#!/bin/sh /etc/rc.common # Copyright (C) 2018 Ycarus (Yannick Chabanois) # Released under GPL 3. See LICENSE for the full terms. START=99 USE_PROCD=1 EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall" _parse_result() { result=$("echo $1 | jsonfilter -q -e '@.result'") echo $result } _login() { local username password auth server="$(uci -q get openmptcprouter.${servername}.ip)" [ -z "$server" ] && server="$(uci -q get shadowsocks-libev.sss0.server)" username="$(uci -q get openmptcprouter.${servername}.username)" password="$(uci -q get openmptcprouter.${servername}.password)" serverport="$(uci -q get openmptcprouter.${servername}.port)" if [ -z "$token" ]; then auth=`curl --max-time 10 -s -k -H "Content-Type: application/json" -X POST -d '{"username":"'$username'","password":"'$password'"}' https://$server:$serverport/login` [ -z "$auth" ] && return token="$(echo "$auth" | jsonfilter -q -e '@.token')" uci -q set openmptcprouter.${servername}.token="$token" fi } _get_json() { local route result route=$1 [ -z "$token" ] && _login [ -n "$token" ] && { result=`curl --max-time 10 -s -k -H "Authorization: Bearer $token" https://$server:$serverport/$route` echo $result } || { echo '' } } _set_json() { local route result settings route=$1 settings="$2" [ -z "$token" ] && _login [ -n "$token" ] && { result=`curl --max-time 10 -s -k -H "Authorization: Bearer $token" -H "Content-Type: application/json" -X POST -d "$settings" https://$server:$serverport/$route` echo $result } || { echo '' } } _set_glorytun_vps() { local enabled port key enabled="$(uci -q get glorytun.vpn.enable)" [ "$enabled" != "1" ] && echo "Glorytun disabled" && return port="$(uci -q get glorytun.vpn.port)" key="$(uci -q get glorytun.vpn.key)" chacha="$(uci -q get glorytun.vpn.chacha20)" if [ "$chacha" = "1" ]; then chacha="true" else chacha="false" fi [ -z "$key" ] && echo "Glorytun key not set" && return local current_port current_key current_chacha [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return current_port="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.port')" current_key="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.key')" current_chacha="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.chacha')" if [ "$current_port" != "$port" ] || [ "$current_key" != "$key" ] || [ "$current_chacha" != "$chacha" ]; then local settings settings='{"port": '$port',"key":"'$key'", "chacha": "'$chacha'"}' echo $(_set_json "glorytun" "$settings") else echo 1 fi } _set_openvpn_vps() { local enabled port key enabled="$(uci -q get openvpn.omr.enabled)" [ "$enabled" != "1" ] && echo "OpenVPN disabled" && return port="$(uci -q get openvpn.omr.port)" keyfile="$(uci -q get openvpn.omr.secret)" if [ -n "$keyfile" ]; then key="$(cat $keyfile | base64)" else key="" fi [ -z "$key" ] && echo "OpenVPN key not set" && return local current_port current_key [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return current_port="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.port')" current_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.key')" if [ "$current_port" != "$port" ] || [ "$current_key" != "$key" ]; then local settings settings='{"port": '$port',"key":"'$key'"}' echo $(_set_json "openvpn" "$settings") else echo 1 fi } _get_ss_redir() { config_get cf_ebpf $1 ebpf [ "$cf_ebpf" = "1" ] && ebpf="true" config_get cf_fast_open $1 fast_open [ "$cf_fast_open" = "1" ] && fast_open="true" config_get cf_no_delay $1 no_delay [ "$cf_no_delay" = "1" ] && no_delay="true" } _get_ss_server() { config_get cf_obfs $1 obfs [ "$cf_obfs" = "1" ] && obfs="true" config_get obfs_plugin $1 obfs_plugin config_get obfs_type $1 obfs_type } _set_ss_server_vps() { local disabled port key method config_get disabled $1 disabled [ "$disabled" = "1" ] && return config_get port $1 server_port #config_get server $1 server