mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-13 19:11:51 +00:00
Code Issues Releases Wiki Activity
openmptcprouter-feeds/openmptcprouter/files/etc/init.d/openmptcprouter-vps
Ycarus (Yannick Chabanois) 95565c6211 Fix pihole
2019-09-06 18:11:44 +02:00

773 lines
No EOL
27 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh /etc/rc.common
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# Released under GPL 3. See LICENSE for the full terms.
START=99
USE_PROCD=1
EXTRA_COMMANDS="set_pihole"
_parse_result() {
result=$("echo $1 | jsonfilter -q -e '@.result'")
echo $result
}
_login() {
local username password auth
server="$(uci -q get openmptcprouter.${servername}.ip)"
[ -z "$server" ] && server="$(uci -q get shadowsocks-libev.sss0.server)"
username="$(uci -q get openmptcprouter.${servername}.username)"
password="$(uci -q get openmptcprouter.${servername}.password)"
serverport="$(uci -q get openmptcprouter.${servername}.port)"
if [ -z "$token" ]; then
auth=`curl --max-time 10 -s -k -H "Content-Type: application/json" -X POST -d '{"username":"'$username'","password":"'$password'"}' https://$server:$serverport/login`
[ -z "$auth" ] && return
token="$(echo "$auth" | jsonfilter -q -e '@.token')"
uci -q set openmptcprouter.${servername}.token="$token"
fi
}
_get_json() {
local route result
route=$1
[ -z "$token" ] && _login
[ -n "$token" ] && {
result=`curl --max-time 10 -s -k -H "Authorization: Bearer $token" https://$server:$serverport/$route`
echo $result
} || {
echo ''
}
}
_set_json() {
local route result settings
route=$1
settings="$2"
[ -z "$token" ] && _login
[ -n "$token" ] && {
result=`curl --max-time 10 -s -k -H "Authorization: Bearer $token" -H "Content-Type: application/json" -X POST -d "$settings" https://$server:$serverport/$route`
echo $result
} || {
echo ''
}
}
_set_glorytun_vps() {
local enabled port key
enabled="$(uci -q get glorytun.vpn.enable)"
[ "$enabled" != "1" ] && echo "Glorytun disabled" && return
port="$(uci -q get glorytun.vpn.port)"
key="$(uci -q get glorytun.vpn.key)"
chacha="$(uci -q get glorytun.vpn.chacha20)"
if [ "$chacha" = "1" ]; then
chacha="true"
else
chacha="false"
fi
[ -z "$key" ] && echo "Glorytun key not set" && return
local current_port current_key current_chacha
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
current_port="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.port')"
current_key="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.key')"
current_chacha="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.chacha')"
if [ "$current_port" != "$port" ] || [ "$current_key" != "$key" ] || [ "$current_chacha" != "$chacha" ]; then
local settings
settings='{"port": '$port',"key":"'$key'", "chacha": "'$chacha'"}'
echo $(_set_json "glorytun" "$settings")
else
echo 1
fi
}
_set_openvpn_vps() {
local enabled port key
enabled="$(uci -q get openvpn.omr.enabled)"
[ "$enabled" != "1" ] && echo "OpenVPN disabled" && return
port="$(uci -q get openvpn.omr.port)"
keyfile="$(uci -q get openvpn.omr.secret)"
if [ -n "$keyfile" ]; then
key="$(cat $keyfile | base64)"
else
key=""
fi
[ -z "$key" ] && echo "OpenVPN key not set" && return
local current_port current_key
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
current_port="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.port')"
current_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.key')"
if [ "$current_port" != "$port" ] || [ "$current_key" != "$key" ]; then
local settings
settings='{"port": '$port',"key":"'$key'"}'
echo $(_set_json "openvpn" "$settings")
else
echo 1
fi
}
_get_ss_redir() {
config_get cf_ebpf $1 ebpf
[ "$cf_ebpf" = "1" ] && ebpf="true"
config_get cf_fast_open $1 fast_open
[ "$cf_fast_open" = "1" ] && fast_open="true"
