mptcp/openmptcprouter-vps-admin
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-vps-admin.git synced 2025-02-12 10:31:52 +00:00
Code Issues Releases Wiki Activity
openmptcprouter-vps-admin/omr-admin.py

3279 lines
167 KiB
Python
Raw Normal View History

Add shorewall settings change
2018-11-08 17:05:34 +00:00
#!/usr/bin/env python3
Fix client2client IPs
2020-03-05 14:02:20 +00:00
#
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
Add license info and add a message when result is done
2018-11-16 13:14:08 +00:00
#
# This is free software, licensed under the GNU General Public License v3.0.
# See /LICENSE for more information.
#
Add shorewall settings change
2018-11-08 17:05:34 +00:00
Initial commit
2018-11-08 12:55:20 +00:00
import json
import base64
Add, remove and list users
2019-12-27 20:42:47 +00:00
import secrets
Initial commit
2018-11-08 12:55:20 +00:00
import uuid
import configparser
Fix arguments and change TLS setting
2021-02-25 09:44:34 +00:00
import argparse
Add MPTCP support
2018-11-14 16:34:13 +00:00
import subprocess
Add shorewall settings change
2018-11-08 17:05:34 +00:00
import os
fix adding new user
2020-01-06 20:18:29 +00:00
import sys
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
import glob
Add VPS hostname to status info
2019-07-13 05:30:58 +00:00
import socket
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
from operator import itemgetter, attrgetter
Fix https://github.com/Ysurac/openmptcprouter/issues/229
2018-11-29 21:43:02 +00:00
import re
Only restart app after changes
2019-06-02 21:11:58 +00:00
import hashlib
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
import pathlib
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
import shutil
Fix v2ray stats
2020-09-11 18:58:38 +00:00
import psutil
Import time
2019-08-30 05:52:59 +00:00
import time
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
import uuid
Fix and better code
2020-03-03 12:49:23 +00:00
from pprint import pprint
from datetime import datetime, timedelta
from tempfile import mkstemp
from typing import List, Optional
from shutil import move
from enum import Enum
Add v2ray support
2020-08-10 18:49:47 +00:00
from os import path
Fix and better code
2020-03-03 12:49:23 +00:00
import logging
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
import uvicorn
import jwt
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
import requests
Fix script
2019-12-20 15:19:07 +00:00
from jwt import PyJWTError
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
from netaddr import *
Add MPTCP check support
2021-04-14 19:10:24 +00:00
from ipaddress import ip_address, IPv4Address, IPv6Address
Add backup modify via API
2019-10-10 19:13:14 +00:00
from netjsonconfig import OpenWrt
Add upload speedtest and replace deprecated regex by pattern
2023-08-07 17:18:44 +00:00
from fastapi import Depends, FastAPI, HTTPException, Security, Query, Request, UploadFile
Fix and better code
2020-03-03 12:49:23 +00:00
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm, SecurityScopes, OAuth2
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
from passlib.context import CryptContext
Fix and better code
2020-03-03 12:49:23 +00:00
from fastapi.encoders import jsonable_encoder
from fastapi.security.base import SecurityBase
from fastapi.security.utils import get_authorization_scheme_param
from fastapi.openapi.docs import get_swagger_ui_html
from fastapi.openapi.models import OAuthFlows as OAuthFlowsModel
from fastapi.openapi.utils import get_openapi
from fastapi.openapi.models import SecurityBase as SecurityBaseModel
Use GRE tunnel for multiples IPs
2021-03-25 08:25:00 +00:00
from fastapi.responses import StreamingResponse, FileResponse
Fix client2client IPs
2020-03-05 14:02:20 +00:00
from pydantic import BaseModel, ValidationError # pylint: disable=E0611
Fix and better code
2020-03-03 12:49:23 +00:00
from starlette.status import HTTP_403_FORBIDDEN
from starlette.responses import RedirectResponse, Response, JSONResponse
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
#from starlette.requests import Request
import netifaces
Initial commit
2018-11-08 12:55:20 +00:00
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
#logging.basicConfig(filename='/tmp/omr-admin.log', encoding='utf-8', level=logging.DEBUG)
Fix and better code
2020-03-03 12:49:23 +00:00
LOG = logging.getLogger('api')
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
LOG.setLevel(logging.ERROR)
#LOG.setLevel(logging.DEBUG)
Initial commit
2018-11-08 12:55:20 +00:00
# Generate a random secret key
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
SECRET_KEY = uuid.uuid4().hex
JWT_SECRET_KEY = uuid.uuid4().hex
PERMANENT_SESSION_LIFETIME = timedelta(hours=24)
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
ACCESS_TOKEN_EXPIRE_MINUTES = 1440
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
ALGORITHM = "HS256"
Initial commit
2018-11-08 12:55:20 +00:00
# Get main net interface
Fix and better code
2020-03-03 12:49:23 +00:00
FILE = open('/etc/shorewall/params.net', "r")
READ = FILE.read()
IFACE = None
for line in READ.splitlines():
Initial commit
2018-11-08 12:55:20 +00:00
if 'NET_IFACE=' in line:
Fix and better code
2020-03-03 12:49:23 +00:00
IFACE = line.split('=', 1)[1]
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
FILE.close()
# Get ipv6 net interface
FILE = open('/etc/shorewall6/params.net', "r")
READ = FILE.read()
IFACE6 = None
for line in READ.splitlines():
if 'NET_IFACE=' in line:
IFACE6 = line.split('=', 1)[1]
FILE.close()
Initial commit
2018-11-08 12:55:20 +00:00
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
def delete_oldest_files(path, keep = 10):
files = glob.glob(path)
fileData = {}
for fname in files:
fileData[fname] = os.stat(fname).st_mtime
sorted_files = sorted(fileData.items(), key = itemgetter(1))
if len(sorted_files) > keep:
delete = len(sorted_files) - keep