config_get key $1 key key="$(echo $key | sed 's/+/-/g; s/\//_/g;')" [ -z "$key" ] && return config_get method $1 method local current_port current_key current_method [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return current_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.port')" current_key="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.key')" current_method="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.method')" current_ebpf="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.ebpf')" current_obfs="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs')" current_obfs_plugin="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_plugin')" current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')" current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')" current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')" ebpf="false" fast_open="false" no_delay="false" obfs="false" obfs_plugin="v2ray" obfs_type="http" config_load shadowsocks-libev config_foreach _get_ss_redir ss_redir config_foreach _get_ss_server server if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then local settings settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}' echo $(_set_json "shadowsocks" "$settings") fi } _get_vps_config() { [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return vps_lastchange="$(echo "$vps_config" | jsonfilter -q -e '@.vps.lastchange')" if [ -n "$(uci -q get openmptcprouter.${servername}.lastchange)" ] && [ -n "$vps_lastchange" ] && [ "$vps_lastchange" -gt "$(uci -q get openmptcprouter.${servername}.lastchange)" ]; then _set_config_from_vps fi piholeomr="$(uci -q get openmptcprouter.${servername}.pihole)" pihole="$(echo "$vps_config" | jsonfilter -q -e '@.pihole.state')" if [ "$pihole" = "true" ] && [ "$piholeomr" != "1" ]; then uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.pihole='1' commit openmptcprouter EOF elif [ "$pihole" = "false" ] && [ "$piholeomr" != "0" ]; then uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.pihole='0' commit openmptcprouter EOF fi vps_kernel="$(echo "$vps_config" | jsonfilter -q -e '@.vps.kernel')" vps_machine="$(echo "$vps_config" | jsonfilter -q -e '@.vps.machine')" vps_omr_version="$(echo "$vps_config" | jsonfilter -q -e '@.vps.omr_version')" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.kernel=$vps_kernel set openmptcprouter.${servername}.machine=$vps_machine set openmptcprouter.${servername}.omr_version=$vps_omr_version EOF vpn="$(uci -q get openmptcprouter.settings.vpn)" glorytun_state=0 glorytun_change=0 if [ "$vpn" = "glorytun_tcp" ]; then glorytun_state=1 uci -q set glorytun.vpn.proto='tcp' client_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.client_ip')" host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.host_ip')" if [ "$client_ip" != "dhcp" ] && [ -n "$client_ip" ]; then if [ "$host_ip" != "$(uci -q get glorytun.vpn.remoteip)" ] || [ "$client_ip" != "$(uci -q get glorytun.vpn.localip)" ]; then uci -q batch <<-EOF >/dev/null set glorytun.vpn.localip=$client_ip set glorytun.vpn.remoteip=$host_ip EOF glorytun_change=1 fi if [ "$(uci -q get network.omrvpn.proto)" != 'none' ]; then uci -q batch <<-EOF >/dev/null set network.omrvpn.proto='none' commit network EOF glorytun_change=1 fi else if [ "$(uci -q get glorytun.vpn.remoteip)" != "" ] || [ "$(uci -q get glorytun.vpn.localip)" != "" ]; then uci -q batch <<-EOF >/dev/null delete glorytun.vpn.localip delete glorytun.vpn.remoteip EOF glorytun_change=1 fi if [ "$(uci -q get network.omrvpn.proto)" != 'dhcp' ]; then uci -q batch <<-EOF >/dev/null set network.omrvpn.proto='dhcp' commit network EOF glorytun_change=1 fi fi fi if [ "$vpn" = "glorytun_udp" ]; then glorytun_state=1 uci -q set glorytun.vpn.proto='udp' client_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.client_ip')" host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.host_ip')" if [ "$client_ip" != "dhcp" ] && [ -n "$client_ip" ]; then if [ "$host_ip" != "$(uci -q get glorytun.vpn.remoteip)" ] || [ "$client_ip" != "$(uci -q get glorytun.vpn.localip)" ]; then uci -q batch <<-EOF >/dev/null set glorytun.vpn.localip=$client_ip set glorytun.vpn.remoteip=$host_ip EOF glorytun_change=1 fi if [ "$(uci -q get network.omrvpn.proto)" = "dhcp" ]; then uci -q batch <<-EOF >/dev/null set network.omrvpn.proto='none' commit network EOF glorytun_change=1 fi else if [ "$(uci -q get glorytun.vpn.remoteip)" != "" ] || [ "$(uci -q get glorytun.vpn.localip)" != "" ]; then uci -q batch <<-EOF >/dev/null delete glorytun.vpn.localip delete glorytun.vpn.remoteip EOF glorytun_change=1 fi if [ "$(uci -q get network.omrvpn.proto)" != "dhcp" ]; then uci -q batch <<-EOF >/dev/null set network.omrvpn.proto='dhcp' commit network EOF glorytun_change=1 fi fi fi vpsip="$(uci -q get openmptcprouter.${servername}.ip)" if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "$vpsip" ]; then uci -q batch <<-EOF >/dev/null set shadowsocks-libev.sss0.server="$vpsip" commit shadowsocks-libev EOF logger -t "OMR-VPS" "Restart shadowsocks..." /etc/init.d/shadowsocks-libev restart fi if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ] && [ "$(uci -q get openvpn.omr.remote)" != "$vpsip" ]; then uci -q batch <<-EOF >/dev/null set openvpn.omr.remote="$vpsip" commit openvpn EOF logger -t "OMR-VPS" "Restart OpenVPN..." /etc/init.d/openvpn restart fi if [ "$(uci -q get dsvpn.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get dsvpn.vpn.host)" != "$vpsip" ]; then uci -q batch <<-EOF >/dev/null set dsvpn.vpn.host="$vpsip" commit dsvpn EOF logger -t "OMR-VPS" "Restart DSVPN..." /etc/init.d/dsvpn restart fi if [ "$(uci -q get mlvpn.general.host)" != "127.0.0.1" ] && [ "$(uci -q get mlvpn.general.host)" != "$vpsip" ]; then uci -q batch <<-EOF >/dev/null set mlvpn.general="mlvpn" set mlvpn.general.host="$vpsip" commit mlvpn EOF logger -t "OMR-VPS" "Restart MLVPN..." /etc/init.d/mlvpn restart fi if [ "$(uci -q get glorytun.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get glorytun.vpn.host)" != "$vpsip" ]; then uci -q batch <<-EOF >/dev/null set glorytun.vpn.host="$vpsip" EOF glorytun_change=1 fi if [ "$glorytun_change" != "0" ]; then logger -t "OMR-VPS" "Restart glorytun..." uci -q batch <<-EOF >/dev/null commit glorytun EOF /etc/init.d/glorytun restart >/dev/null 2>&1 /etc/init.d/glorytun-udp restart >/dev/null 2>&1 fi } _set_pihole() { [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return vpn="$(uci -q get openmptcprouter.settings.vpn)" piholeomr="$(uci -q get openmptcprouter.${servername}.pihole)" pihole="$(echo "$vps_config" | jsonfilter -q -e '@.pihole.state')" if [ "$pihole" = "true" ] && [ "$piholeomr" != "1" ]; then uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.pihole='1' commit openmptcprouter EOF elif [ "$pihole" = "false" ] && [ "$piholeomr" != "0" ]; then uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.pihole='0' commit openmptcprouter EOF fi if [ "$vpn" = "glorytun_tcp" ]; then host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.host_ip')" if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then uci -q batch <<-EOF >/dev/null delete dhcp.@dnsmasq[0].server add_list dhcp.@dnsmasq[0].server="$host_ip#53" set dhcp.@dnsmasq[0].rebind_protection='0' commit dhcp EOF logger -t "OMR-VPS" "Restart dnsmasq..." /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi fi if [ "$vpn" = "glorytun_udp" ]; then host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.host_ip')" if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then uci -q batch <<-EOF >/dev/null delete dhcp.@dnsmasq[0].server add_list dhcp.@dnsmasq[0].server="$host_ip#53" set dhcp.