config_get cf_no_delay $1 no_delay
[ "$cf_no_delay" = "1" ] && no_delay="true"
}
_get_ss_server() {
config_get cf_obfs $1 obfs
[ "$cf_obfs" = "1" ] && obfs="true"
config_get obfs_plugin $1 obfs_plugin
config_get obfs_type $1 obfs_type
}
_set_ss_server_vps() {
local disabled port key method
config_get disabled $1 disabled
[ "$disabled" = "1" ] && return
config_get port $1 server_port
#config_get server $1 server
config_get key $1 key
key="$(echo $key | sed 's/+/-/g; s/\//_/g;')"
[ -z "$key" ] && return
config_get method $1 method
local current_port current_key current_method
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
current_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.port')"
current_key="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.key')"
current_method="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.method')"
current_ebpf="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.ebpf')"
current_obfs="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs')"
current_obfs_plugin="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_plugin')"
current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
ebpf="false"
fast_open="false"
no_delay="false"
obfs="false"
obfs_plugin="v2ray"
obfs_type="http"
config_load shadowsocks-libev
config_foreach _get_ss_redir ss_redir
config_foreach _get_ss_server server
if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
local settings
settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
echo $(_set_json "shadowsocks" "$settings")
fi
}
_get_vps_config() {
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
vps_lastchange="$(echo "$vps_config" | jsonfilter -q -e '@.vps.lastchange')"
if [ -n "$(uci -q get openmptcprouter.${servername}.lastchange)" ] && [ -n "$vps_lastchange" ] && [ "$vps_lastchange" -gt "$(uci -q get openmptcprouter.${servername}.lastchange)" ]; then
_set_config_from_vps
fi
piholeomr="$(uci -q get openmptcprouter.${servername}.pihole)"
pihole="$(echo "$vps_config" | jsonfilter -q -e '@.pihole.state')"
if [ "$pihole" = "true" ] && [ "$piholeomr" != "1" ]; then
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.pihole='1'
commit openmptcprouter
EOF
elif [ "$pihole" = "false" ] && [ "$piholeomr" != "0" ]; then
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.pihole='0'
commit openmptcprouter
EOF
fi
vps_kernel="$(echo "$vps_config" | jsonfilter -q -e '@.vps.kernel')"
vps_machine="$(echo "$vps_config" | jsonfilter -q -e '@.vps.machine')"
vps_omr_version="$(echo "$vps_config" | jsonfilter -q -e '@.vps.omr_version')"
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.kernel=$vps_kernel
set openmptcprouter.${servername}.machine=$vps_machine
set openmptcprouter.${servername}.omr_version=$vps_omr_version
EOF
vpn="$(uci -q get openmptcprouter.settings.vpn)"
glorytun_state=0
glorytun_change=0
if [ "$vpn" = "glorytun_tcp" ]; then
glorytun_state=1
uci -q set glorytun.vpn.proto='tcp'
client_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.client_ip')"
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.host_ip')"
if [ "$client_ip" != "dhcp" ] && [ -n "$client_ip" ]; then
if [ "$host_ip" != "$(uci -q get glorytun.vpn.remoteip)" ] || [ "$client_ip" != "$(uci -q get glorytun.vpn.localip)" ]; then
uci -q batch <<-EOF >/dev/null
set glorytun.vpn.localip=$client_ip
set glorytun.vpn.remoteip=$host_ip
EOF
glorytun_change=1
fi
if [ "$(uci -q get network.omrvpn.proto)" != 'none' ]; then
uci -q batch <<-EOF >/dev/null
set network.omrvpn.proto='none'
commit network
EOF
glorytun_change=1
fi
else
if [ "$(uci -q get glorytun.vpn.remoteip)" != "" ] || [ "$(uci -q get glorytun.vpn.localip)" != "" ]; then
uci -q batch <<-EOF >/dev/null
delete glorytun.vpn.localip
delete glorytun.vpn.remoteip
EOF
glorytun_change=1
fi
if [ "$(uci -q get network.omrvpn.proto)" != 'dhcp' ]; then
uci -q batch <<-EOF >/dev/null
set network.omrvpn.proto='dhcp'
commit network
EOF
glorytun_change=1
fi
fi
fi
if [ "$vpn" = "glorytun_udp" ]; then
glorytun_state=1
uci -q set glorytun.vpn.proto='udp'
client_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.client_ip')"
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.host_ip')"
if [ "$client_ip" != "dhcp" ] && [ -n "$client_ip" ]; then
if [ "$host_ip" != "$(uci -q get glorytun.vpn.remoteip)" ] || [ "$client_ip" != "$(uci -q get glorytun.vpn.localip)" ]; then
uci -q batch <<-EOF >/dev/null
set glorytun.vpn.localip=$client_ip
set glorytun.vpn.remoteip=$host_ip
EOF
glorytun_change=1
fi
if [ "$(uci -q get network.omrvpn.proto)" = "dhcp" ]; then
uci -q batch <<-EOF >/dev/null
set network.omrvpn.proto='none'
commit network
EOF
glorytun_change=1
fi
else
if [ "$(uci -q get glorytun.vpn.remoteip)" != "" ] || [ "$(uci -q get glorytun.vpn.localip)" != "" ]; then
uci -q batch <<-EOF >/dev/null
delete glorytun.vpn.localip
delete glorytun.vpn.remoteip
EOF
glorytun_change=1
fi
if [ "$(uci -q get network.omrvpn.proto)" != "dhcp" ]; then
uci -q batch <<-EOF >/dev/null
set network.omrvpn.proto='dhcp'
commit network
EOF
glorytun_change=1
fi
fi
fi
if [ "$glorytun_change" != "0" ]; then
logger -t "OMR-VPS" "Restart glorytun..."
uci -q batch <<-EOF >/dev/null
commit glorytun
EOF
/etc/init.d/glorytun restart >/dev/null 2>&1
/etc/init.d/glorytun-udp restart >/dev/null 2>&1
fi
}
_set_pihole() {
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
vpn="$(uci -q get openmptcprouter.settings.vpn)"
piholeomr="$(uci -q get openmptcprouter.${servername}.pihole)"
pihole="$(echo "$vps_config" | jsonfilter -q -e '@.pihole.state')"
if [ "$pihole" = "true" ] && [ "$piholeomr" != "1" ]; then
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.pihole='1'
commit openmptcprouter
EOF
elif [ "$pihole" = "false" ] && [ "$piholeomr" != "0" ]; then
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.pihole='0'
commit openmptcprouter
EOF
fi
if [ "$vpn" = "glorytun_tcp" ]; then
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.tcp.host_ip')"
if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then
uci -q batch <<-EOF >/dev/null
delete dhcp.@dnsmasq[0].server
add_list dhcp.@dnsmasq[0].server="$host_ip#53"
set dhcp.@dnsmasq[0].rebind_protection='0'
commit dhcp
EOF
logger -t "OMR-VPS" "Restart dnsmasq..."
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
fi
if [ "$vpn" = "glorytun_udp" ]; then
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.udp.host_ip')"
if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then
uci -q batch <<-EOF >/dev/null
delete dhcp.@dnsmasq[0].server
add_list dhcp.@dnsmasq[0].server="$host_ip#53"
set dhcp.@dnsmasq[0].rebind_protection='0'
commit dhcp
EOF
logger -t "OMR-VPS" "Restart dnsmasq..."
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
fi
if [ "$vpn" = "openvpn" ]; then
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.host_ip')"
if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then
uci -q batch <<-EOF >/dev/null
delete dhcp.@dnsmasq[0].server
add_list dhcp.@dnsmasq[0].server="$host_ip#53"
set dhcp.@dnsmasq[0].rebind_protection='0'
commit dhcp
EOF
logger -t "OMR-VPS" "Restart dnsmasq..."
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
fi
if [ "$vpn" = "mlvpn" ]; then
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.mlvpn.host_ip')"
if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then
uci -q batch <<-EOF >/dev/null
delete dhcp.@dnsmasq[0].server
add_list dhcp.@dnsmasq[0].server="$host_ip#53"
set dhcp.@dnsmasq[0].rebind_protection='0'
commit dhcp
EOF
logger -t "OMR-VPS" "Restart dnsmasq..."
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
fi
if [ "$vpn" = "dsvpn" ]; then
host_ip="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.host_ip')"
if [ "$pihole" = "true" ] && [ "$(uci -q get dhcp.@dnsmasq[0].server)" != "$host_ip#53" ]; then
uci -q batch <<-EOF >/dev/null
delete dhcp.@dnsmasq[0].server
add_list dhcp.@dnsmasq[0].server="$host_ip#53"
set dhcp.@dnsmasq[0].rebind_protection='0'
commit dhcp
EOF
logger -t "OMR-VPS" "Restart dnsmasq..."
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
fi
}
_set_redirect_ports_from_vps() {
redirect_ports=$1
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
redirect_ports_current="$(echo "$vps_config" | jsonfilter -q -e '@.shorewall.redirect_ports')"
[ "$redirect_ports" = "1" ] && redirect_ports_request="enable"
[ "$redirect_ports" = "0" ] && redirect_ports_request="disable"
if [ "$redirect_ports_request" != "$redirect_ports_current" ]; then
settings='{"redirect_ports": "'$redirect_ports_request'"}'
echo $(_set_json "shorewall" "$settings")
else
echo 1
fi
}
_set_mptcp_vps() {
local settings
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
mptcp_enabled_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.enabled')"
checksum_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.checksum')"
path_manager_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')"
scheduler_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')"
syn_retries_current="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.syn_retries')"
congestion_control_current="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
mptcp_enabled="$(uci -q get network.globals.multipath)"
if [ "$mptcp_enabled" = "disable" ]; then
mptcp_enabled="0"
else
mptcp_enabled="1"
fi
checksum="$(uci -q get network.globals.mptcp_checksum)"
path_manager="$(uci -q get network.globals.mptcp_path_manager)"
scheduler="$(uci -q get network.globals.mptcp_scheduler)"
syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
congestion="$(uci -q get network.globals.congestion)"
[ -z "$congestion" ] && congestion="bbr"
if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
echo $(_set_json "mptcp" "$settings")
else
echo 1
fi
}
_set_vpn_vps() {
local settings
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
vpn_current="$(echo "$vps_config" | jsonfilter -q -e '@.vps.current')"
vpn="$(uci -q get openmptcprouter.settings.vpn)"
if [ "$vpn_current" != "$vpn" ]; then
settings='{"vpn" : "'$vpn'"}'
echo $(_set_json "vpn" "$settings")
else
echo 1
fi
}
_get_local_wan_ip() {
wanip="$(uci -q get openmptcprouter.$1.publicip)"
[ -n "$wanip" ] && {
[ -z "$wanips" ] && wanips=$wanip || wanips="$wanips"'\n'"$wanip"
}
}
_set_wan_ip() {
local settings
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
wanip_current="$(echo "$vps_config" | jsonfilter -q -e '@.wan.ips')"
if [ -n "$wanips" ] && [ "$wanip_current" != "$wanips" ]; then
settings='{"ips" : "'$wanips'"}'
result=$(_set_json "wan" "$settings")
#echo $(_set_json "wan" "$settings")
#else
# echo 1
fi
}
_set_ss_redir() {
local option=$2
local value=$3
if [ "$value" = "true" ]; then
value=1
elif [ "$value" = "false" ]; then
value=0
fi
uci -q set shadowsocks-libev.$1.$option=$value
}
_set_config_from_vps() {
local shadowsocks_disabled vpn glorytun_state redirect shorewall_redirect mlvpn_key openvpn_key dsvpn_key
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -z "$vps_config" ] && return
# Set current VPN
current_vpn="$(uci -q get openmptcprouter.settings.vpn)"
if [ -z "$current_vpn" ] || [ -n "$vps_lastchange" ]; then
current_vpn="$(echo "$vps_config" | jsonfilter -q -e '@.vpn.current')"
if [ -n "$current_vpn" ]; then
uci -q batch <<-EOF >/dev/null
set openmptcprouter.settings.vpn=${current_vpn}
commit openmptcprouter
EOF
fi
fi
# Shadowsocks settings
shadowsocks_disabled="$(uci -q get openmptcprouter.settings.shadowsocks_disable)"
[ -z "$shadowsocks_disabled" ] && shadowsocks_disabled=0
ss_key="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.key')"
ss_key="$(echo $ss_key | sed 's/-/+/g; s/_/\//g;')"
if [ -n "$ss_key" ] && [ "$ss_key" != "$(uci -q get shadowsocks-libev.sss0.key)" ]; then
ss_method="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.method')"
ss_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.port')"
ss_ebpf="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.ebpf')"
if [ "$ss_ebpf" = "true" ] && [ "$ss_method" = "none" ]; then
ss_ebpf=1
else
ss_ebpf=0
fi
[ -z "$ss_port" ] && ss_port=65101
ss_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
ss_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
ss_obfs="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs')"
ss_obfs_plugin="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_plugin')"
ss_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
ss_obfs_host="$(echo "$vps_config" | jsonfilter -q -e '@.network.domain')"
#ss_reuse_port="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.reuse_port')"
config_load shadowsocks-libev
config_foreach _set_ss_redir ss_redir "no_delay" $ss_no_delay
config_foreach _set_ss_redir ss_redir "fast_open" $ss_fast_open
config_foreach _set_ss_redir ss_redir "ebpf" $ss_ebpf
config_foreach _set_ss_redir ss_local "no_delay" $ss_no_delay
config_foreach _set_ss_redir ss_local "fast_open" $ss_fast_open
config_foreach _set_ss_redir ss_local "ebpf" $ss_ebpf
uci -q batch <<-EOF >/dev/null
set shadowsocks-libev.sss0.key=$ss_key
set shadowsocks-libev.sss0.server_port=$ss_port
set shadowsocks-libev.sss0.method=$ss_method
set shadowsocks-libev.sss0.disabled=$shadowsocks_disabled
set shadowsocks-libev.sss0.obfs=$ss_obfs
set shadowsocks-libev.sss0.obfs_plugin=$ss_obfs_plugin
set shadowsocks-libev.sss0.obfs_type=$ss_obfs_type
set shadowsocks-libev.sss0.obfs_host=$ss_obfs_host
commit shadowsocks-libev
EOF
logger -t "OMR-VPS" "Shadowsocks restart..."
/etc/init.d/shadowsocks-libev restart >/dev/null 2>&1
fi
# Glorytun settings
glorytun_key="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.key')"
if [ -n "$glorytun_key" ] && [ "$glorytun_key" != "$(uci -q get glorytun.vpn.key)" ]; then
vpn="$(uci -q get openmptcprouter.settings.vpn)"
glorytun_state=0
if [ "$vpn" = "glorytun_tcp" ]; then
glorytun_state=1
fi
if [ "$vpn" = "glorytun_udp" ]; then
glorytun_state=1
fi
glorytun_port="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.port')"
[ -z "$glorytun_port" ] && glorytun_port="65001"
glorytun_chacha="$(echo "$vps_config" | jsonfilter -q -e '@.glorytun.chacha')"
[ -z "$glorytun_chacha" ] || [ "$glorytun_chacha" = "true" ] && glorytun_chacha=1
[ "$glorytun_chacha" = "false" ] && glorytun_chacha=0
uci -q batch <<-EOF >/dev/null
set glorytun.vpn.port=$glorytun_port
set glorytun.vpn.key=$glorytun_key
set glorytun.vpn.enable=$glorytun_state
set glorytun.vpn.chacha20=$glorytun_chacha
commit glorytun
EOF
logger -t "OMR-VPS" "Glorytun restart..."
