mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Create gre tunnels and shadowsocks config if multiples IPv6 on server
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
b34874e8c2
commit
ce9e6ea71c
1 changed files with 175 additions and 28 deletions
|
|
@ -276,8 +276,8 @@ _get_vps_config() {
|
|||
fi
|
||||
vpsip="$(uci -q get openmptcprouter.${servername}.ip)"
|
||||
if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]; then
|
||||
config_foreach _set_ss_server server "server" $vpsip
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set shadowsocks-libev.sss0.server="$vpsip"
|
||||
commit shadowsocks-libev
|
||||
EOF
|
||||
if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" = "0" ]; then
|
||||
|
|
@ -342,7 +342,74 @@ _get_vps_config() {
|
|||
fi
|
||||
}
|
||||
|
||||
_set_pihole() {
|
||||
_get_gre_tunnel() {
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
[ -z "$vps_config" ] && return
|
||||
gre_tunnel_state="$(echo "$vps_config" | jsonfilter -q -e '@.gre_tunnel.enabled')"
|
||||
if [ "$gre_tunnel_state" = "true" ]; then
|
||||
i=0
|
||||
echo "$vps_config" | jsonfilter -q -e '@.gre_tunnel.config[*]' |
|
||||
while IFS= read -r tunnel; do
|
||||
peeraddr="$(echo $tunnel | jsonfilter -q -e '@.remote_ip')"
|
||||
ipaddr="$(echo $tunnel | jsonfilter -q -e '@.local_ip')"
|
||||
publicaddr="$(echo $tunnel | jsonfilter -q -e '@.public_ip')"
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set network.omrip${i}=interface
|
||||
set network.omrip${i}.label="Tunnel for $publicaddr"
|
||||
set network.omrip${i}.proto=gre
|
||||
set network.omrip${i}.nohostroute='1'
|
||||
set network.omrip${i}.ipv6='0'
|
||||
set network.omrip${i}.defaultroute='0'
|
||||
set network.omrip${i}.multipath='off'
|
||||
set network.omrip${i}.peerdns='0'
|
||||
set network.omrip${i}.ip4table='vpn'
|
||||
set network.omrip${i}.peeraddr="$peeraddr"
|
||||
set network.omrip${i}.ipaddr="$ipaddr"
|
||||
commit network
|
||||
add_list firewall.zone_vpn.network="omrip${i}"
|
||||
commit firewall
|
||||
EOF
|
||||
|
||||
ssport="$(echo $tunnel | jsonfilter -q -e '@.shadowsocks_port')"
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set shadowsocks-libev.omrip${i}server=server
|
||||
set shadowsocks-libev.omrip${i}server.label="Server with public IP $publicaddr"
|
||||
set shadowsocks-libev.omrip${i}server.server_port="$ssport"
|
||||
set shadowsocks-libev.omrip${i}server.method="$(uci -q get shadowsocks-libev.sss0.method)"
|
||||
set shadowsocks-libev.omrip${i}server.key="$(uci -q get shadowsocks-libev.sss0.key)"
|
||||
set shadowsocks-libev.omrip${i}=ss_redir
|
||||
set shadowsocks-libev.omrip${i}.label="ss-redir for public IP $publicaddr"
|
||||
set shadowsocks-libev.omrip${i}.server="omrip${i}server"
|
||||
set shadowsocks-libev.omrip${i}.local_port="230$i"
|
||||
set shadowsocks-libev.omrip${i}.mode='tcp_and_udp'
|
||||
set shadowsocks-libev.omrip${i}.reuse_port='1'
|
||||
set shadowsocks-libev.omrip${i}.mptcp='1'
|
||||
set shadowsocks-libev.omrip${i}.ipv6_first='1'
|
||||
set shadowsocks-libev.omrip${i}.timeout="$(uci -q get shadowsocks-libev.omrip${i}.timeout)"
|
||||
set shadowsocks-libev.omrip${i}.fast_open="$(uci -q get shadowsocks-libev.omrip${i}.fast_open)"
|
||||
set shadowsocks-libev.omrip${i}.no_delay="$(uci -q get shadowsocks-libev.omrip${i}.no_delay)"
|
||||
set shadowsocks-libev.omrip${i}_rule=ss_rules
|
||||
set shadowsocks-libev.omrip${i}_rule.label="Rules for public IP $publicaddr"
|
||||
set shadowsocks-libev.omrip${i}_rule.server="omrip${i}server"
|
||||
set shadowsocks-libev.omrip${i}_rule.disabled='1'
|
||||
set shadowsocks-libev.omrip${i}_rule.src_default='forward'
|
||||
set shadowsocks-libev.omrip${i}_rule.dst_default='forward'
|
||||