@dnsmasq[0].rebind_protection='0' commit dhcp EOF logger -t "OMR-VPS" "Restart dnsmasq..." /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi fi if [ "$vpn" = "openvpn" ]; then host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.host_ip')" if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then uci -q batch <<-EOF >/dev/null delete dhcp.@dnsmasq[0].server add_list dhcp.@dnsmasq[0].server="$host_ip#53" set dhcp.@dnsmasq[0].rebind_protection='0' commit dhcp EOF logger -t "OMR-VPS" "Restart dnsmasq..." /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi fi if [ "$vpn" = "mlvpn" ]; then host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.mlvpn.host_ip')" if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then uci -q batch <<-EOF >/dev/null delete dhcp.@dnsmasq[0].server add_list dhcp.@dnsmasq[0].server="$host_ip#53" set dhcp.@dnsmasq[0].rebind_protection='0' commit dhcp EOF logger -t "OMR-VPS" "Restart dnsmasq..." /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi fi if [ "$vpn" = "dsvpn" ]; then host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.host_ip')" if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then uci -q batch <<-EOF >/dev/null delete dhcp.@dnsmasq[0].server add_list dhcp.@dnsmasq[0].server="$host_ip#53" set dhcp.@dnsmasq[0].rebind_protection='0' commit dhcp EOF logger -t "OMR-VPS" "Restart dnsmasq..." /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi fi } _set_redirect_ports_from_vps() { redirect_ports=$1 [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return redirect_ports_current="$(echo "$vps_config" | jsonfilter -q -e '@.shorewall.redirect_ports')" [ "$redirect_ports" = "1" ] && redirect_ports_request="enable" [ "$redirect_ports" = "0" ] && redirect_ports_request="disable" if [ "$redirect_ports_request" != "$redirect_ports_current" ]; then settings='{"redirect_ports": "'$redirect_ports_request'"}' echo $(_set_json "shorewall" "$settings") else echo 1 fi } _set_mptcp_vps() { local settings [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return mptcp_enabled_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.enabled')" checksum_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.checksum')" path_manager_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')" scheduler_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')" syn_retries_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.syn_retries')" congestion_control_current="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')" mptcp_enabled="$(uci -q get network.globals.multipath)" if [ "$mptcp_enabled" = "disable" ]; then mptcp_enabled="0" else mptcp_enabled="1" fi checksum="$(uci -q get network.globals.mptcp_checksum)" path_manager="$(uci -q get network.globals.mptcp_path_manager)" scheduler="$(uci -q get network.globals.mptcp_scheduler)" syn_retries="$(uci -q get network.globals.mptcp_syn_retries)" congestion="$(uci -q get network.globals.congestion)" [ -z "$congestion" ] && congestion="bbr" if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}' echo $(_set_json "mptcp" "$settings") else echo 1 fi } _set_vpn_vps() { local settings [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return vpn_current="$(echo "$vps_config" | jsonfilter -q -e '@.vps.current')" vpn="$(uci -q get openmptcprouter.settings.vpn)" if [ "$vpn_current" != "$vpn" ]; then settings='{"vpn" : "'$vpn'"}' echo $(_set_json "vpn" "$settings") else echo 1 fi } _get_local_wan_ip() { wanip="$(uci -q get openmptcprouter.$1.publicip)" [ -n "$wanip" ] && { [ -z "$wanips" ] && wanips=$wanip || wanips="$wanips"'\n'"$wanip" } } _set_wan_ip() { local settings [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return wanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.wan.ips')" if [ -n "$wanips" ] && [ "$wanip_current" != "$wanips" ]; then settings='{"ips" : "'$wanips'"}' result=$(_set_json "wan" "$settings") #echo $(_set_json "wan" "$settings") #else # echo 1 fi } _vps_firewall_redirect_port() { local src proto src_dport config_get src $1 src config_get proto $1 proto config_get src_dport $1 src_dport [ -n "$src" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && { if [ "$proto" = "tcp udp" ]; then vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port tcp") settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT"}' _set_json "shorewallopen" "$settings" vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port udp") settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT"}' _set_json "shorewallopen" "$settings" else vpsfwlist=$(echo "$vpsfwlist" | grep -v "$port # OMR redirect router $src_dport port $proto") settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}' _set_json "shorewallopen" "$settings" fi } || echo 1 } _vps_firewall_close_port() { echo "$vpsfwlist" echo "$vpsfwlist" | while read -r line; do echo "line: $line" [ -n "$line" ] && { proto=$(echo $line | awk '{print $4}') src_port=$(echo $line | awk '{print $5}') settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT"}' _set_json "shorewallclose" "$settings" } done } _set_vps_firewall() { servername=$1 [ "$(uci -q get openmptcprouter.${servername}.nofwredirect)" = "1" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } settings='{"name" : "redirect router"}' fw_list=$(_set_json "shorewalllist" "$settings") vpsfwlist=$(echo $fw_list | jsonfilter -q -e '@.list[*]' | sed '/^[[:space:]]*$/d') config_load firewall config_foreach _vps_firewall_redirect_port redirect [ -n "$vpsfwlist" ] && _vps_firewall_close_port } set_vps_firewall() { config_load openmptcprouter config_foreach _set_vps_firewall server } _set_ss_redir() { local option=$2 local value=$3 if [ "$value" = "true" ]; then value=1 elif [ "$value" = "false" ]; then value=0 fi uci -q set shadowsocks-libev.$1.$option=$value } _set_config_from_vps() { local shadowsocks_disabled vpn glorytun_state redirect shorewall_redirect mlvpn_key openvpn_key dsvpn_key [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return logger -t "OMR-VPS" "Get config from VPS..." # get VPS ip vpsip="$(uci -q get openmptcprouter.${servername}.ip)" vps_lastchange="$(echo "$vps_config" | jsonfilter -q -e '@.vps.lastchange')" # Set current VPN current_vpn="$(uci -q get openmptcprouter.settings.vpn)" if [ -z "$current_vpn" ] || [ -n "$vps_lastchange" ]; then current_vpn="$(echo "$vps_config" | jsonfilter -q -e '@.vpn.current')" if [ -n "$current_vpn" ]; then uci -q batch <<-EOF >/dev/null set openmptcprouter.settings.vpn=${current_vpn} commit openmptcprouter EOF fi fi # Shadowsocks settings shadowsocks_disabled="$(uci -q get openmptcprouter.settings.shadowsocks_disable)" [ -z "$shadowsocks_disabled" ] && shadowsocks_disabled=0 ss_key="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.key')" ss_key="$(echo $ss_key | sed 's/-/+/g; s/_/\//g;')" if [ -n "$ss_key" ] && [ "$ss_key" != "$(uci -q get shadowsocks-libev.sss0.key)" ]; then ss_method="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.method')" ss_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.port')" ss_ebpf="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.ebpf')" if [ "$ss_ebpf" = "true" ] && [ "$ss_method" = "none" ]; then ss_ebpf=1 else ss_ebpf=0 fi [ -z "$ss_port" ] && ss_port=65101 ss_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')" ss_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')" ss_obfs="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs')" ss_obfs_plugin="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_plugin')" ss_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')" ss_obfs_host="$(echo "$vps_config" | jsonfilter -q -e '@.network.domain')" #ss_reuse_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.reuse_port')" config_load shadowsocks-libev config_foreach _set_ss_redir ss_redir "no_delay" $ss_no_delay config_foreach _set_ss_redir ss_redir "fast_open" $ss_fast_open config_foreach _set_ss_redir ss_redir "ebpf" $ss_ebpf config_foreach _set_ss_redir ss_local "no_delay" $ss_no_delay config_foreach _set_ss_redir ss_local "fast_open" $ss_fast_open config_foreach _set_ss_redir ss_local "ebpf" $ss_ebpf uci -q batch <<-EOF >/dev/null set shadowsocks-libev.sss0.key=$ss_key set shadowsocks-libev.sss0.server_port=$ss_port set shadowsocks-libev.sss0.method=$ss_method set shadowsocks-libev.sss0.disabled=$shadowsocks_disabled set shadowsocks-libev.sss0.obfs=$ss_obfs set shadowsocks-libev.sss0.obfs_plugin=$ss_obfs_plugin set shadowsocks-libev.sss0.obfs_type=$ss_obfs_type set shadowsocks-libev.sss0.obfs_host=$ss_obfs_host EOF if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ]; then uci -q set shadowsocks-libev.sss0.server="$vpsip" fi uci -q commit shadowsocks-libev.sss0 logger -t "OMR-VPS" "Shadowsocks restart..." /etc/init.d/shadowsocks-libev restart >/dev/null 2>&1 fi # Glorytun settings glorytun_key="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.key')" if [ -n "$glorytun_key" ] && [ "$glorytun_key" != "$(uci -q get glorytun.vpn.key)" ]; then vpn="$(uci -q get openmptcprouter.settings.vpn)" glorytun_state=0 if [ "$vpn" = "glorytun_tcp" ]; then glorytun_state=1 fi if [ "$vpn" = "glorytun_udp" ]; then glorytun_state=1 fi glorytun_port="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.port')" [ -z "$glorytun_port" ] && glorytun_port="65001" glorytun_chacha="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.chacha')" [ -z "$glorytun_chacha" ] || [ "$glorytun_chacha" = "true" ] && glorytun_chacha=1 [ "$glorytun_chacha" = "false" ] && glorytun_chacha=0 uci -q batch <<-EOF >/dev/null set glorytun.vpn.port=$glorytun_port set glorytun.vpn.key=$glorytun_key set glorytun.vpn.enable=$glorytun_state set glorytun.vpn.chacha20=$glorytun_chacha EOF if [ "$(uci -q get glorytun.vpn.host)" != "127.0.0.1" ]; then uci -q set glorytun.vpn.host="$vpsip" fi uci -q commit glorytun logger -t "OMR-VPS" "Glorytun restart..." /etc/init.d/glorytun restart >/dev/null 2>&1 /etc/init.d/glorytun-udp restart >/dev/null 2>&1 fi # OpenVPN settings openvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.key')" [ -n "$openvpn_key" ] && { echo $openvpn_key | base64 -d > /etc/luci-uploads/openvpn.key openvpn_port="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.port')" [ -z "$openvpn_port" ] && openvpn_port="65001" vpn="$(uci -q get openmptcprouter.settings.vpn)" openvpn_state=0 if [ "$vpn" = "openvpn" ]; then openvpn_state=1 fi uci -q batch <<-EOF >/dev/null set openvpn.omr.port=$openvpn_port set openvpn.omr.secret="/etc/luci-uploads/openvpn.key" set openvpn.omr.enabled=$openvpn_state EOF if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ]; then uci -q set openvpn.omr.remote="$vpsip" fi uci -q commit openvpn logger -t "OMR-VPS" "OpenVPN restart..." /etc/init.d/openvpn restart } openvpn_client_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_key')" [ -n "$openvpn_client_key" ] && { echo $openvpn_client_key | base64 -d > /etc/luci-uploads/client.key } openvpn_client_crt="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_crt')" [ -n "$openvpn_client_crt" ] && { echo $openvpn_client_crt | base64 -d > /etc/luci-uploads/client.crt } openvpn_client_ca="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.client_ca')" [ -n "$openvpn_client_ca" ] && { echo $openvpn_client_ca | base64 -d > /etc/luci-uploads/ca.crt } # MLVPN settings mlvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.mlvpn.key')" if [ -n "$mlvpn_key" ] && [ "$mlvpn_key" != "$(uci -q get mlvpn.general.password)" ]; then vpn="$(uci -q get openmptcprouter.settings.vpn)" mlvpn_state=0 if [ "$vpn" = "mlvpn" ]; then mlvpn_state=1 fi uci -q batch <<-EOF >/dev/null set mlvpn.general.password=$mlvpn_key set mlvpn.general.enable=$mlvpn_state commit mlvpn EOF if [ "$(uci -q get mlvpn.general.host)" != "127.0.0.1" ]; then uci -q set mlvpn.general.host="$vpsip" fi uci -q commit mlvpn logger -t "OMR-VPS" "MLVPN restart..." /etc/init.d/mlvpn restart fi # DSVPN settings dsvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.key')" if [ -n "$dsvpn_key" ] && [ "$dsvpn_key" != "$(uci -q get dsvpn.vpn.key)" ]; then dsvpn_state=0 if [ "$vpn" = "dsvpn" ]; then dsvpn_state=1 fi uci -q batch <<-EOF >/dev/null set dsvpn.vpn.key=$dsvpn_key set dsvpn.vpn.enable=$dsvpn_state commit dsvpn EOF if [ "$(uci -q get dsvpn.vpn.host)" != "127.0.0.1" ]; then uci -q set dsvpn.vpn.host="$vpsip" fi uci -q commit dsvpn logger -t "OMR-VPS" "DSVPN restart..." /etc/init.d/dsvpn restart fi # Shorewall settings shorewall_redirect="$(echo "$vps_config" | jsonfilter -q -e '@.shorewall.redirect_ports')" [ "$shorewall_redirect" = "enable" ] && redirect="1" [ "$shorewall_redirect" = "disable" ] && redirect="0" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.redirect_ports=$redirect EOF # MPTCP settings mptcp_path_manager="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')" mptcp_scheduler="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')" mptcp_checksum="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.checksum')" mptcp_syn_retries="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.syn_retries')" mptcp_enabled="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.enabled')" if [ "$mptcp_enabled" = "0" ]; then mptcp_enabled="disable" else mptcp_enabled="enable" fi congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')" uci -q batch <<-EOF >/dev/null set network.globals.multipath=$mptcp_enabled set network.globals.mptcp_path_manager=$mptcp_path_manager set network.globals.mptcp_scheduler=$mptcp_scheduler set network.globals.mptcp_checksum=$mptcp_checksum set network.globals.mptcp_syn_retries=$mptcp_syn_retries set network.globals.congestion=$congestion commit network EOF # Check if server get an IPv6, if not disable IPv6 on OMR vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')" if [ -z "$vps_ipv6_addr" ]; then if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ]; then logger -t "OMR-VPS" "No IPv6 support on VPS side. IPv6 disabled." fi uci -q batch <<-EOF >/dev/null set openmptcprouter.settings.disable_ipv6=1 EOF sysctl -qw net.ipv6.conf.all.disable_ipv6=1 fi # Get VPS iperf config iperf_user="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.user')" iperf_pass="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.password')" iperf_key="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.key')" uci -q batch <<-EOF >/dev/null del iperf.${servername} set iperf.${servername}=server set iperf.${servername}.host=$server set iperf.${servername}.ports=65400 set iperf.${servername}.ipv4=1 set iperf.${servername}.ipv6=0 set iperf.${servername}.speed=1000 set iperf.${servername}.tcp=1 set iperf.${servername}.udp=1 set iperf.${servername}.user=$iperf_user set iperf.${servername}.password=$iperf_pass set iperf.${servername}.key="$iperf_key" commit iperf EOF # Get available server available_vpn="$(echo "$vps_config" | jsonfilter -q -e '@.vpn.available' | sed -e 's/\[ //' -e 's/ \]//' -e 's/,//g')" uci -q batch <<-EOF >/dev/null del openmptcprouter.${servername}.available_vpn EOF if [ -n "$available_vpn" ]; then for vpn in $available_vpn; do uci -q batch <<-EOF >/dev/null add_list openmptcprouter.${servername}.available_vpn=$vpn EOF done fi uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.get_config=0 commit openmptcprouter EOF } _backup_send() { servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } sysupgrade -b /tmp/backup.tar.gz backup_data="$(cat /tmp/backup.tar.gz | base64 | tr -d '\n')" backup_sha256sum="$(sha256sum /tmp/backup.tar.gz | awk '{print $1}')" [ -n "$backup_data" ] && { logger -t "OMR-VPS" "Send backup file to server" local backupjson backupjson='{"data": "'$backup_data'","sha256sum": "'$backup_sha256sum'"}' _set_json "backuppost" "$backupjson" } } backup_send() { config_load openmptcprouter config_foreach _backup_send server sleep 2 config_foreach _backup_list server uci -q commit openmptcprouter } _backup_get() { servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } vps_backup=$(_get_json "backupget") [ -z "$vps_backup" ] && return backup_data="$(echo "$vps_backup" | jsonfilter -q -e '@.data')" backup_sha256sum="$(echo "$vps_backup" | jsonfilter -q -e '@.sha256sum')" [ -n "$backup_data" ] && { logger -t "OMR-VPS" "Restore backup" echo $backup_data | base64 -d > /tmp/backup.tar.gz sysupgrade -t /tmp/backup.tar.gz } } backup_get() { config_load openmptcprouter config_foreach _backup_get server uci -q commit openmptcprouter } _backup_list() { servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } vps_backup=$(_get_json "backuplist") [ -z "$vps_backup" ] && return backup_lastmodif="$(echo "$vps_backup" | jsonfilter -q -e '@.modif')" [ -n "$backup_lastmodif" ] && { uci -q set openmptcprouter.$servername.lastbackup=$backup_lastmodif } } backup_list() { config_load openmptcprouter config_foreach _backup_list server uci -q commit openmptcprouter } _count_server() { local servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return serversnb=$((serversnb+1)) } _config_service() { servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } error=0 [ "$(uci -q get openmptcprouter.${servername}.get_config)" = "1" ] && { _set_config_from_vps } _get_vps_config if [ "$(uci -q get openmptcprouter.settings.firstboot)" != "0" ]; then [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -n "$vps_config" ] && [ -n "$(cat /proc/cpuinfo | grep aes)" ] && { vps_aes="$(echo "$vps_config" | jsonfilter -q -e '@.vps.aes')" if [ "$vps_aes" != "false" ]; then logger -t "OMR-VPS" "CPU support AES, set it by default" uci -q batch <<-EOF >/dev/null set glorytun.vpn.chacha20="0" commit glorytun set shadowsocks-libev.sss0.method="aes-256-gcm" commit shadowsocks-libev EOF fi } [ -n "$vps_config" ] && uci -q set openmptcprouter.settings.firstboot=0 fi config_load shadowsocks-libev config_foreach _set_ss_server_vps server [ -z "$(_set_glorytun_vps)" ] && error=1 [ -z "$(_set_openvpn_vps)" ] && error=1 _set_vps_firewall _backup_list redirect_port="0" if [ "$(uci -q get openmptcprouter.${servername}.redirect_ports)" = "1" ] || [ "$(uci -q get upnpd.config.enabled)" = "1" ]; then redirect_port="1" fi [ -z "$(_set_redirect_ports_from_vps $redirect_port)" ] && error=1 [ -z "$(_set_mptcp_vps)" ] && error=1 [ -z "$(_set_vpn_vps)" ] && error=1 #_set_pihole [ -n "$wanips" ] && _set_wan_ip [ "$error" = 0 ] && uci -q set openmptcprouter.${servername}.lastchange=$(date "+%s") uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=$error EOF } _set_pihole_server() { servername=$1 [ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return [ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return token="" vps_config="" _login [ -z "$token" ] && { logger -t "OMR-VPS" "Can't get token, try later" uci -q batch <<-EOF >/dev/null set openmptcprouter.${servername}.admin_error=1 EOF return } _set_pihole $servername } set_pihole() { config_load openmptcprouter config_foreach _set_pihole_server server } start_service() { serversnb=0 wanips="" config_load openmptcprouter config_foreach _count_server server config_foreach _get_local_wan_ip interface config_foreach _config_service server uci -q batch <<-EOF >/dev/null commit openmptcprouter EOF } service_triggers() { procd_add_reload_trigger openmptcprouter shadowsocks-libev glorytun mlvpn openvpn network upnpd dsvpn #procd_add_reload_trigger openmptcprouter shadowsocks-libev network upnpd }