openmptcprouter-feeds/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn

#!/bin/sh

if [ "$(uci -q get network.omrvpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		delete network.glorytun
		delete network.omrvpn
		set network.omrvpn=interface
		set network.omrvpn.device=tun0
		set network.omrvpn.proto=none
		set network.omrvpn.ip4table=vpn
		set network.omrvpn.multipath=off
		set network.omrvpn.leasetime=12h
		set network.omrvpn.type=tunnel
		set network.omrvpn.txqueuelen=100
		commit network
	EOF
fi

if [ "$(uci -q get glorytun.vpn.localip)" = "10.0.0.2" ]; then
	uci -q batch <<-EOF >/dev/null
		delete glorytun.vpn.localip
		delete glorytun.vpn.remoteip
	EOF
fi

if [ "$(uci -q get network.omrvpn.txqueuelen)" = "1000" ]; then
	uci -q batch <<-EOF >/dev/null
		set network.omrvpn.txqueuelen=100
		commit network
	EOF
fi

if [ "$(uci -q get ipsec.ipsec.password)" = "myvpn" ]; then
	uci -q batch <<-EOF >/dev/null
		set ipsec.ipsec.enabled='0'
		commit ipsec
	EOF
	chmod u+x /etc/init.d/ipsec
fi


if [ "$(uci -q get dsvpn.vpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		set dsvpn.vpn=dsvpn
		set dsvpn.vpn.dev=tun0
		set dsvpn.vpn.port=65011
		set dsvpn.vpn.localip=10.255.251.2
		set dsvpn.vpn.remoteip=10.255.251.1
		set dsvpn.vpn.mode=client
		set dsvpn.vpn.enable=0
		commit dsvpn
	EOF
fi

if [ "$(uci -q get dsvpn.vpn.mode)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		set dsvpn.vpn.mode=client
		commit dsvpn
	EOF
fi

if [ "$(uci -q show firewall | grep omrvpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list firewall.zone_vpn.network=omrvpn
		delete firewall.allow_dhcp_request_vpn
		set firewall.allow_dhcp_request_vpn=rule
		set firewall.allow_dhcp_request_vpn.name=Allow-DHCP-Request-VPN
		set firewall.allow_dhcp_request_vpn.src=vpn
		set firewall.allow_dhcp_request_vpn.proto=udp
		set firewall.allow_dhcp_request_vpn.dest_port=67
		set firewall.allow_dhcp_request_vpn.target=ACCEPT
		set firewall.allow_dhcp_request_vpn.family=ipv4
		commit firewall
	EOF
fi
if [ "$(uci -q get ucitrack.@network[-1].affects | grep glorytun)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list ucitrack.@network[-1].affects="glorytun"
		commit ucitrack
	EOF
fi
if [ "$(uci -q get ucitrack.@network[-1].affects | grep glorytun-udp)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list ucitrack.@network[-1].affects="glorytun-udp"
		commit ucitrack
	EOF
fi
if [ "$(uci -q get ucitrack.@network[-1].affects | grep dsvpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list ucitrack.@network[-1].affects="dsvpn"
		commit ucitrack
	EOF
fi
if [ "$(uci -q get ucitrack.@glorytun[-1].affects | grep openmptcprouter-vps)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list ucitrack.@glorytun[-1].affects="openmptcprouter-vps"
		commit ucitrack
	EOF
fi
if [ "$(uci -q get ucitrack.@glorytun-udp[-1].affects | grep openmptcprouter-vps)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		add_list ucitrack.@glorytun-udp[-1].affects="openmptcprouter-vps"
		commit ucitrack
	EOF
fi

if [ "$(uci -q get glorytun-udp.vpn.key)" = "" ] && [ "$(uci -q get glorytun.vpn.key)" != "" ]; then
	uci -q batch <<-EOF >/dev/null
		set glorytun-udp.vpn.key=$(uci -q get glorytun.vpn.key)
		set glorytun-udp.vpn.host=$(uci -q get glorytun.vpn.host)
	EOF
	if [ "$(uci -q get glorytun.vpn.proto)" = "udp" ]; then
		uci -q batch <<-EOF >/dev/null
			set glorytun-udp.vpn.enable=1
			set glorytun.vpn.enable=0
			commit glorytun
		EOF
	fi
	uci -q commit glorytun-udp
fi