set shadowsocks-libev.omrip${i}_rule.local_default='forward'
|
||||
set shadowsocks-libev.omrip${i}_rule.redir_tcp="omrip${i}"
|
||||
commit shadowsocks-libev
|
||||
EOF
|
||||
if [ "$(uci -q get shadowsocks-libev.omrip${i}server.disabled)" = "" ]; then
|
||||
uci -q set shadowsocks-libev.omrip${i}server.disabled='1'
|
||||
fi
|
||||
if [ "$(uci -q get shadowsocks-libev.omrip${i}.local_address)" = "" ]; then
|
||||
uci -q set shadowsocks-libev.omrip${i}.local_address='::'
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
_get_pihole() {
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
[ -z "$vps_config" ] && return
|
||||
vpn="$(uci -q get openmptcprouter.settings.vpn)"
|
||||
|
|
@ -576,6 +643,7 @@ _vps_firewall_redirect_port() {
|
|||
config_get src_dport $1 src_dport
|
||||
config_get family $1 family "ipv4"
|
||||
config_get enabled $1 enabled "1"
|
||||
config_get src_dip $1 src_dip
|
||||
[ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ] && {
|
||||
logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
|
||||
uci -q delete firewall.$1
|
||||
|
|
@ -585,56 +653,110 @@ _vps_firewall_redirect_port() {
|
|||
if [ "$proto" = "tcp udp" ]; then
|
||||
checkfw=""
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
else
|
||||
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip")
|
||||
fi
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port tcp to $src_dip")
|
||||
fi
|
||||
fi
|
||||
if [ "$checkfw" = "" ]; then
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
_set_json "shorewallopen" "$settings"
|
||||
fi
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port tcp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp")
|
||||
else
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip")
|
||||
fi
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port tcp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port tcp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp")
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port tcp to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port tcp to $src_dip")
|
||||
fi
|
||||
fi
|
||||
|
||||
checkfw=""
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
else
|
||||
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port udp to $src_dip")
|
||||
fi
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port udp to $src_dip")
|
||||
fi
|
||||
fi
|
||||
if [ "$checkfw" = "" ]; then
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
_set_json "shorewallopen" "$settings"
|
||||
fi
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
|
||||
else
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port udp to $src_dip")
|
||||
fi
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port udp")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port udp")
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port udp to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port udp to $src_dip")
|
||||
fi
|
||||
fi
|
||||
else
|
||||
checkfw=""
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfwlist" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
else
|
||||
checkfw=$(echo "$vpsfwlist" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip")
|
||||
fi
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
checkfw=$(echo "$vpsfw6list" | grep "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
else
|
||||
checkfw=$(echo "$vpsfw6list" | grep "# OMR $username redirect router $src_dport port $proto to $src_dip")
|
||||
fi
|
||||
fi
|
||||
if [ "$checkfw" = "" ]; then
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","source_dip" : "'$src_dip'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
|
||||
_set_json "shorewallopen" "$settings"
|
||||
fi