/etc/init.d/glorytun restart >/dev/null 2>&1
/etc/init.d/glorytun-udp restart >/dev/null 2>&1
fi
# OpenVPN settings
openvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.key')"
[ -n "$openvpn_key" ] && {
echo $openvpn_key | base64 -d > /etc/luci-uploads/openvpn.key
openvpn_port="$(echo "$vps_config" | jsonfilter -q -e '@.openvpn.port')"
[ -z "$openvpn_port" ] && openvpn_port="65001"
vpn="$(uci -q get openmptcprouter.settings.vpn)"
openvpn_state=0
if [ "$vpn" = "openvpn" ]; then
openvpn_state=1
fi
uci -q batch <<-EOF >/dev/null
set openvpn.omr.port=$openvpn_port
set openvpn.omr.secret="/etc/luci-uploads/openvpn.key"
set openvpn.omr.enabled=$openvpn_state
commit openvpn
EOF
logger -t "OMR-VPS" "OpenVPN restart..."
/etc/init.d/openvpn restart
}
# MLVPN settings
mlvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.mlvpn.key')"
if [ -n "$mlvpn_key" ] && [ "$mlvpn_key" != "$(uci -q get mlvpn.general.password)" ]; then
vpn="$(uci -q get openmptcprouter.settings.vpn)"
mlvpn_state=0
if [ "$vpn" = "mlvpn" ]; then
mlvpn_state=1
fi
uci -q batch <<-EOF >/dev/null
set mlvpn.general.password=$mlvpn_key
set mlvpn.general.enable=$mlvpn_state
commit mlvpn
EOF
logger -t "OMR-VPS" "MLVPN restart..."
/etc/init.d/mlvpn restart
fi
# DSVPN settings
dsvpn_key="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.key')"
if [ -n "$dsvpn_key" ] && [ "$dsvpn_key" != "$(uci -q get dsvpn.vpn.key)" ]; then
dsvpn_state=0
if [ "$vpn" = "dsvpn" ]; then
dsvpn_state=1
fi
uci -q batch <<-EOF >/dev/null
set dsvpn.vpn.key=$dsvpn_key
set dsvpn.vpn.enable=$dsvpn_state
commit dsvpn
EOF
logger -t "OMR-VPS" "DSVPN restart..."
/etc/init.d/dsvpn restart
fi
# Shorewall settings
shorewall_redirect="$(echo "$vps_config" | jsonfilter -q -e '@.shorewall.redirect_ports')"
[ "$shorewall_redirect" = "enable" ] && redirect="1"
[ "$shorewall_redirect" = "disable" ] && redirect="0"
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.redirect_ports=$redirect
EOF
# MPTCP settings
mptcp_path_manager="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.path_manager')"
mptcp_scheduler="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.scheduler')"
mptcp_checksum="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.checksum')"
mptcp_syn_retries="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.syn_retries')"
mptcp_enabled="$(echo "$vps_config" | jsonfilter -q -e '@.mptcp.enabled')"
if [ "$mptcp_enabled" = "0" ]; then
mptcp_enabled="disable"
else
mptcp_enabled="enable"
fi
congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
uci -q batch <<-EOF >/dev/null
set network.globals.multipath=$mptcp_enabled
set network.globals.mptcp_path_manager=$mptcp_path_manager
set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_checksum=$mptcp_checksum
set network.globals.mptcp_syn_retries=$mptcp_syn_retries
set network.globals.congestion=$congestion
commit network
EOF
# Check if server get an IPv6, if not disable IPv6 on OMR
vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"
if [ -z "$vps_ipv6_addr" ]; then
if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ]; then
logger -t "OMR-VPS" "No IPv6 support on VPS side. IPv6 disabled."
fi
uci -q batch <<-EOF >/dev/null
set openmptcprouter.settings.disable_ipv6=1
EOF
sysctl -qw net.ipv6.conf.all.disable_ipv6=1
fi
# Get VPS iperf config
iperf_user="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.user')"
iperf_pass="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.password')"
iperf_key="$(echo "$vps_config" | jsonfilter -q -e '@.iperf.key')"
uci -q batch <<-EOF >/dev/null
del iperf.${servername}
set iperf.${servername}=server
set iperf.${servername}.host=$server
set iperf.${servername}.ports=65400
set iperf.${servername}.ipv4=1
set iperf.${servername}.ipv6=0
set iperf.${servername}.speed=1000
set iperf.${servername}.tcp=1
set iperf.${servername}.udp=1
set iperf.${servername}.user=$iperf_user
set iperf.${servername}.password=$iperf_pass
set iperf.${servername}.key="$iperf_key"
commit iperf
EOF
# Get available server
available_vpn="$(echo "$vps_config" | jsonfilter -q -e '@.vpn.available' | sed -e 's/\[ //' -e 's/ \]//' -e 's/,//g')"
uci -q batch <<-EOF >/dev/null
del openmptcprouter.${servername}.available_vpn
EOF
if [ -n "$available_vpn" ]; then
for vpn in $available_vpn; do
uci -q batch <<-EOF >/dev/null
add_list openmptcprouter.${servername}.available_vpn=$vpn
EOF
done
fi
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.get_config=0
commit openmptcprouter
EOF
}
_count_server() {
local servername=$1
[ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return
[ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return
[ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return
serversnb=$((serversnb+1))
}
_config_service() {
servername=$1
[ -z "$(uci -q get openmptcprouter.${servername}.username)" ] && return
[ -z "$(uci -q get openmptcprouter.${servername}.password)" ] && return
[ -z "$(uci -q get openmptcprouter.${servername}.port)" ] && return
token=""
vps_config=""
_login
[ -z "$token" ] && {
logger -t "OMR-VPS" "Can't get token, try later"
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.admin_error=1
EOF
return
}
error=0
[ "$(uci -q get openmptcprouter.${servername}.get_config)" = "1" ] && {
_set_config_from_vps
}
_get_vps_config
if [ "$(uci -q get openmptcprouter.settings.firstboot)" != "0" ] && [ -n "$(cat /proc/cpuinfo | grep aes)" ]; then
[ -z "$vps_config" ] && vps_config=$(_get_json "config")
[ -n "$vps_config" ] && {
vps_aes="$(echo "$vps_config" | jsonfilter -q -e '@.vps.aes')"
if [ "$vps_aes" != "false" ]; then
logger -t "OMR-VPS" "CPU support AES, set it by default"
uci -q batch <<-EOF >/dev/null
set glorytun.vpn.chacha20=0
commit glorytun
set shadowsocks-libev.sss0.method=aes-256-gcm
commit shadowsocks-libev
EOF
fi
}
fi
uci -q set openmptcprouter.settings.firstboot=0
config_load shadowsocks-libev
config_foreach _set_ss_server_vps server
[ -z "$(_set_glorytun_vps)" ] && error=1
[ -z "$(_set_openvpn_vps)" ] && error=1
redirect_port="0"
if [ "$(uci -q get openmptcprouter.${servername}.redirect_ports)" = "1" ] || [ "$(uci -q get upnpd.config.enabled)" = "1" ]; then
redirect_port="1"
fi
[ -z "$(_set_redirect_ports_from_vps $redirect_port)" ] && error=1
[ -z "$(_set_mptcp_vps)" ] && error=1
[ -z "$(_set_vpn_vps)" ] && error=1
#_set_pihole
[ -n "$wanips" ] && _set_wan_ip
[ "$error" = 0 ] && uci -q set openmptcprouter.${servername}.lastchange=$(date "+%s")
uci -q batch <<-EOF >/dev/null
set openmptcprouter.${servername}.admin_error=$error
EOF
}
_set_pihole_server() {
servername=$1
_set_pihole $servername
}
set_pihole() {
config_load openmptcprouter
config_foreach _set_pihole_server server
}
start_service() {
serversnb=0
wanips=""
config_load openmptcprouter
config_foreach _count_server server
config_foreach _get_local_wan_ip interface
config_foreach _config_service server
uci -q batch <<-EOF >/dev/null
commit openmptcprouter
EOF
}
service_triggers() {
procd_add_reload_trigger openmptcprouter shadowsocks-libev glorytun mlvpn openvpn network upnpd dsvpn
#procd_add_reload_trigger openmptcprouter shadowsocks-libev network upnpd
}
Reference in a new issue View git blame Copy permalink