if [ "$(uci -q get network.tun0.mtu)" = "1200" ] || [ -z "$(uci -q get network.tun0.mtu)" ]; then
	uci -q batch <<-EOF >/dev/null
		set network.tun0=device
		set network.tun0.name='tun0'
		set network.tun0.mtu=1500
		commit network
	EOF
fi

# Set the default VPN
if [ "$(uci -q get openmptcprouter.settings.vpn)" = "" ]; then
	uci -q batch <<-EOF >/dev/null
		set openmptcprouter.settings.vpn='openvpn'
		set glorytun.vpn.enable='1'
		commit glorytun
		commit openmptcprouter
	EOF
fi

if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ] || [ -z "$(uci -q get openvpn.omr.disable_dco)" ] || [ -z "$(uci -q get openvpn.omr.ping_restart)" ] || [ -z "$(uci -q get openvpn.omr.tun_mtu)" ]; then
	uci -q batch <<-EOF >/dev/null
		set openvpn.omr=openvpn
		set openvpn.omr.dev=tun0
		set openvpn.omr.port=65301
		set openvpn.omr.cipher=AES-256-GCM
		set openvpn.omr.proto=tcp-client
		set openvpn.omr.auth_nocache=1
		set openvpn.omr.client=1
		set openvpn.omr.tls_client=1
		set openvpn.omr.reneg_sec=0
		set openvpn.omr.allow_recursive_routing=1
		set openvpn.omr.sndbuf=0
		set openvpn.omr.rcvbuf=0
		set openvpn.omr.route_delay=5
		set openvpn.omr.disable_dco=1
		set openvpn.omr.ping_restart=60
		set openvpn.omr.tun_mtu=1420
		delete openvpn.omr.secret
		delete openvpn.omr.ncp_disable=0
		commit openvpn
	EOF
fi
NBCPU=$(grep -c '^processor' /proc/cpuinfo | tr -d "\n")
if [ "$NBCPU" -gt 1 ] && [ -z "$(uci -q get openvpn.omr2)" ]; then
	[ "$NBCPU" -gt 4 ] && NBCPU=4
	for c in $(seq 2 $NBCPU); do
		uci -q batch <<-EOF >/dev/null
			set openvpn.omr$c=openvpn
			set openvpn.omr$c.dev=tun$((c-1))
			set openvpn.omr$c.port=65301
			set openvpn.omr$c.cipher=AES-256-GCM
			set openvpn.omr$c.proto=tcp-client
			set openvpn.omr$c.auth_nocache=1
			set openvpn.omr$c.client=1
			set openvpn.omr$c.tls_client=1
			set openvpn.omr$c.reneg_sec=0
			set openvpn.omr$c.allow_recursive_routing=1
			set openvpn.omr$c.sndbuf=0
			set openvpn.omr$c.rcvbuf=0
			set openvpn.omr$c.route_delay=5
			set openvpn.omr$c.disable_dco=1
			set openvpn.omr$c.ping_restart=60
			set openvpn.omr$c.tun_mtu=1420
		EOF
		[ -z "$(uci -q get firewall.zone_vpn.device | grep tun$((c-1)))" ] && add_list firewall.zone_vpn.device=tun$((c-1))

	done
	uci -q commit openvpn
	uci -q commit firewall
	uci set -q openmptcprouter.vps.get_config="1"
	uci -q set openmptcprouter.settings.openvpn_lb="0"
	uci -q commit openmptcprouter
fi


# This must not be enabled, this break everything
#if [ "$(uci -q get openvpn.omr.com_lzo)" = "" ]; then
#	uci -q batch <<-EOF >/dev/null
#		set openvpn.omr.comp_lzo=adaptive
#	EOF
#fi



rm -f /tmp/luci-indexcache
exit 0