for x in range(0, delete):
os.remove(sorted_files[x][0])
def backup_config():
shutil.copy2('/etc/openmptcprouter-vps-admin/omr-admin-config.json','/etc/openmptcprouter-vps-admin/omr-admin-config.json.' + str(int(time.time())))
delete_oldest_files('/etc/openmptcprouter-vps-admin/omr-admin-config.json.*')
Initial commit
2018-11-08 12:55:20 +00:00
# Get interface rx/tx
def get_bytes(t, iface='eth0'):
Add v2ray support
2020-08-10 18:49:47 +00:00
if path.exists('/sys/class/net/' + iface + '/statistics/' + t + '_bytes'):
with open('/sys/class/net/' + iface + '/statistics/' + t + '_bytes', 'r') as f:
data = f.read()
return int(data)
return 0
Initial commit
2018-11-08 12:55:20 +00:00
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
def get_bytes_openvpn(user):
try:
ovpn_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ovpn_socket.settimeout(2)
ovpn_socket.connect(("127.0.0.1", 65302))
fd = ovpn_socket.makefile('rb')
line = fd.readline()
if not line.startswith('>INFO:OpenVPN'.encode()):
ovpn_socket.close()
LOG.debug("OpenVPN error")
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
ovpn_socket.send('status\r\n'.encode())
ovpn_stats = []
while True:
line = fd.readline()
ovpn_stats.append(line.decode())
if line.strip() == 'END'.encode():
break
ovpn_socket.close()
except socket.timeout as err:
LOG.debug("OpenVPN stats timeout (" + str(err) + ")")
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
except socket.error as err:
LOG.debug("OpenVPN stats error (" + str(err) + ")")
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
for data in ovpn_stats:
if user in data:
stats = data.split(',')
return { 'downlinkBytes': stats[2], 'uplinkBytes': stats[3] }
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
def get_bytes_ss(port):
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
try:
ss_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
ss_socket.settimeout(1)
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
ss_socket.sendto('ping'.encode(), ("127.0.0.1", 8839))
ss_recv = ss_socket.recv(1024)
except socket.timeout as err:
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
LOG.debug("Shadowsocks stats timeout (" + str(err) + ")")
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
return 0
except socket.error as err:
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
LOG.debug("Shadowsocks stats error (" + str(err) + ")")
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
return 0
Fix and better code
2020-03-03 12:49:23 +00:00
json_txt = ss_recv.decode("utf-8").replace('stat: ', '')
result = json.loads(json_txt)
Fix client2client
2020-01-17 20:32:48 +00:00
if str(port) in result:
return result[str(port)]
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
return 0
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
def get_bytes_ss_go(user):
try:
r = requests.get(url="http://127.0.0.1:65279/v1/servers/ss-2022/users/" + user)
except requests.exceptions.Timeout:
LOG.debug("Shadowsocks go stats timeout")
Really fix https://github.com/Ysurac/openmptcprouter/issues/3018
2023-11-05 06:35:41 +00:00
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
except requests.exceptions.RequestException as err:
LOG.debug("Shadowsocks go stats error (" + str(err) + ")")
Really fix https://github.com/Ysurac/openmptcprouter/issues/3018
2023-11-05 06:35:41 +00:00
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
if 'error' in r.json():
return { 'downlinkBytes': 0, 'uplinkBytes': 0 }
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
return r.json()
Add v2ray support
2020-08-10 18:49:47 +00:00
def get_bytes_v2ray(t,user):
if t == "tx":
side="downlink"
else:
side="uplink"
Fix v2ray stats
2020-09-11 18:58:38 +00:00
try:
Fix V2Ray traffic stats
2023-09-11 08:53:52 +00:00
data = subprocess.check_output('/usr/bin/v2ray api stats --server=127.0.0.1:10085 -json ' + "'" + 'user>>>' + user + '>>>traffic>>>' + side + "'" + ' 2>/dev/null | jq -r .stat[0].value | tr -d " " | tr -d "\n"', shell = True)
Fix V2Ray stats
2023-08-28 08:16:20 +00:00
#data = subprocess.check_output('/usr/bin/v2ctl api --server=127.0.0.1:10085 StatsService.GetStats ' + "'" + 'name: "user>>>' + user + '>>>traffic>>>' + side + '"' + "'" + ' 2>/dev/null | grep value | cut -d: -f2 | tr -d " "', shell = True)
Fix v2ray stats
2020-09-11 18:58:38 +00:00
except:
return 0
Fix V2Ray traffic stats
2023-09-11 08:53:52 +00:00
if data.decode("utf-8") != '' and data.decode("utf-8") != 'null':
try:
return int(data.decode("utf-8"))
except ValueError:
return 0
Get v2ray traffic and proxy choice support
2020-08-20 18:31:29 +00:00
else:
return 0
Add v2ray support
2020-08-10 18:49:47 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def get_bytes_xray(t,user):
if t == "tx":
side="downlink"
else:
side="uplink"
try:
Fix Xray traffic stats
2023-09-29 12:25:09 +00:00
data = subprocess.check_output('/usr/bin/xray api stats --server=127.0.0.1:10086 -name ' + "'" + 'user>>>' + user + '>>>traffic>>>' + side + "'" + ' 2>/dev/null | jq -r .stat.value | tr -d " " | tr -d "\n"', shell = True)
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
except:
return 0
if data.decode("utf-8") != '' and data.decode("utf-8") != 'null':
try:
return int(data.decode("utf-8"))
except ValueError:
return 0
else:
return 0
Fix v2ray stats
2020-09-11 18:58:38 +00:00
def checkIfProcessRunning(processName):
for proc in psutil.process_iter():
try:
if processName.lower() in proc.name().lower():
return True
except (psutil.NoSuchProcess, psutil.AccessDenied, psutil.ZombieProcess):
pass
return False;
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
def file_as_bytes(file):
with file:
return file.read()
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
def get_username_from_userid(userid):
if userid == 0:
return 'openmptcprouter'
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
try:
data = json.loads(content)
except ValueError as e:
return {'error': 'Config file not readable', 'route': 'get_username'}
Fix user from userid
2020-12-02 08:22:17 +00:00
for user in data['users'][0]:
Fix check userid
2020-12-04 19:05:35 +00:00
if 'userid' in data['users'][0][user] and int(data['users'][0][user]['userid']) == userid:
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
return user
return ''
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
def check_username_serial(username, serial):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
try:
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
configdata = json.loads(content)
data = configdata
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
except ValueError as e:
return {'error': 'Config file not readable', 'route': 'check_serial'}
Fix user from userid
2020-12-02 08:22:17 +00:00
if 'serial_enforce' not in data or data['serial_enforce'] == False:
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
return True
Fix user from userid
2020-12-02 08:22:17 +00:00
if 'serial' not in data['users'][0][username]:
data['users'][0][username]['serial'] = serial
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
if data:
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
return True
Fix user from userid
2020-12-02 08:22:17 +00:00
if data['users'][0][username]['serial'] == serial:
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
return True
Fix user from userid
2020-12-02 08:22:17 +00:00
if 'serial_error' not in data['users'][0][username]:
Add OpenVPN bonding support
2020-12-11 20:40:39 +00:00
data['users'][0][username]['serial_error'] = 1
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
else:
Fix check userid
2020-12-04 19:05:35 +00:00
data['users'][0][username]['serial_error'] = int(data['users'][0][username]['serial_error']) + 1
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
backup_config()
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
return False
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
def set_global_param(key, value):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
try:
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
configdata = json.loads(content)
data = configdata
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
except ValueError as e:
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
LOG.debug("Can't read file for set_global_param")
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
return {'error': 'Config file not readable', 'route': 'global_param'}
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
if not key in data or data[key] != value:
data[key] = value
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
backup_config()
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
Fix and add log
2021-02-05 14:28:56 +00:00
else:
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
LOG.debug("Already exist data for set_global_param key:" + key)
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
def modif_config_user(user, changes):
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f)
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
content['users'][0][user].update(changes)
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
backup_config()
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as f:
json.dump(content, f, indent=4)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
def add_ss_user(port, key, userid=0, ip=''):
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
with open('/etc/shadowsocks-libev/manager.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
data = json.loads(content)
if ip == '' and 'port_key' in data:
Fix adduser
2020-08-21 17:50:34 +00:00
if port is None or port == '' or port == 0 or port == 'None':
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
port = int(max(data['port_key'], key=int)) + 1
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
data['port_key'][str(port)] = key
else:
Fix
2020-07-16 08:46:49 +00:00
if 'port_conf' not in data:
data['port_conf'] = {}
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
if 'port_key' in data:
for old_port in data['port_key']:
data['port_conf'][old_port] = {'key': data['port_key'][old_port]}
del data['port_key']
Fix adduser
2020-08-21 17:50:34 +00:00
if port == '' or port == "None" or port is None or port == 0:
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
port = int(max(data['port_conf'], key=int)) + 1
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
if ip != '':
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
data['port_conf'][str(port)] = {'key': key, 'local_address': ip, 'userid': userid}
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
else:
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
data['port_conf'][str(port)] = {'key': key, 'userid': userid}
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
with open('/etc/shadowsocks-libev/manager.json', 'w') as f:
json.dump(data, f, indent=4)
try:
ss_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
if ip != '':
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
data = 'add: {"server_port": ' + str(port) + ', "key": "' + key + '", "local_addr": "' + ip + '"}'
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
else:
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
data = 'add: {"server_port": ' + str(port) + ', "key": "' + key + '"}'
ss_socket.settimeout(1)
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
ss_socket.sendto(data.encode(), ("127.0.0.1", 8839))
except socket.timeout as err:
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
LOG.debug("Shadowsocks add timeout (" + str(err) + ")")
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
except socket.error as err:
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
LOG.debug("Shadowsocks add error (" + str(err) + ")")
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
return port
def remove_ss_user(port):
with open('/etc/shadowsocks-libev/manager.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
data = json.loads(content)
if 'port_key' in data:
Fix error when API try to remove a port that doesn't exist in Shadowsocks
2023-10-13 09:44:17 +00:00
if str(port) in data['port_key']:
del data['port_key'][str(port)]
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
else:
Fix error when API try to remove a port that doesn't exist in Shadowsocks
2023-10-13 09:44:17 +00:00
if str(port) in data['port_conf']:
del data['port_conf'][str(port)]
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
with open('/etc/shadowsocks-libev/manager.json', 'w') as f:
json.dump(data, f, indent=4)
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
try:
ss_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
data = 'remove: {"server_port": ' + str(port) + '}'
ss_socket.settimeout(1)
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
ss_socket.sendto(data.encode(), ("127.0.0.1", 8839))
except socket.timeout as err:
LOG.debug("Shadowsocks remove timeout (" + str(err) + ")")
except socket.error as err:
LOG.debug("Shadowsocks remove error (" + str(err) + ")")
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def add_ss_go_user(user, key=''):
try:
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
r = requests.post(url="http://127.0.0.1:65279/v1/servers/ss-2022/users", data= {'username': user,'uPSK': key})
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
except requests.exceptions.Timeout:
LOG.debug("Shadowsocks go add timeout")
except requests.exceptions.RequestException as err:
LOG.debug("Shadowsocks go add error (" + str(err) + ")")
return key
def remove_ss_go_user(user):
try:
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
r = requests.delete(url="http://127.0.0.1:65279/v1/servers/ss-2022/users/" + user)
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
except requests.exceptions.Timeout:
LOG.debug("Shadowsocks go remove timeout")
except requests.exceptions.RequestException as err:
LOG.debug("Shadowsocks go remove error (" + str(err) + ")")
def v2ray_add_user(user, v2rayuuid='', restart=1):
if v2rayuuid == '':
v2rayuuid = str(uuid.uuid1())
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
exist = 0
for inbounds in data['inbounds']:
if inbounds['tag'] == 'omrin-tunnel':
inbounds['settings']['clients'].append({'id': v2rayuuid, 'level': 0, 'alterId': 0, 'email': user})
Add V2Ray Trojan and VMESS protocols support
2023-08-25 09:33:52 +00:00
if inbounds['tag'] == 'omrin-vmess-tunnel':
inbounds['settings']['clients'].append({'id': v2rayuuid, 'level': 0, 'alterId': 0, 'email': user})
if inbounds['tag'] == 'omrin-trojan-tunnel':
inbounds['settings']['clients'].append({'password': v2rayuuid, 'email': user})
Add V2RAY Socks protocol support
2023-08-25 13:27:58 +00:00
if inbounds['tag'] == 'omrin-socks-tunnel':
inbounds['settings']['accounts'].append({'pass': v2rayuuid, 'user': user})
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
if initial_md5 != final_md5:
try:
data = subprocess.check_output('/usr/bin/v2ray api adu --server=127.0.0.1:10085 -users ' + "'" + '{"tag":"omrin-vmess-tunnel","users":[{"user": "' + user + '","key": "' + v2rayuuid + '"}]}', shell = True)
except:
LOG.debug("V2Ray VMESS: Can't add user")
if restart == 1:
os.system("systemctl -q restart v2ray")
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
return v2rayuuid
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_add_user(user,xrayuuid='',ukeyss2022='',restart=1):
if xrayuuid == '':
xrayuuid = str(uuid.uuid1())
if ukeyss2022 == '':
ukeyss2022 = str(base64.b64encode(os.urandom(15).encode('ascii')))
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
exist = 0
for inbounds in data['inbounds']:
if inbounds['tag'] == 'omrin-tunnel':
inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user})
if inbounds['tag'] == 'omrin-vmess-tunnel':
inbounds['settings']['clients'].append({'id': xrayuuid, 'level': 0, 'alterId': 0, 'email': user})
if inbounds['tag'] == 'omrin-trojan-tunnel':
inbounds['settings']['clients'].append({'password': xrayuuid, 'email': user})
if inbounds['tag'] == 'omrin-socks-tunnel':
inbounds['settings']['accounts'].append({'pass': xrayuuid, 'user': user})
if inbounds['tag'] == 'omrin-shadowsocks-tunnel':
inbounds['settings']['clients'].append({'password': ukeyss2022, 'email': user})
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
return xrayuuid
Add V2Ray Trojan and VMESS protocols support
2023-08-25 09:33:52 +00:00
def v2ray_del_user(user, restart=1, protocol="vless"):
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
for inbounds in data['inbounds']:
if inbounds['tag'] == 'omrin-tunnel':
for v2rayuser in inbounds['settings']['clients']:
if v2rayuser['email'] == user:
inbounds['settings']['clients'].remove(v2rayuser)
Add V2Ray Trojan and VMESS protocols support
2023-08-25 09:33:52 +00:00
if inbounds['tag'] == 'omrin-vmess-tunnel':
for v2rayuser in inbounds['settings']['clients']:
if v2rayuser['email'] == user:
inbounds['settings']['clients'].remove(v2rayuser)
if inbounds['tag'] == 'omrin-trojan-tunnel':
for v2rayuser in inbounds['settings']['clients']:
if v2rayuser['email'] == user:
inbounds['settings']['clients'].remove(v2rayuser)
Add V2RAY Socks protocol support
2023-08-25 13:27:58 +00:00
if inbounds['tag'] == 'omrin-socks-tunnel':
for v2rayuser in inbounds['settings']['accounts']:
if v2rayuser['user'] == user:
inbounds['settings']['accounts'].remove(v2rayuser)
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_del_user(user, restart=1, protocol="vless"):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
for inbounds in data['inbounds']:
if inbounds['tag'] == 'omrin-tunnel':
for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser)
if inbounds['tag'] == 'omrin-vmess-tunnel':
for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser)
if inbounds['tag'] == 'omrin-trojan-tunnel':
for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser)
if inbounds['tag'] == 'omrin-socks-tunnel':
for xrayuser in inbounds['settings']['accounts']:
if xrayuser['user'] == user:
inbounds['settings']['accounts'].remove(xrayuser)
if inbounds['tag'] == 'omrin-shadowsocks-tunnel':
for xrayuser in inbounds['settings']['clients']:
if xrayuser['email'] == user:
inbounds['settings']['clients'].remove(xrayuser)
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
def v2ray_add_outbound(tag,ip, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
data['outbounds'].append({'protocol': 'freedom', 'settings': { 'userLevel': 0 }, 'tag': tag, 'sendThrough': ip})
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_add_outbound(tag,ip, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
data['outbounds'].append({'protocol': 'freedom', 'settings': { 'userLevel': 0 }, 'tag': tag, 'sendThrough': ip})
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
def v2ray_del_outbound(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
for outbounds in data['outbounds']:
if outbounds['tag'] == tag:
data['outbounds'].remove(outbounds)
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_del_outbound(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
for outbounds in data['outbounds']:
if outbounds['tag'] == tag:
data['outbounds'].remove(outbounds)
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
def v2ray_add_routing(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
data['routing']['rules'].append({'type': 'field', 'inboundTag': ( 'omrintunnel' ), 'outboundTag': tag})
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_add_routing(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
data['routing']['rules'].append({'type': 'field', 'inboundTag': ( 'omrintunnel' ), 'outboundTag': tag})
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
Add functions to add v2ray user and routes
2020-11-15 18:56:56 +00:00
def v2ray_del_routing(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
for rules in data['routing']['rules']:
if rules['outboundTag'] == tag:
data['routing']['rules'].remove(rules)
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_del_routing(tag, restart=1):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
for rules in data['routing']['rules']:
if rules['outboundTag'] == tag:
data['routing']['rules'].remove(rules)
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5 and restart == 1:
os.system("systemctl -q restart xray")
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
def add_gre_tunnels():
nbip = 0
allips = []
for intf in netifaces.interfaces():
addrs = netifaces.ifaddresses(intf)
try:
ipv4_addr_list = addrs[netifaces.AF_INET]
for ip_info in ipv4_addr_list:
addr = ip_info['addr']
if not IPAddress(addr).is_private() and not IPAddress(addr).is_reserved():
allips.append(addr)
nbip = nbip + 1
except Exception as exception:
pass
if nbip > 1:
nbgre = 0
nbip = 0
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/snat', 'rb'))).hexdigest()
for intf in netifaces.interfaces():
addrs = netifaces.ifaddresses(intf)
try:
ipv4_addr_list = addrs[netifaces.AF_INET]
for ip_info in ipv4_addr_list:
addr = ip_info['addr']
if not IPAddress(addr).is_private() and not IPAddress(addr).is_reserved():
netmask = ip_info['netmask']
ip = IPNetwork('10.255.249.0/24')
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f)
for user in content['users'][0]:
if user != "admin":
subnets = ip.subnet(30)
network = list(subnets)[nbgre]
nbgre = nbgre + 1
userid = 0
username = user
Fix when ip are on multiple interfaces
2020-09-20 06:31:04 +00:00
iface = intf.split(':')[0]
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if 'userid' in content['users'][0][user]:
userid = content['users'][0][user]['userid']
if 'username' in content['users'][0][user]:
username = content['users'][0][user]['username']
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
gre_intf = 'gre-user' + str(userid) + '-ip' + str(nbip)
with open('/etc/openmptcprouter-vps-admin/intf/' + gre_intf, 'w') as n:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
n.write('INTF=' + str(intf.split(':')[0]) + "\n")
n.write('INTFADDR=' + str(addr) + "\n")
n.write('INTFNETMASK=' + str(netmask) + "\n")
n.write('NETWORK=' + str(network) + "\n")
n.write('LOCALIP=' + str(list(network)[1]) + "\n")
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
n.write('NETMASK=255.255.255.252' + "\n")
n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
n.write('USERNAME=' + str(username) + "\n")
n.write('USERID=' + str(userid) + "\n")
fd, tmpfile = mkstemp()
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
with open('/etc/shorewall/snat', 'r') as h, open(tmpfile, 'a+') as n:
for line in h:
Fixes and lower timeout with shadowsocks
2020-06-26 09:18:59 +00:00
if not '# OMR GRE for public IP ' + str(addr) + ' for user ' + str(user) in line:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
n.write(line)
Fix when ip are on multiple interfaces
2020-09-20 06:31:04 +00:00
n.write('SNAT(' + str(addr) + ') ' + str(network) + ' ' + str(iface) + ' # OMR GRE for public IP ' + str(addr) + ' for user ' + str(user) + "\n")
Use GRE tunnel for multiples IPs
2021-03-25 08:25:00 +00:00
n.write('SNAT(' + str(list(network)[1]) + ') - ' + gre_intf + ' # OMR GRE for public IP ' + str(addr) + ' for user ' + str(user) + "\n")
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
os.close(fd)
move(tmpfile, '/etc/shorewall/snat')
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
#fd, tmpfile = mkstemp()
#with open('/etc/shorewall/interfaces', 'r') as h, open(tmpfile, 'a+') as n:
# for line in h:
# if not 'gre-user' + str(userid) + '-ip' + str(nbip) in line:
# n.write(line)
# n.write('vpn gre-user' + str(userid) + '-ip' + str(nbip) + ' nosmurfs,tcpflags' + "\n")
#os.close(fd)
#move(tmpfile, '/etc/shorewall/interfaces')
Fix when ip are on multiple interfaces
2020-09-20 06:31:04 +00:00
if str(iface) != IFACE:
fd, tmpfile = mkstemp()
with open('/etc/shorewall/interfaces', 'r') as h, open(tmpfile, 'a+') as n:
for line in h:
if not str(iface) in line:
n.write(line)
n.write('net ' + str(iface) + ' dhcp,nosmurfs,tcpflags,routefilter,sourceroute=0' + "\n")
os.close(fd)
move(tmpfile, '/etc/shorewall/interfaces')
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
user_gre_tunnels = {}
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
if 'gre_tunnels' in content['users'][0][user]:
user_gre_tunnels = content['users'][0][user]['gre_tunnels']
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
if not gre_intf in user_gre_tunnels or user_gre_tunnels[gre_intf]['public_ip'] != str(addr):
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
with open('/etc/shadowsocks-libev/manager.json') as g:
contentss = g.read()
contentss = re.sub(",\s*}", "}", contentss) # pylint: disable=W1401
datass = json.loads(contentss)
Remove IPv6 IP check
2023-07-09 18:14:00 +00:00
makechange = True
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
if 'port_conf' in datass:
Remove IPv6 IP check
2023-07-09 18:14:00 +00:00
for sscport in datass['port_conf']:
if 'local_address' in datass['port_conf'][sscport] and datass['port_conf'][sscport]['local_address'] == str(addr):
shadowsocks_port = sscport
makechange = False
if makechange:
ss_port = content['users'][0][user]['shadowsocks_port']
if 'port_key' in datass:
ss_key = datass['port_key'][str(ss_port)]
if 'port_conf' in datass:
ss_key = datass['port_conf'][str(ss_port)]['key']
if gre_intf not in user_gre_tunnels:
user_gre_tunnels[gre_intf] = {}
shadowsocks_port = str(add_ss_user('', ss_key, userid, str(addr)))
user_gre_tunnels[gre_intf] = {'shadowsocks_port': shadowsocks_port, 'local_ip': str(list(network)[1]), 'remote_ip': str(list(network)[2]), 'public_ip': str(addr)}
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
#user_gre_tunnels[gre_intf] = {'local_ip': str(list(network)[1]), 'remote_ip': str(list(network)[2]), 'public_ip': str(addr)}
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
modif_config_user(user, {'gre_tunnels': user_gre_tunnels})
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
nbip = nbip + 1
except Exception as exception:
pass
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/snat', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q reload shorewall")
Restart shadowsocks when new IPs are detected by omr-admin at launch
2021-02-01 14:44:26 +00:00
os.system("systemctl -q restart shadowsocks-libev-manager@manager")
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
set_global_param('allips', allips)
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
add_gre_tunnels()
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
def add_glorytun_tcp(userid):
port = '650{:02d}'.format(userid)
Use network for multi VPN
2020-01-25 20:53:58 +00:00
ip = IPNetwork('10.255.255.0/24')
subnets = ip.subnet(30)
network = list(subnets)[userid]
Fix client2client IPs
2020-03-05 14:02:20 +00:00
with open('/etc/glorytun-tcp/tun0', 'r') as f, \
open('/etc/glorytun-tcp/tun' + str(userid), 'w') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
if 'PORT' in line:
n.write('PORT=' + port + "\n")
elif 'DEV' in line:
n.write('DEV=tun' + str(userid) + "\n")
Fix client2client IPs
2020-03-05 14:02:20 +00:00
elif (not 'LOCALIP' in line
and not 'REMOTEIP' in line
and not 'BROADCASTIP' in line
and not line == "\n"):
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
n.write(line)
Fix glorytun config
2020-01-27 19:15:30 +00:00
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
glorytun_tcp_key = secrets.token_hex(32)
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'w') as f:
Use network for multi VPN
2020-01-25 20:53:58 +00:00
f.write(glorytun_tcp_key.upper())
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q enable glorytun-tcp@tun" + str(userid))
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q restart glorytun-tcp@tun" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
def remove_glorytun_tcp(userid):
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q disable glorytun-tcp@tun" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
os.system("systemctl -q stop glorytun-tcp@tun" + str(userid))
os.remove('/etc/glorytun-tcp/tun' + str(userid) + '.key')
os.remove('/etc/glorytun-tcp/tun' + str(userid))
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
def add_glorytun_udp(userid):
port = '650{:02d}'.format(userid)
Use network for multi VPN
2020-01-25 20:53:58 +00:00
ip = IPNetwork('10.255.254.0/24')
subnets = ip.subnet(30)
network = list(subnets)[userid]
Fix client2client IPs
2020-03-05 14:02:20 +00:00
with open('/etc/glorytun-udp/tun0', 'r') as f, \
open('/etc/glorytun-udp/tun' + str(userid), 'w') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
if 'BIND_PORT' in line:
n.write('BIND_PORT=' + port + "\n")
elif 'DEV' in line:
n.write('DEV=tun' + str(userid) + "\n")
Fix client2client IPs
2020-03-05 14:02:20 +00:00
elif (not 'LOCALIP' in line
and not 'REMOTEIP' in line
and not 'BROADCASTIP' in line
and not line == "\n"):
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
n.write(line)
Fix glorytun config
2020-01-27 19:15:30 +00:00
n.write("\n" + 'LOCALIP=' + str(list(network)[1]) + "\n")
n.write('REMOTEIP=' + str(list(network)[2]) + "\n")
n.write('BROADCASTIP=' + str(network.broadcast) + "\n")
Fix client2client IPs
2020-03-05 14:02:20 +00:00
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'r') as f, \
open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as n:
Use network for multi VPN
2020-01-25 20:53:58 +00:00
for line in f:
n.write(line)
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q enable glorytun-udp@tun" + str(userid))
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q restart glorytun-udp@tun" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
def remove_glorytun_udp(userid):
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q disable glorytun-udp@tun" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
os.system("systemctl -q stop glorytun-udp@tun" + str(userid))
os.remove('/etc/glorytun-udp/tun' + str(userid) + '.key')
os.remove('/etc/glorytun-udp/tun' + str(userid))
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
def add_dsvpn(userid):
port = '654{:02d}'.format(userid)
Use network for multi VPN
2020-01-25 20:53:58 +00:00
ip = IPNetwork('10.255.251.0/24')
subnets = ip.subnet(30)
network = list(subnets)[userid]
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/dsvpn/dsvpn0', 'r') as f, open('/etc/dsvpn/dsvpn' + str(userid), 'w') as n:
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
for line in f:
if 'PORT' in line:
n.write('PORT=' + port + "\n")
elif 'DEV' in line:
n.write('DEV=dsvpn' + str(userid) + "\n")
elif 'LOCALTUNIP' in line:
Use network for multi VPN
2020-01-25 20:53:58 +00:00
n.write('LOCALTUNIP=' + str(list(network)[1]) + "\n")
elif 'REMOTETUNIP' in line:
n.write('REMOTETUNIP=' + str(list(network)[2]) + "\n")
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
else:
n.write(line)
dsvpn_key = secrets.token_hex(32)
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/dsvpn/dsvpn' + str(userid) + '.key', 'w') as f:
Use network for multi VPN
2020-01-25 20:53:58 +00:00
f.write(dsvpn_key.upper())
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q enable dsvpn@dsvpn" + str(userid))
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
os.system("systemctl -q restart dsvpn@dsvpn" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
def remove_dsvpn(userid):
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q disable dsvpn@dsvpn" + str(userid))
Add the remove VPN user functions
2020-02-14 20:46:05 +00:00
os.system("systemctl -q stop dsvpn@dsvpn" + str(userid))
os.remove('/etc/dsvpn/dsvpn' + str(userid))
os.remove('/etc/dsvpn/dsvpn' + str(userid) + '.key')
Initial commit
2018-11-08 12:55:20 +00:00
def ordered(obj):
if isinstance(obj, dict):
return sorted((k, ordered(v)) for k, v in obj.items())
if isinstance(obj, list):
return sorted(ordered(x) for x in obj)
else:
return obj
Add port destination option for v2ray
2020-10-20 18:01:10 +00:00
def v2ray_add_port(user, port, proto, name, destip, destport):
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
userid = user.userid
if userid is None:
userid = 0
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
tag = user.username + '_redir_' + proto + '_' + str(port) + '_to_' + destip + ':' + str(destport)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
exist = 0
for inbounds in data['inbounds']:
LOG.debug(inbounds)
if inbounds['tag'] == tag:
exist = 1
if exist == 0:
Fix V2ray port redirection
2023-07-24 07:25:06 +00:00
inbounds = {'tag': tag, 'port': int(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': int(destport), 'address': destip}}
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
#inbounds = {'tag': user.username + '_redir_' + proto + '_' + str(port), 'port': str(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': str(destport), 'address': destip}}
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
data['inbounds'].append(inbounds)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
routing = {'type': 'field','inboundTag': [tag], 'outboundTag': 'OMRLan'}
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
data['routing']['rules'].append(routing)
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_add_port(user, port, proto, name, destip, destport):
userid = user.userid
if userid is None:
userid = 0
tag = user.username + '_redir_' + proto + '_' + str(port) + '_to_' + destip + ':' + str(destport)
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
exist = 0
for inbounds in data['inbounds']:
LOG.debug(inbounds)
if inbounds['tag'] == tag:
exist = 1
if exist == 0:
inbounds = {'tag': tag, 'port': int(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': int(destport), 'address': destip}}
#inbounds = {'tag': user.username + '_redir_' + proto + '_' + str(port), 'port': str(port), 'protocol': 'dokodemo-door', 'settings': {'network': proto, 'port': str(destport), 'address': destip}}
data['inbounds'].append(inbounds)
routing = {'type': 'field','inboundTag': [tag], 'outboundTag': 'OMRLan'}
data['routing']['rules'].append(routing)
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart xray")
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
def v2ray_del_port(user, port, proto, name, destip, destport):
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
userid = user.userid
if userid is None:
userid = 0
tag = user.username + '_redir_' + proto + '_' + str(port)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if destip != '':
tag = tag + '_to_' + destip + ':' + str(destport)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
with open('/etc/v2ray/v2ray-server.json') as f:
data = json.load(f)
Allow v2ray userid change via API
2020-11-02 19:39:18 +00:00
for inbounds in data['inbounds']:
if inbounds['tag'] == tag:
data['inbounds'].remove(inbounds)
Really fix remove v2ray forward rules
2022-07-08 20:14:28 +00:00
for routing in data['routing']['rules']:
if routing['inboundTag'][0] == tag:
data['routing']['rules'].remove(routing)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
with open('/etc/v2ray/v2ray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart v2ray")
Only restart app after changes
2019-06-02 21:11:58 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
def xray_del_port(user, port, proto, name, destip, destport):
userid = user.userid
if userid is None:
userid = 0
tag = user.username + '_redir_' + proto + '_' + str(port)
if destip != '':
tag = tag + '_to_' + destip + ':' + str(destport)
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
