New interface for Glorytun UDP VPN

2025-03-09 15:40:03 +00:00 · 2020-12-03 11:23:57 +01:00 · 2020-12-03 11:23:57 +01:00 · e4103cea03
commit e4103cea03
parent 9ceaa526a5
8 changed files with 239 additions and 14 deletions
--- a/glorytun-udp/init
+++ b/glorytun-udp/init
@ -1,7 +1,7 @@
 #!/bin/sh /etc/rc.common
 # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
 # Copyright (C) 2015 ovh.com
-# Copyright (C) 2017 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Copyright (C) 2017-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>

 START=90
 STOP=10
@ -19,22 +19,20 @@ _err() {
 }

 validate_section() {
-	uci_validate_section glorytun glorytun "${1}" \
+	uci_validate_section glorytun-udp glorytun-udp "${1}" \
 		'enable:bool:0'       \
+		'mode:string'          \
 		'key:string'          \
 		'host:host'           \
 		'port:port'           \
 		'proto:string'        \
-		'bind:string:0.0.0.0' \
-		'bindport:port'  \
-		'mtu:uinteger:1450'   \
 		'mtuauto:bool:0'      \
-		'chacha20:bool:0'     \
+		'chacha:bool:0'       \
 		'dev:string'
 }

 start_instance() {
-	local enable key host port listener proto bind bindport mtu mtuauto chacha20 dev
+	local enable key host port listener proto mtuauto chacha dev mode

 	validate_section "${1}" || {
 		_err "validation failed"
@ -42,12 +40,12 @@ start_instance() {
 	}

 	[ "${enable}" = "1" ] || return 1
-	[ "${proto}" = "udp" ] || return 1

 	[ -n "${key}" ] || return 1
 	[ "${key}" != "secretkey" ] || return 1
 	[ -n "${port}" ] || return 1
 	[ -n "${dev}" ] || return 1
+	[ -n "${mode}" ] || return 1

 	echo "${key}" > /tmp/${PROG_NAME}-${1}.key
 	key=""
@ -62,15 +60,13 @@ start_instance() {
 	procd_open_instance

 	procd_set_param command ${PROG} \
-		${bind:+bind from "$bind"} \
-		${bindport:+port "$bindport"} \
-		${host:+to addr "$host"} \
+		${host:+bind ${mode} addr "$host"} \
 		${port:+port "$port"} \
 		${dev:+dev "$dev"} \
 		keyfile /tmp/${PROG_NAME}-${1}.key \
 		persist

-	[ "${chacha20}" = "1" ] && procd_append_param command chacha
+	[ "${chacha}" = "1" ] && procd_append_param command chacha

 	procd_set_param respawn 0 30 0
 	procd_set_param file /tmp/${PROG_NAME}-${1}.key
@ -104,8 +100,8 @@ add_glorytun_path() {

 start_service() {
 	local dev
-	config_load glorytun
-	config_foreach start_instance glorytun
+	config_load glorytun-udp
+	config_foreach start_instance glorytun-udp
 }