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
|
||||
else
|
||||
vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip")
|
||||
fi
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
|
||||
if [ "$src_dip" = "" ]; then
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR $username redirect router $src_dport port $proto")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport # OMR redirect router $src_dport port $proto")
|
||||
else
|
||||
vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR $username redirect router $src_dport port $proto to $src_dip")
|
||||
[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "# OMR redirect router $src_dport port $proto to $src_dip")
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
@ -697,6 +819,13 @@ _set_vps_firewall() {
|
|||
}
|
||||
|
||||
set_vps_firewall() {
|
||||
fw3 -q print | grep 'vpn.* -d' |
|
||||
while IFS=$"\n" read -r c; do
|
||||
eval $(echo $c | sed 's/-A/-D/')
|
||||
newrule=$(echo $c | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//')
|
||||
eval $(echo $newrule | sed 's/-A/-C/') || eval $newrule
|
||||
done
|
||||
#'
|
||||
config_load openmptcprouter
|
||||
config_foreach _set_vps_firewall server
|
||||
}
|
||||
|
|
@ -712,6 +841,17 @@ _set_ss_redir() {
|
|||
uci -q set shadowsocks-libev.$1.$option=$value
|
||||
}
|
||||
|
||||
_set_ss_server() {
|
||||
local option=$2
|
||||
local value=$3
|
||||
if [ "$value" = "true" ]; then
|
||||
value=1
|
||||
elif [ "$value" = "false" ]; then
|
||||
value=0
|
||||
fi
|
||||
[ "$(echo $1 | grep omr)" != "" ] && uci -q set shadowsocks-libev.$1.$option=$value
|
||||
}
|
||||
|
||||
_set_config_from_vps() {
|
||||
local shadowsocks_disabled vpn glorytun_state redirect shorewall_redirect mlvpn_key openvpn_key dsvpn_key
|
||||
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
|
||||
|
|
@ -797,10 +937,16 @@ _set_config_from_vps() {
|
|||
set shadowsocks-libev.sss0.obfs_type=$ss_obfs_type
|
||||
set shadowsocks-libev.sss0.obfs_host=$ss_obfs_host
|
||||
EOF
|
||||
config_foreach _set_ss_server server "key" $ss_key
|
||||
config_foreach _set_ss_server server "method" $ss_method
|
||||
config_foreach _set_ss_server server "obfs" $ss_obfs
|
||||
config_foreach _set_ss_server server "obfs_plugin" $ss_obfs_plugin
|
||||
config_foreach _set_ss_server server "obfs_type" $ss_obfs_type
|
||||
config_foreach _set_ss_server server "obfs_host" $ss_obfs_host
|
||||
if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ]; then
|
||||
uci -q set shadowsocks-libev.sss0.server="$vpsip"
|
||||
config_foreach _set_ss_server server "server" $vpsip
|
||||
fi
|
||||
uci -q commit shadowsocks-libev.sss0
|
||||
uci -q commit shadowsocks-libev
|
||||
logger -t "OMR-VPS" "Shadowsocks restart..."
|
||||
/etc/init.d/shadowsocks-libev restart >/dev/null 2>&1
|
||||
fi
|
||||
|
|
@ -1201,6 +1347,7 @@ _config_service() {
|
|||
error=0
|
||||
[ "$(uci -q get openmptcprouter.${servername}.get_config)" = "1" ] && {
|
||||
_set_config_from_vps
|
||||
_get_gre_tunnel
|
||||
}
|
||||
|
||||
_get_vps_config
|
||||
|
|
@ -1215,9 +1362,9 @@ _config_service() {
|
|||
uci -q batch <<-EOF >/dev/null
|
||||
set glorytun.vpn.chacha20="0"
|
||||
commit glorytun
|
||||
set shadowsocks-libev.sss0.method="aes-256-gcm"
|
||||
commit shadowsocks-libev
|
||||
EOF
|
||||
config_foreach _set_ss_server server "method" "aes-256-gcm"
|
||||
uci -q commit shadowsocks-libev
|
||||
fi
|
||||
}
|
||||
[ -n "$vps_config" ] && uci -q set openmptcprouter.settings.firstboot=0
|
||||
|
|
@ -1276,7 +1423,7 @@ _set_pihole_server() {
|
|||
EOF
|
||||
return
|
||||
}
|
||||
_set_pihole $pservername
|
||||
_get_pihole $pservername
|
||||
}
|
||||
|
||||
set_pihole() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue