From e4103cea0317a699fd40fd988b8a3d1863ddde5e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 3 Dec 2020 11:23:57 +0100 Subject: [PATCH] New interface for Glorytun UDP VPN --- glorytun-udp/init | 24 ++-- luci-app-glorytun-udp/Makefile | 16 +++ .../resources/view/services/glorytun-udp.js | 104 ++++++++++++++++++ .../root/etc/config/glorytun-udp | 10 ++ .../root/etc/hotplug.d/iface/30-glorytun-udp | 28 +++++ .../etc/uci-defaults/1201-luci-glorytun-udp | 47 ++++++++ .../luci/menu.d/luci-app-glorytun-udp.json | 13 +++ .../rpcd/acl.d/luci-app-glorytun-udp.json | 11 ++ 8 files changed, 239 insertions(+), 14 deletions(-) create mode 100644 luci-app-glorytun-udp/Makefile create mode 100644 luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js create mode 100644 luci-app-glorytun-udp/root/etc/config/glorytun-udp create mode 100644 luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp create mode 100644 luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp create mode 100644 luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json create mode 100644 luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json diff --git a/glorytun-udp/init b/glorytun-udp/init index b9a18c526..5bb5a9a5d 100755 --- a/glorytun-udp/init +++ b/glorytun-udp/init @@ -1,7 +1,7 @@ #!/bin/sh /etc/rc.common # vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 : # Copyright (C) 2015 ovh.com -# Copyright (C) 2017 Ycarus (Yannick Chabanois) +# Copyright (C) 2017-2020 Ycarus (Yannick Chabanois) START=90 STOP=10 @@ -19,22 +19,20 @@ _err() { } validate_section() { - uci_validate_section glorytun glorytun "${1}" \ + uci_validate_section glorytun-udp glorytun-udp "${1}" \ 'enable:bool:0' \ + 'mode:string' \ 'key:string' \ 'host:host' \ 'port:port' \ 'proto:string' \ - 'bind:string:0.0.0.0' \ - 'bindport:port' \ - 'mtu:uinteger:1450' \ 'mtuauto:bool:0' \ - 'chacha20:bool:0' \ + 'chacha:bool:0' \ 'dev:string' } start_instance() { - local enable key host port listener proto bind bindport mtu mtuauto chacha20 dev + local enable key host port listener proto mtuauto chacha dev mode validate_section "${1}" || { _err "validation failed" @@ -42,12 +40,12 @@ start_instance() { } [ "${enable}" = "1" ] || return 1 - [ "${proto}" = "udp" ] || return 1 [ -n "${key}" ] || return 1 [ "${key}" != "secretkey" ] || return 1 [ -n "${port}" ] || return 1 [ -n "${dev}" ] || return 1 + [ -n "${mode}" ] || return 1 echo "${key}" > /tmp/${PROG_NAME}-${1}.key key="" @@ -62,15 +60,13 @@ start_instance() { procd_open_instance procd_set_param command ${PROG} \ - ${bind:+bind from "$bind"} \ - ${bindport:+port "$bindport"} \ - ${host:+to addr "$host"} \ + ${host:+bind ${mode} addr "$host"} \ ${port:+port "$port"} \ ${dev:+dev "$dev"} \ keyfile /tmp/${PROG_NAME}-${1}.key \ persist - [ "${chacha20}" = "1" ] && procd_append_param command chacha + [ "${chacha}" = "1" ] && procd_append_param command chacha procd_set_param respawn 0 30 0 procd_set_param file /tmp/${PROG_NAME}-${1}.key @@ -104,8 +100,8 @@ add_glorytun_path() { start_service() { local dev - config_load glorytun - config_foreach start_instance glorytun + config_load glorytun-udp + config_foreach start_instance glorytun-udp } reload_service() { diff --git a/luci-app-glorytun-udp/Makefile b/luci-app-glorytun-udp/Makefile new file mode 100644 index 000000000..97608e0e7 --- /dev/null +++ b/luci-app-glorytun-udp/Makefile @@ -0,0 +1,16 @@ +# +# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) +# +# + +include $(TOPDIR)/rules.mk + +LUCI_TITLE:=LuCI Interface to Glorytun UDP +LUCI_DEPENDS:=+glorytun-udp + +PKG_LICENSE:=GPLv3 + +#include ../luci/luci.mk +include $(TOPDIR)/feeds/luci/luci.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js b/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js new file mode 100644 index 000000000..2975af525 --- /dev/null +++ b/luci-app-glorytun-udp/htdocs/luci-static/resources/view/services/glorytun-udp.js @@ -0,0 +1,104 @@ +'use strict'; +'require rpc'; +'require poll'; +'require form'; +'require fs'; +'require uci'; +'require tools.widgets as widgets'; + +var callHostHints; + +var callServiceList = rpc.declare({ + object: 'service', + method: 'list', + params: [ 'name' ], + expect: { '': {} } +}); + +return L.view.extend({ + callHostHints: rpc.declare({ + object: 'luci-rpc', + method: 'getHostHints', + expect: { '': {} } + }), + + load: function() { + return this.callHostHints(); + }, + + render: function(hosts) { + var m, s, o; + + m = new form.Map('glorytun-udp', _('Glorytun UDP')); + + s = m.section(form.GridSection, 'glorytun-udp', _('Instances')); + s.addremove = true; + s.anonymous = true; + s.nodescriptions = true; + + s.tab('general', _('General Settings')); + s.tab('advanced', _('Advanced Settings')); + + o = s.taboption('general', form.Flag, 'enable', _('Enabled')); + o.default = o.enabled; + + o = s.taboption('general', form.ListValue, 'mode', _('Mode')); + o.value('to',_('Client')); + o.value('from',_('Server')); + o.modalonly = true; + + o = s.taboption('general', form.Value, 'host', _('Host')); + o.rmempty = false; + + o = s.taboption('general', form.Value, 'port', _('Port')); + o.rmempty = false; + + o = s.taboption('general', form.Value, 'key', _('Key')); + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('general', form.Value, 'dev', _('Interface name')); + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('general', form.Value, 'localip', _('Local IP')); + o.datatype = 'or(ip4addr,ip6addr)'; + o.rmempty = false; + + o = s.taboption('general', form.Value, 'remoteip', _('Remote IP')); + o.datatype = 'or(ip4addr,ip6addr)'; + o.rmempty = false; + + o = s.taboption('advanced', form.Flag, 'persist', _('Persist'), _('Keep the tunnel device after exiting')); + o.default = o.enabled; + o.modalonly = true; + + o = s.taboption('advanced', form.Flag, 'chacha', _('chacha'), _('Force fallback cipher')); + o.default = o.enabled; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'kxtimeout', _('Key rotation timeout')); + o.default = '7d'; + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'timetolerance', _('Clock sync tolerance')); + o.default = '10m'; + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('advanced', form.Value, 'keepalive', _('Keep alive timeout')); + o.default = '25s'; + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('advanced', form.Flag, 'auto', _('Dynamic rate detection')); + o.rmempty = false; + o.modalonly = true; + + o = s.taboption('general',form.Value, 'label', _('Label')); + o.rmempty = true; + + return m.render(); + } +}); diff --git a/luci-app-glorytun-udp/root/etc/config/glorytun-udp b/luci-app-glorytun-udp/root/etc/config/glorytun-udp new file mode 100644 index 000000000..d5d356dd6 --- /dev/null +++ b/luci-app-glorytun-udp/root/etc/config/glorytun-udp @@ -0,0 +1,10 @@ +config glorytun-udp 'vpn' + option enable '0' + option host '127.0.0.1' + option port '65001' + option dev 'tun0' + option key '' + option chacha '1' + option localip '10.255.254.2' + option remoteip '10.255.254.1' + option mode 'to' diff --git a/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp b/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp new file mode 100644 index 000000000..b942fd60c --- /dev/null +++ b/luci-app-glorytun-udp/root/etc/hotplug.d/iface/30-glorytun-udp @@ -0,0 +1,28 @@ +#!/bin/sh +# +# Load the glorytun config +# +# Author: Ycarus (Yannick Chabanois) +# Released under GPL 3 or later + +[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0 + +. /lib/functions.sh +. /lib/functions/network.sh + +set_default() { + local localip + local remoteip + local config="$1" + local iface + config_get enable "$config" enable + config_get iface "$config" dev + [ "$iface" = "$DEVICE" ] && [ "$enable" = "1" ] && { + config_get localip "$config" localip + config_get remoteip "$config" remoteip + [ "$remoteip" != "" ] && [ "$localip" != "" ] && ifconfig $DEVICE $localip pointopoint $remoteip up + } +} + +config_load glorytun-udp +config_foreach set_default glorytun-udp diff --git a/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp b/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp new file mode 100644 index 000000000..dbecf5b5b --- /dev/null +++ b/luci-app-glorytun-udp/root/etc/uci-defaults/1201-luci-glorytun-udp @@ -0,0 +1,47 @@ +#!/bin/sh + +uci -q batch <<-EOF >/dev/null + delete glorytun-udp[-1] + add ucitrack glorytun-udp + set ucitrack.@glorytun-udp[-1].init=glorytun-udp + commit ucitrack +EOF + +if [ "$(uci -q get network.glorytun-udp)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then + uci -q batch <<-EOF >/dev/null + delete network.glorytun-udp + set network.glorytun-udp=interface + set network.glorytun-udp.ifname=tun0 + set network.glorytun-udp.proto=dhcp + set network.glorytun-udp.ip4table=vpn + set network.glorytun-udp.multipath=off + set network.glorytun-udp.leasetime=12h + commit network + EOF +fi + +if [ "$(uci -q show firewall | grep glorytun-udp)" = "" ] && [ "$(uci -q get network.omrvpn)" = "" ]; then + uci -q batch <<-EOF >/dev/null + set firewall.zone_vpn=zone + set firewall.zone_vpn.name=vpn + set firewall.zone_vpn.network=glorytun-udp + set firewall.zone_vpn.masq=1 + set firewall.zone_vpn.input=REJECT + set firewall.zone_vpn.forward=ACCEPT + set firewall.zone_vpn.output=ACCEPT + commit firewall + EOF +fi +if [ "$(uci -q show firewall | grep Allow-All-LAN-to-VPN)" = "" ]; then + uci -q batch <<-EOF >/dev/null + add firewall rule + set firewall.@rule[-1].enabled='1' + set firewall.@rule[-1].target='ACCEPT' + set firewall.@rule[-1].name='Allow-All-LAN-to-VPN' + set firewall.@rule[-1].dest='vpn' + set firewall.@rule[-1].src='lan' + commit firewall + EOF +fi +rm -f /tmp/luci-indexcache +exit 0 diff --git a/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json b/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json new file mode 100644 index 000000000..b84551484 --- /dev/null +++ b/luci-app-glorytun-udp/root/usr/share/luci/menu.d/luci-app-glorytun-udp.json @@ -0,0 +1,13 @@ +{ + "admin/vpn/glorytun-udp": { + "title": "Glorytun UDP", + "order": 60, + "action": { + "type": "view", + "path": "services/glorytun-udp" + }, + "depends": { + "acl": [ "luci-app-glorytun-udp" ] + } + } +} diff --git a/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json b/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json new file mode 100644 index 000000000..3e24adb8e --- /dev/null +++ b/luci-app-glorytun-udp/root/usr/share/rpcd/acl.d/luci-app-glorytun-udp.json @@ -0,0 +1,11 @@ +{ + "luci-app-glorytun-udp": { + "description": "Grant access to glorytun UDP", + "read": { + "uci": [ "glorytun-udp" ] + }, + "write": { + "uci": [ "glorytun-udp" ] + } + } +} \ No newline at end of file