 reload_service() {
--- a/luci-app-glorytun-udp/Makefile
+++ b/luci-app-glorytun-udp/Makefile
@ -0,0 +1,16 @@
+#
+# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+#
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI Interface to Glorytun UDP
+LUCI_DEPENDS:=+glorytun-udp
+
+PKG_LICENSE:=GPLv3
+
+#include ../luci/luci.mk
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
--- a/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js
+++ b/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js
@ -0,0 +1,104 @@
+'use strict';
+'require rpc';
+'require poll';
+'require form';
+'require fs';
+'require uci';
+'require tools.widgets as widgets';
+
+var callHostHints;
+
+var callServiceList = rpc.declare({
+	object: 'service',
+	method: 'list',
+	params: [ 'name' ],
+	expect: { '': {} }
+});
+
+return L.view.extend({
+	callHostHints: rpc.declare({
+		object: 'luci-rpc',
+		method: 'getHostHints',
+		expect: { '': {} }
+	}),
+
+	load: function() {
+		return  this.callHostHints();
+	},
+
+	render: function(hosts) {
+		var m, s, o;
+
+		m = new form.Map('glorytun-udp', _('Glorytun UDP'));
+
+		s = m.section(form.GridSection, 'glorytun-udp', _('Instances'));
+		s.addremove = true;
+		s.anonymous = true;
+		s.nodescriptions = true;
+
+		s.tab('general', _('General Settings'));
+		s.tab('advanced', _('Advanced Settings'));
+
+		o = s.taboption('general', form.Flag, 'enable', _('Enabled'));
+		o.default = o.enabled;
+
+		o = s.taboption('general', form.ListValue, 'mode', _('Mode'));
+		o.value('to',_('Client'));
+		o.value('from',_('Server'));
+		o.modalonly = true;
+
+		o = s.taboption('general', form.Value, 'host', _('Host'));
+		o.rmempty = false;
+
+		o = s.taboption('general', form.Value, 'port', _('Port'));
+		o.rmempty = false;
+
+		o = s.taboption('general', form.Value, 'key', _('Key'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('general', form.Value, 'dev', _('Interface name'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('general', form.Value, 'localip', _('Local IP'));
+		o.datatype = 'or(ip4addr,ip6addr)';
+		o.rmempty = false;
+
+		o = s.taboption('general', form.Value, 'remoteip', _('Remote IP'));
+		o.datatype = 'or(ip4addr,ip6addr)';
+		o.rmempty = false;
+
+		o = s.taboption('advanced', form.Flag, 'persist', _('Persist'), _('Keep the tunnel device after exiting'));
+		o.default = o.enabled;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Flag, 'chacha', _('chacha'), _('Force fallback cipher'));
+		o.default = o.enabled;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'kxtimeout', _('Key rotation timeout'));
+		o.default = '7d';
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'timetolerance', _('Clock sync tolerance'));
+		o.default = '10m';
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Value, 'keepalive', _('Keep alive timeout'));
+		o.default = '25s';
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('advanced', form.Flag, 'auto', _('Dynamic rate detection'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.taboption('general',form.Value, 'label', _('Label'));
+		o.rmempty = true;
+
+		return m.render();
+	}
+});
--- a/luci-app-glorytun-udp/root/etc/config/glorytun-udp
+++ b/luci-app-glorytun-udp/root/etc/config/glorytun-udp
@ -0,0 +1,10 @@
+config glorytun-udp 'vpn'
+	option enable '0'
+	option host '127.0.0.1'
+	option port '65001'
+	option dev 'tun0'
+	option key ''
+	option chacha '1'
+	option localip '10.255.254.2'
+	option remoteip '10.255.254.1'
+	option mode 'to'
--- a/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp
+++ b/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp
@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# Load the glorytun config
+#
+# Author: Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Released under GPL 3 or later
+
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
+
+. /lib/functions.sh
+. /lib/functions/network.sh
+
+set_default() {
+    local localip
+    local remoteip
+    local config="$1"
+    local iface
+    config_get enable "$config" enable
+    config_get iface "$config" dev
+    [ "$iface" = "$DEVICE" ] && [ "$enable" = "1" ] && {
+	config_get localip "$config" localip
+	config_get remoteip "$config" remoteip
+	[ "$remoteip" != "" ] && [ "$localip" != "" ] &&  ifconfig $DEVICE $localip pointopoint $remoteip up
+    }
+}
+
+config_load glorytun-udp
+config_foreach set_default glorytun-udp
--- a/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp
+++ b/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp
@ -0,0 +1,47 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete glorytun-udp[-1]
+	add ucitrack glorytun-udp
+	set ucitrack.@glorytun-udp[-1].init=glorytun-udp
+	commit ucitrack
+EOF
+
+if [ "$(uci -q get network.glorytun-udp)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		delete network.glorytun-udp
+		set network.glorytun-udp=interface
+		set network.glorytun-udp.ifname=tun0
+		set network.glorytun-udp.proto=dhcp
+		set network.glorytun-udp.ip4table=vpn
+		set network.glorytun-udp.multipath=off
+		set network.glorytun-udp.leasetime=12h
+		commit network
+	EOF
+fi
+
+if [ "$(uci -q show firewall | grep glorytun-udp)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.zone_vpn=zone
+		set firewall.zone_vpn.name=vpn
+		set firewall.zone_vpn.network=glorytun-udp
+		set firewall.zone_vpn.masq=1
+		set firewall.zone_vpn.input=REJECT
+		set firewall.zone_vpn.forward=ACCEPT
+		set firewall.zone_vpn.output=ACCEPT
+		commit firewall
+	EOF
+fi
+if [ "$(uci -q show firewall | grep Allow-All-LAN-to-VPN)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		add firewall rule
+		set firewall.@rule[-1].enabled='1'
+		set firewall.@rule[-1].target='ACCEPT'
+		set firewall.@rule[-1].name='Allow-All-LAN-to-VPN'
+		set firewall.@rule[-1].dest='vpn'
+		set firewall.@rule[-1].src='lan'
+		commit firewall
+	EOF
+fi
+rm -f /tmp/luci-indexcache
+exit 0
--- a/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json
+++ b/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json
@ -0,0 +1,13 @@
+{
+	"admin/vpn/glorytun-udp": {
+		"title": "Glorytun UDP",
+		"order": 60,
+		"action": {
+			"type": "view",
+			"path": "services/glorytun-udp"
+		},
+		"depends": {
+			"acl": [ "luci-app-glorytun-udp" ]
+		}
+	}
+}
--- a/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json
+++ b/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json
@ -0,0 +1,11 @@
+{
+    "luci-app-glorytun-udp": {
+	"description": "Grant access to glorytun UDP",
+	"read": {
+	    "uci": [ "glorytun-udp" ]
+	},
+	"write": {
+	    "uci": [ "glorytun-udp" ]
+	}
+    }
+}