add_list openvpn.omr.remote=$ip - commit openvpn + set shadowsocks-libev.sss${count}.server=$ip + commit shadowsocks-libev EOF - /etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null - /etc/init.d/v2ray restart >/dev/null 2>/dev/null - /etc/init.d/glorytun restart >/dev/null 2>/dev/null - /etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null - /etc/init.d/mlvpn restart >/dev/null 2>/dev/null - /etc/init.d/openvpn restart >/dev/null 2>/dev/null - /etc/init.d/dsvpn restart >/dev/null 2>/dev/null + if [ "$count" -eq "0" ]; then + uci -q batch <<-EOF >/dev/null + set v2ray.omrout.s_vmess_address=$ip + set v2ray.omrout.s_vless_address=$ip + commit v2ray + set glorytun.vpn.host=$ip + commit glorytun + set dsvpn.vpn.host=$ip + commit dsvpn + set mlvpn.general.host=$ip + commit mlvpn + del openvpn.omr.remote + add_list openvpn.omr.remote=$ip + commit openvpn + EOF + /etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null + /etc/init.d/v2ray restart >/dev/null 2>/dev/null + /etc/init.d/glorytun restart >/dev/null 2>/dev/null + /etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null + /etc/init.d/mlvpn restart >/dev/null 2>/dev/null + /etc/init.d/openvpn restart >/dev/null 2>/dev/null + /etc/init.d/dsvpn restart >/dev/null 2>/dev/null + fi + /etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null fi - /etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null - } - count=$((count+1)) + config_load shadowsocks-libev + config_foreach _enable_redir ss_redir + count=$((count+1)) + else + config_load shadowsocks-libev + config_foreach _disable_redir ss_redir + fi + countips=$((countips+1)) } config_list_foreach $1 ip set_ip break @@ -91,6 +116,7 @@ _check_master() { _check_backup() { local name=$1 local count=0 + local countips=0 config_get backup $1 backup config_get ip $1 ip config_get port $1 port @@ -99,43 +125,52 @@ _check_backup() { set_ip() { #_ping_server $ip _check_server $ip $port - [ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" = "$ip" ] && break - [ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ] && { - logger -t "OMR-Tracker-Server" "Use backup server $1 ($ip)" - uci -q batch <<-EOF >/dev/null - set shadowsocks-libev.sss${count}.server=$ip - commit shadowsocks-libev - EOF - if [ "$count" -eq "0" ]; then + #[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" = "$ip" ] && break + if [ "$server_ping" = true ]; then + if [ "$(uci -q get shadowsocks-libev.sss${count}.server | tr -d '\n')" != "$ip" ]; then + logger -t "OMR-Tracker-Server" "Use backup server $1 ($ip)" uci -q batch <<-EOF >/dev/null - set v2ray.omrout.s_vmess_address=$ip - set v2ray.omrout.s_vless_address=$ip - commit v2ray - set glorytun.vpn.host=$ip - commit glorytun - set dsvpn.vpn.host=$ip - commit dsvpn - set mlvpn.general.host=$ip - commit mlvpn - del openvpn.omr.remote - add_list openvpn.omr.remote=$ip - commit openvpn + set shadowsocks-libev.sss${count}.server=$ip + commit shadowsocks-libev EOF - /etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null - /etc/init.d/v2ray restart >/dev/null 2>/dev/null - /etc/init.d/glorytun restart >/dev/null 2>/dev/null - /etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null - /etc/init.d/mlvpn restart >/dev/null 2>/dev/null - /etc/init.d/openvpn restart >/dev/null 2>/dev/null - /etc/init.d/dsvpn restart >/dev/null 2>/dev/null + if [ "$count" -eq "0" ]; then + uci -q batch <<-EOF >/dev/null + set v2ray.omrout.s_vmess_address=$ip + set v2ray.omrout.s_vless_address=$ip + commit v2ray + set glorytun.vpn.host=$ip + commit glorytun + set dsvpn.vpn.host=$ip + commit dsvpn + set mlvpn.general.host=$ip + commit mlvpn + del openvpn.omr.remote + add_list openvpn.omr.remote=$ip + commit openvpn + EOF + /etc/init.d/openmptcprouter-vps get_openvpn_key $name >/dev/null 2>/dev/null + /etc/init.d/v2ray restart >/dev/null 2>/dev/null + /etc/init.d/glorytun restart >/dev/null 2>/dev/null + /etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null + /etc/init.d/mlvpn restart >/dev/null 2>/dev/null + /etc/init.d/openvpn restart >/dev/null 2>/dev/null + /etc/init.d/dsvpn restart >/dev/null 2>/dev/null + fi + /etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null + sleep $waittest fi - /etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null - sleep $waittest - break - } - count=$((count+1)) + config_load shadowsocks-libev + config_foreach _enable_redir ss_redir + count=$((count+1)) + else + config_load shadowsocks-libev + config_foreach _disable_redir ss_redir + fi + countips=$((countips+1)) } config_list_foreach $1 ip set_ip + uci -q commit shadowsocks-libev + [ "$server_ping" = true ] && break } } From 5ff2617fcbe04c2bbfdf57ce5c0e2f3b5f1a9322 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 14:36:32 +0100 Subject: [PATCH 04/15] omr-test-speed can now work on server side --- openmptcprouter/files/bin/omr-test-speed | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/openmptcprouter/files/bin/omr-test-speed b/openmptcprouter/files/bin/omr-test-speed index c38fcd9e4..fa95ff2cc 100755 --- a/openmptcprouter/files/bin/omr-test-speed +++ b/openmptcprouter/files/bin/omr-test-speed @@ -28,11 +28,15 @@ if [ -z "$INTERFACE" ]; then else domain=$(echo $HOST | awk -F/ '{print $3}') hostip=$(dig +nocmd +noall +answer A $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - for ip in $hostip; do - ipset add ss_rules_dst_bypass_all $ip - done + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset add ss_rules_dst_bypass_all $ip + done + fi curl -4 --interface $INTERFACE $HOST >/dev/null || echo - for ip in $hostip; do - ipset del ss_rules_dst_bypass_all $ip - done + if [ -n "$(ipset list 2>/dev/null | grep ss_rules)" ]; then + for ip in $hostip; do + ipset del ss_rules_dst_bypass_all $ip + done + fi fi From bcdd7ac67ba5a26c90cf95d60b8e13b7a8646195 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 14:37:01 +0100 Subject: [PATCH 05/15] Fix firewall redirect from public IP to router --- .../files/etc/init.d/openmptcprouter-vps | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 5241b9fbc..f6aee441e 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -804,6 +804,9 @@ _vps_firewall_redirect_port() { config_get src_ip $1 src_ip config_get v2ray $1 v2ray "0" config_get dmz $1 dmz "0" + if [ -z "$src_dport" ] && [ -n "$dest_port" ]; then + src_dport=$dest_port + fi if [ "$dmz" = "1" ] && [ "$src_dport" != "2-64999" ]; then uci -q batch <<-EOF >/dev/null set firewall.${section}.src_dport='2-64999' @@ -971,6 +974,15 @@ _vps_firewall_close_port() { } _set_vps_firewall() { + fw3 -q print | grep 'vpn.* -d' | + while IFS=$"\n" read -r c; do + eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null + newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') + eval $(echo $newrule | sed 's/-A/-D/') || true + eval $newrule + done + #' + fwservername=$1 [ -z "$servername" ] && servername=$fwservername [ -z "$fwservername" ] && fwservername=$servername @@ -1005,13 +1017,6 @@ _set_vps_firewall() { } set_vps_firewall() { - fw3 -q print | grep 'vpn.* -d' | - while IFS=$"\n" read -r c; do - eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null - newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') - eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule - done - #' config_load openmptcprouter config_foreach _set_vps_firewall server } From 96283d0252ecab05e3525ed2a6640c9dbc44243a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 9 Feb 2021 15:29:41 +0100 Subject: [PATCH 06/15] Force firewall network to be a list --- .../luasrc/controller/openmptcprouter.lua | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index bc7b55188..453b69479 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -36,6 +36,15 @@ end function wizard_add() local gostatus = true + + -- Force WAN zone firewall members to be a list + local fwwan = sys.exec("uci -q get firewall.@zone[1].network") + luci.sys.call("uci -q delete firewall.@zone[1].network") + for interface in fwwan:gmatch("%S+") do + luci.sys.call("uci -q add_list firewall.@zone[1].network=" .. interface) + end + ucic:save("firewall") + -- Add new server local add_server = luci.http.formvalue("add_server") or "" local add_server_name = luci.http.formvalue("add_server_name") or "" @@ -190,7 +199,9 @@ function wizard_add() for intf, _ in pairs(delete_intf) do local defif = ucic:get("network",intf,"ifname") ucic:delete("network",intf) - ucic:delete("network",intf .. "_dev") + if ucic:get("network",intf .. "_dev") ~= "" then + ucic:delete("network",intf .. "_dev") + end ucic:save("network") ucic:commit("network") ucic:delete("sqm",intf) From ed8fa2811538dd2a3a817abe44d2f3792f4c5ebe Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Feb 2021 21:12:55 +0100 Subject: [PATCH 07/15] Fix wizard display --- .../luasrc/view/openmptcprouter/wizard.htm | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm index 317d7051c..0e7e838a6 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm @@ -68,7 +68,7 @@

<%=servername%>

-
+
" data-optional="false"> @@ -77,7 +77,7 @@
-
+
" data-optional="false"> @@ -86,12 +86,12 @@ <%:Server IP will be set for proxy and VPN%>
- <%:A secondary server IP can be set for dual IPv4/IPv6 server contact if WAN IPv6 are set%> + <%:A second server's IP can be set for dual IPv4/IPv6 server if WAN IPv6 are set%>

-
+
" data-optional="false"> @@ -101,7 +101,7 @@
-
+
" data-optional="false"> @@ -115,7 +115,7 @@ if nbserver > 1 then %>
-
+
checked<% end %>/> @@ -129,7 +129,7 @@ end %>
-
+
checked<% end %>/> From bbc373d1577709eb0cb674498a7075da6bfe9067 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Feb 2021 21:13:57 +0100 Subject: [PATCH 08/15] Check gateway using ping from interface --- .../root/usr/libexec/rpcd/openmptcprouter | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter index b80a81a7d..bc36f9649 100755 --- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter +++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter @@ -1232,7 +1232,12 @@ function interfaces_status() if gateway ~= "" or gateway6 ~= "" then if uci:get("openmptcprouter", "settings", "disablegwping") ~= "1" and connectivity ~= "ERROR" then if gateway ~= "" then - local gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway .. " | grep '100% packet loss'")) + local gw_ping_test = "" + if ifname ~= "" and ifname ~= nil then + gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 -I " .. ifname .. " " .. gateway .. " | grep '100% packet loss'")) + else + gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway .. " | grep '100% packet loss'")) + end if gw_ping_test ~= "" then gw_ping = "DOWN" if connectivity == "OK" then @@ -1241,7 +1246,12 @@ function interfaces_status() end end if gateway6 ~= "" then - local gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway6 .. " | grep '100% packet loss'")) + local gw_ping6_test = "" + if ifname ~= "" and ifname ~= nil then + gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 -I " .. ifname .. " " .. gateway6 .. " | grep '100% packet loss'")) + else + gw_ping6_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway6 .. " | grep '100% packet loss'")) + end if gw_ping6_test ~= "" then gw_ping6 = "DOWN" if connectivity == "OK" then From f6cfd19828bc08fd48f4f177ce2c8769937fe945 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Feb 2021 21:15:04 +0100 Subject: [PATCH 09/15] Fix omr test speed v6 --- openmptcprouter/files/bin/omr-test-speedv6 | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/openmptcprouter/files/bin/omr-test-speedv6 b/openmptcprouter/files/bin/omr-test-speedv6 index b80399e5c..0d5444041 100755 --- a/openmptcprouter/files/bin/omr-test-speedv6 +++ b/openmptcprouter/files/bin/omr-test-speedv6 @@ -3,14 +3,14 @@ INTERFACE="$1" echo "Select best test server..." -HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv4.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" +HOSTLST="http://speedtest.frankfurt.linode.com/garbage.php?ckSize=10000 http://speedtest.tokyo2.linode.com/garbage.php?ckSize=10000 http://speedtest.singapore.linode.com/garbage.php?ckSize=10000 http://speedtest.newark.linode.com/garbage.php?ckSize=10000 http://speedtest.atlanta.linode.com/garbage.php?ckSize=10000 http://speedtest.dallas.linode.com/garbage.php?ckSize=10000 http://speedtest.fremont.linode.com/garbage.php?ckSize=10000 http://speedtest.tele2.net/1000GB.zip http://www.ovh.net/files/10Gb.dat https://speed.hetzner.de/10GB.bin http://ipv6.bouygues.testdebit.info/10G.iso http://par.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin http://ams.download.datapacket.com/10000mb.bin http://fra.download.datapacket.com/10000mb.bin http://lon.download.datapacket.com/10000mb.bin http://mad.download.datapacket.com/10000mb.bin http://prg.download.datapacket.com/10000mb.bin http://sto.download.datapacket.com/10000mb.bin http://vie.download.datapacket.com/10000mb.bin http://war.download.datapacket.com/10000mb.bin http://atl.download.datapacket.com/10000mb.bin http://chi.download.datapacket.com/10000mb.bin http://lax.download.datapacket.com/10000mb.bin http://mia.download.datapacket.com/10000mb.bin http://nyc.download.datapacket.com/10000mb.bin" bestping="999" for pinghost in $HOSTLST; do domain=$(echo $pinghost | awk -F/ '{print $3}') if [ -z "$INTERFACE" ]; then - ping=$(ping -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) + ping=$(ping -6 -c1 -w2 $domain | cut -d "/" -s -f5 | cut -d "." -f1) else - ping=$(ping -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) + ping=$(ping -6 -c1 -w2 -I $INTERFACE -B $domain | cut -d "/" -s -f5 | cut -d "." -f1) fi echo "host: $domain - ping: $ping" if [ -n "$ping" ] && [ "$ping" -lt "$bestping" ]; then @@ -28,11 +28,15 @@ if [ -z "$INTERFACE" ]; then else domain=$(echo $HOST | awk -F/ '{print $3}') hostip=$(dig +nocmd +noall +answer AAAA $domain | grep -v CNAME | awk '{print $5}' | tr '\n' ' ') - for ip in $hostip; do - ipset add ss_rules6_dst_bypass_all $ip - done + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset add ss_rules6_dst_bypass_all $ip + done + fi curl -6 --interface $INTERFACE $HOST >/dev/null || echo - for ip in $hostip; do - ipset del ss_rules6_dst_bypass_all $ip - done + if [ -n "$(ipset list 2>/dev/null | grep ss_rules6)" ]; then + for ip in $hostip; do + ipset del ss_rules6_dst_bypass_all $ip + done + fi fi From 14a3be2bce063fa69a704ff5dad9661fcd17d0e7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 11 Feb 2021 21:15:32 +0100 Subject: [PATCH 10/15] Fix firewall rules setting --- openmptcprouter/files/etc/init.d/openmptcprouter-vps | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index f6aee441e..e299b4a90 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -976,8 +976,8 @@ _vps_firewall_close_port() { _set_vps_firewall() { fw3 -q print | grep 'vpn.* -d' | while IFS=$"\n" read -r c; do - eval $(echo $c | sed 's/-A/-D/') 2>&1 >/dev/null - newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') + eval $(echo $c | sed 's/iptables/iptables -w/' | sed 's/-A/-D/') 2>&1 >/dev/null + newrule=$(echo $c | sed 's/iptables/iptables -w/' | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') eval $(echo $newrule | sed 's/-A/-D/') || true eval $newrule done From b5f4261207b65ed84b1d0815ae99439304bb0666 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Feb 2021 15:01:18 +0100 Subject: [PATCH 11/15] Update and fix bcm27xx eeprom --- bcm27xx-eeprom/Makefile | 4 ++-- .../0001-rpi-eeprom-update-OpenWrt-defaults.patch | 10 ++++++---- ...rpi-eeprom-update-change-default-include-path.patch | 9 --------- .../patches/0004-rpi-eeprom-update-remove-chmod.patch | 4 ++-- 4 files changed, 10 insertions(+), 17 deletions(-) diff --git a/bcm27xx-eeprom/Makefile b/bcm27xx-eeprom/Makefile index 6a4dda9b4..dec227d51 100644 --- a/bcm27xx-eeprom/Makefile +++ b/bcm27xx-eeprom/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bcm27xx-eeprom -PKG_VERSION:=3d6165304cb04bda4454e460dea791b5f92a122a +PKG_VERSION:=2fec47bd7f981c9cb21b0fb3fdd4fe07f23f9e3b PKG_RELEASE:=4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)? -PKG_HASH:=d6f25e3d962ea3c770ca1af78466371c47970381b48fb7c2acaf838966d327fc +PKG_HASH:=f54c26ec399801dee7d3d0cc0e969c28878b6f42c982e166c863edb91d2d2a21 PKG_LICENSE:=BSD-3-Clause Custom PKG_LICENSE_FILES:=LICENSE diff --git a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch b/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch index a9c8faac7..059426306 100644 --- a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch +++ b/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch @@ -14,22 +14,24 @@ Signed-off-by: Álvaro Fernández Rojas --- a/rpi-eeprom-update +++ b/rpi-eeprom-update -@@ -24,15 +24,15 @@ else +@@ -24,17 +24,17 @@ else fi - # May be used to select beta or stable releases instead of the default critical updates. --FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-critical} + # Selects the release sub-directory +-FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-default} +FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-stable} FIRMWARE_IMAGE_DIR=${FIRMWARE_IMAGE_DIR:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}} -FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-/var/lib/raspberrypi/bootloader/backup} +FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-${FIRMWARE_ROOT}/backup} ENABLE_VL805_UPDATES=${ENABLE_VL805_UPDATES:-1} - USE_FLASHROM=${USE_FLASHROM:-0} RECOVERY_BIN=${RECOVERY_BIN:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}/recovery.bin} BOOTFS=${BOOTFS:-/boot} -VCMAILBOX=${VCMAILBOX:-/opt/vc/bin/vcmailbox} +VCMAILBOX=${VCMAILBOX:-/usr/bin/vcmailbox} CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0} + RPI_EEPROM_UPDATE_CONFIG_TOOL="${RPI_EEPROM_UPDATE_CONFIG_TOOL:-raspi-config}" + + DT_BOOTLOADER_TS=${DT_BOOTLOADER_TS:-/proc/device-tree/chosen/bootloader/build-timestamp} EXIT_SUCCESS=0 EXIT_UPDATE_REQUIRED=1 diff --git a/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch b/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch index 6aee93cf2..f24a9c3f1 100644 --- a/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch +++ b/bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch @@ -24,12 +24,3 @@ Signed-off-by: Álvaro Fernández Rojas fi LOCAL_MODE=0 -@@ -345,7 +345,7 @@ Options: - -u Install the specified VL805 (USB EEPROM) image file. - - Environment: --Environment variables should be defined in /etc/default/rpi-eeprom-update -+Environment variables should be defined in /etc/bcm27xx-eeprom.conf - - EEPROM_CONFIG_HOOK - diff --git a/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch b/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch index cf8cddc40..a79fa89b1 100644 --- a/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch +++ b/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch @@ -1,6 +1,6 @@ --- a/rpi-eeprom-update 2020-11-05 21:58:02.247836497 +0100 +++ b/rpi-eeprom-update 2020-11-05 21:58:36.911266307 +0100 -@@ -186,8 +186,8 @@ +@@ -212,8 +212,8 @@ || die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}" # For NFS mounts ensure that the files are readable to the TFTP user @@ -11,7 +11,7 @@ fi if [ -n "${VL805_UPDATE_IMAGE}" ]; then -@@ -198,8 +198,8 @@ +@@ -224,8 +224,8 @@ || die "Failed to copy ${VL805_UPDATE_IMAGE} to ${BOOTFS}/vl805.bin" # For NFS mounts ensure that the files are readable to the TFTP user From 61b651cd4257b61e44840408f9856185c1bba24c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Feb 2021 15:01:56 +0100 Subject: [PATCH 12/15] Fix IPv6 for wan in wizard --- .../luasrc/controller/openmptcprouter.lua | 4 +++- .../root/etc/init.d/openmptcprouter | 11 +++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index 453b69479..f9e130e76 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -309,7 +309,9 @@ function wizard_add() if proto == "dhcpv6" then ucic:set("network",intf,"reqaddress","try") - ucic:set("network",intf,"reqprefix","auto") + ucic:set("network",intf,"reqprefix","no") + ucic:set("network",intf,"iface_map","0") + ucic:set("network",intf,"ipv6","1") end ucic:delete("openmptcprouter",intf,"lc") diff --git a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter index decb1fdcc..73655b167 100755 --- a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter +++ b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter @@ -1,5 +1,5 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2018 Ycarus (Yannick Chabanois) +# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) for OpenMPTCProuter # Released under GPL 3. See LICENSE for the full terms. START=5 @@ -66,7 +66,7 @@ omr_set_settings() { uci -q set openmptcprouter.$1=interface uci -q set openmptcprouter.$1.multipath="$multipath" config_get disable_ipv6 settings disable_ipv6 "0" - if [ "$disable_ipv6" = "1" ] || [ "$1" != "omr6in4" ]; then + if [ "$proto" != "dhcpv6" ] && ([ "$disable_ipv6" = "1" ] || [ "$1" != "omr6in4" ]); then uci -q set network.$1.ipv6=0 else uci -q set network.$1.ipv6=1 @@ -78,6 +78,13 @@ omr_set_settings() { [ -z "$ifname" ] && ifname=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]') if [ -n "$ifname" ]; then + if [ "$proto" = "dhcpv6" ]; then + # Change interface name for sysctl in case of VLAN (eth0.2 => eth0/2) + ifnamesys=$(echo $ifname | sed 's:\.:/:') + sysctl -qw net.ipv6.conf.${ifnamesys}.disable_ipv6=0 + sysctl -qw net.ipv6.conf.${ifnamesys}.accept_ra=1 + fi + if [ "$addlatency" = "0" ] && [ "$(tc qdisc show dev $ifname | grep delay)" != "" ]; then tc qdisc del dev ${ifname} root netem fi From 313324a35d660f26c879a9e459a44ac4e8370bc4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Feb 2021 15:02:34 +0100 Subject: [PATCH 13/15] Fix text for DHCP static help --- .../htdocs/luci-static/resources/view/network/dhcp.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js b/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js index d51c0b33d..ed2b50866 100644 --- a/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js +++ b/luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js @@ -491,7 +491,7 @@ return view.extend({ so.datatype = 'or(ip4addr,"ignore")'; so.rmempty = true; - so = ss.option(form.Value, 'leasetime', _('Lease time'), _('The lease time is minutes (mini 2m), hours (eg 1h) or "infinite"')); + so = ss.option(form.Value, 'leasetime', _('Lease time'), _('The lease time is in minutes (mini 2m), hours (eg 1h) or "infinite"')); so.placeholder = '12h'; so.rmempty = true; From 0b60a4feecd32b68eb7a0c635f8856b3c3f0c6de Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Feb 2021 15:08:14 +0100 Subject: [PATCH 14/15] Add some DNS over TLS server in unbound config --- .../files/etc/uci-defaults/1940-omr-dns | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) diff --git a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns index 662442e18..e66213732 100755 --- a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns +++ b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns @@ -66,6 +66,144 @@ fi # commit unbound #EOF +if [ -z "$(uci -q unbound.auth_icann)" ]; then + uci -q batch <<-EOF >/dev/null + set unbound.auth_icann=zone + set unbound.auth_icann.fallback='1' + set unbound.auth_icann.url_dir='https://www.internic.net/domain/' + set unbound.auth_icann.zone_type='auth_zone' + add_list unbound.auth_icann.server='lax.xfr.dns.icann.org' + add_list unbound.auth_icann.server='iad.xfr.dns.icann.org' + add_list unbound.auth_icann.zone_name='.' + add_list unbound.auth_icann.zone_name='arpa.' + add_list unbound.auth_icann.zone_name='in-addr.arpa.' + add_list unbound.auth_icann.zone_name='ip6.arpa.' + set unbound.auth_icann.enabled='1' + set unbound.fwd_isp=zone + set unbound.fwd_isp.enabled='0' + set unbound.fwd_isp.fallback='1' + set unbound.fwd_isp.resolv_conf='1' + set unbound.fwd_isp.zone_type='forward_zone' + add_list unbound.fwd_isp.zone_name='isp-bill.example.com.' + add_list unbound.fwd_isp.zone_name='isp-mail.example.net.' + set unbound.fwd_google=zone + set unbound.fwd_google.enabled='0' + set unbound.fwd_google.fallback='1' + set unbound.fwd_google.tls_index='dns.google' + set unbound.fwd_google.tls_upstream='1' + set unbound.fwd_google.zone_type='forward_zone' + add_list unbound.fwd_google.server='8.8.4.4' + add_list unbound.fwd_google.server='8.8.8.8' + add_list unbound.fwd_google.server='2001:4860:4860::8844' + add_list unbound.fwd_google.server='2001:4860:4860::8888' + set unbound.fwd_google.zone_name='.' + set unbound.fwd_cloudflare=zone + set unbound.fwd_cloudflare.enabled='0' + set unbound.fwd_cloudflare.fallback='1' + set unbound.fwd_cloudflare.tls_index='cloudflare-dns.com' + set unbound.fwd_cloudflare.tls_upstream='1' + set unbound.fwd_cloudflare.zone_type='forward_zone' + add_list unbound.fwd_cloudflare.server='1.1.1.1' + add_list unbound.fwd_cloudflare.server='1.0.0.1' + add_list unbound.fwd_cloudflare.server='2606:4700:4700::1111' + add_list unbound.fwd_cloudflare.server='2606:4700:4700::1001' + set unbound.fwd_cloudflare.zone_name='.' + EOF +fi + +if [ -z "$(uci -q get unbound.fwd_adguard_family)" ]; then + uci -q batch <<-EOF >/dev/null + set unbound.fwd_adguard_family=zone + set unbound.fwd_adguard_family.enabled='0' + set unbound.fwd_adguard_family.fallback='1' + set unbound.fwd_adguard_family.tls_index='dns-family.adguard.com' + set unbound.fwd_adguard_family.tls_upstream='1' + set unbound.fwd_adguard_family.zone_type='forward_zone' + add_list unbound.fwd_adguard_family.server='176.103.130.132' + add_list unbound.fwd_adguard_family.server='176.103.130.134' + set unbound.fwd_adguard_family.zone_name='.' + set unbound.fwd_adguard_standard=zone + set unbound.fwd_adguard_standard.enabled='0' + set unbound.fwd_adguard_standard.fallback='1' + set unbound.fwd_adguard_standard.tls_index='dns.adguard.com' + set unbound.fwd_adguard_standard.tls_upstream='1' + set unbound.fwd_adguard_standard.zone_type='forward_zone' + add_list unbound.fwd_adguard_standard.server='176.103.130.130' + add_list unbound.fwd_adguard_standard.server='176.103.130.131' + set unbound.fwd_adguard_standard.zone_name='.' + set unbound.fwd_cloudflare_family=zone + set unbound.fwd_cloudflare_family.enabled='0' + set unbound.fwd_cloudflare_family.fallback='1' + set unbound.fwd_cloudflare_family.tls_index='family.cloudflare-dns.com' + set unbound.fwd_cloudflare_family.tls_upstream='1' + set unbound.fwd_cloudflare_family.zone_type='forward_zone' + add_list unbound.fwd_cloudflare_family.server='1.1.1.3' + add_list unbound.fwd_cloudflare_family.server='1.0.0.3' + set unbound.fwd_cloudflare_family.zone_name='.' + set unbound.fwd_cloudflare_malware=zone + set unbound.fwd_cloudflare_malware.enabled='0' + set unbound.fwd_cloudflare_malware.fallback='1' + set unbound.fwd_cloudflare_malware.tls_index='security.cloudflare-dns.com' + set unbound.fwd_cloudflare_malware.tls_upstream='1' + set unbound.fwd_cloudflare_malware.zone_type='forward_zone' + add_list unbound.fwd_cloudflare_malware.server='1.1.1.2' + add_list unbound.fwd_cloudflare_malware.server='1.0.0.2' + set unbound.fwd_cloudflare_malware.zone_name='.' + set unbound.fwd_odvr=zone + set unbound.fwd_odvr.enabled='0' + set unbound.fwd_odvr.fallback='1' + set unbound.fwd_odvr.tls_index='odvr.nic.cz' + set unbound.fwd_odvr.tls_upstream='1' + set unbound.fwd_odvr.zone_type='forward_zone' + add_list unbound.fwd_odvr.server='193.17.47.1' + add_list unbound.fwd_odvr.server='185.43.135.1' + set unbound.fwd_odvr.zone_name='.' + set unbound.fwd_libredns=zone + set unbound.fwd_libredns.enabled='0' + set unbound.fwd_libredns.fallback='1' + set unbound.fwd_libredns.tls_index='doh.libredns.gr' + set unbound.fwd_libredns.tls_upstream='1' + set unbound.fwd_libredns.zone_type='forward_zone' + add_list unbound.fwd_libredns.server='116.202.176.26' + set unbound.fwd_libredns.zone_name='.' + set unbound.fwd_quad9_recommended=zone + set unbound.fwd_quad9_recommended.enabled='0' + set unbound.fwd_quad9_recommended.fallback='1' + set unbound.fwd_quad9_recommended.tls_index='dns.quad9.net' + set unbound.fwd_quad9_recommended.tls_upstream='1' + set unbound.fwd_quad9_recommended.zone_type='forward_zone' + add_list unbound.fwd_quad9_recommended.server='9.9.9.9' + add_list unbound.fwd_quad9_recommended.server='149.112.112.112' + set unbound.fwd_quad9_recommended.zone_name='.' + set unbound.fwd_quad9_unsecured=zone + set unbound.fwd_quad9_unsecured.enabled='0' + set unbound.fwd_quad9_unsecured.fallback='1' + set unbound.fwd_quad9_unsecured.tls_index='dns10.quad9.net' + set unbound.fwd_quad9_unsecured.tls_upstream='1' + set unbound.fwd_quad9_unsecured.zone_type='forward_zone' + add_list unbound.fwd_quad9_unsecured.server='9.9.9.10' + add_list unbound.fwd_quad9_unsecured.server='149.112.112.10' + set unbound.fwd_quad9_unsecured.zone_name='.' + set unbound.fwd_quad9_ecs=zone + set unbound.fwd_quad9_ecs.enabled='0' + set unbound.fwd_quad9_ecs.fallback='1' + set unbound.fwd_quad9_ecs.tls_index='dns11.quad9.net' + set unbound.fwd_quad9_ecs.tls_upstream='1' + set unbound.fwd_quad9_ecs.zone_type='forward_zone' + add_list unbound.fwd_quad9_ecs.server='9.9.9.11' + add_list unbound.fwd_quad9_ecs.server='149.112.112.11' + set unbound.fwd_quad9_ecs.zone_name='.' + set unbound.fwd_quad9_secured=zone + set unbound.fwd_quad9_secured.enabled='0' + set unbound.fwd_quad9_secured.fallback='1' + set unbound.fwd_quad9_secured.tls_index='dns9.quad9.net' + set unbound.fwd_quad9_secured.tls_upstream='1' + set unbound.fwd_quad9_secured.zone_type='forward_zone' + add_list unbound.fwd_quad9_secured.server='9.9.9.9' + add_list unbound.fwd_quad9_secured.server='149.112.112.9' + set unbound.fwd_quad9_secured.zone_name='.' + EOF +fi rm -f /tmp/luci-indexcache From a939f868474c51a761846e83c48c9adcfda9ab8f Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 12 Feb 2021 15:08:53 +0100 Subject: [PATCH 15/15] Add compilation for Ubiquiti EdgeRouter X --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a837a7293..0fbd63a7c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -9,7 +9,7 @@ jobs: build: strategy: matrix: - OMR_TARGET: [bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64] + OMR_TARGET: [bpi-r2, bpi-r64, rpi2, rpi4, wrt32x, espressobin, r2s, rpi3, wrt3200acm, x86, x86_64, ubnt-erx] runs-on: ubuntu-latest continue-on-error: true