with open('/etc/xray/xray-server.json') as f:
data = json.load(f)
for inbounds in data['inbounds']:
if inbounds['tag'] == tag:
data['inbounds'].remove(inbounds)
for routing in data['routing']['rules']:
if routing['inboundTag'][0] == tag:
data['routing']['rules'].remove(routing)
with open('/etc/xray/xray-server.json', 'w') as f:
json.dump(data, f, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart xray")
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', vpn='default', gencomment=''):
Add shorewall by user support
2020-01-20 20:05:40 +00:00
userid = user.userid
Fix and better code
2020-03-03 12:49:23 +00:00
if userid is None:
Add shorewall by user support
2020-01-20 20:05:40 +00:00
userid = 0
Only restart app after changes
2019-06-02 21:11:58 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
fd, tmpfile = mkstemp()
Fix client2client IPs
2020-03-05 14:02:20 +00:00
with open('/etc/shorewall/rules', 'r') as f, \
open(tmpfile, 'a+') as n:
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
for line in f:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if source_dip == '' and dest_ip == '':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if (fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line):
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = ''
Fix multiples FW rules
2022-06-12 17:43:09 +00:00
if source_dip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = ' to ' + source_dip
Fix multiples FW rules
2022-06-12 17:43:09 +00:00
if dest_ip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = comment + ' from ' + dest_ip
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if (fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line):
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if source_dip == '' and dest_ip == '':
Add source destination IP support
2020-06-15 13:53:03 +00:00
if fwtype == 'ACCEPT':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid == 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid != 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
net = 'net'
comment = ''
if source_dip != '':
comment = ' to ' + source_dip
if dest_ip != '':
comment = comment + ' from ' + dest_ip
net = 'net:' + dest_ip
Add source destination IP support
2020-06-15 13:53:03 +00:00
if fwtype == 'ACCEPT':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n")
Use gre tunnel when redirecting from a public IP
2020-09-29 13:41:48 +00:00
elif fwtype == 'DNAT' and vpn != 'default':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT ' + net + ' vpn:' + vpn + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Use GRE tunnel for multiples IPs
2021-03-25 08:25:00 +00:00
#n.write('DNAT ' + net + ' vpn:$OMR_ADDR' + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid == 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid != 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall/rules')
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
if initial_md5 != final_md5:
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
os.system("systemctl -q reload shorewall")
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
def shorewall_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', gencomment=''):
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
for line in f:
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
if source_dip == '' and dest_ip == '':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
else:
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
comment = ''
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
if source_dip != '':
comment = ' to ' + source_dip
if dest_ip != '':
comment = comment + ' from ' + dest_ip
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall/rules')
Only restart app after changes
2019-06-02 21:11:58 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
if initial_md5 != final_md5:
Only restart app after changes
2019-06-02 21:11:58 +00:00
os.system("systemctl -q reload shorewall")
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
def shorewall6_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', gencomment=''):
Add shorewall by user support
2020-01-20 20:05:40 +00:00
userid = user.userid
Fix client2client IPs
2020-03-05 14:02:20 +00:00
if userid is None:
Add shorewall by user support
2020-01-20 20:05:40 +00:00
userid = 0
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
if source_dip == '' and dest_ip == '':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto + gencomment in line and not port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = ''
Fix multiples FW rules
2022-06-12 17:43:09 +00:00
if source_dip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = ' to ' + source_dip
Fix multiples FW rules
2022-06-12 17:43:09 +00:00
if dest_ip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = comment + ' from ' + dest_ip
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
if fwtype == 'ACCEPT' and not '# OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
elif fwtype == 'DNAT' and not '# OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
if source_dip == '' and dest_ip == '':
Add source destination IP support
2020-06-15 13:53:03 +00:00
if fwtype == 'ACCEPT':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('ACCEPT net $FW ' + proto + ' ' + port + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid == 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT net vpn:$OMR_ADDR ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid != 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT net vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
net = 'net'
comment = ''
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
if source_dip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = ' to ' + source_dip
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
if dest_ip != '':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
comment = comment + ' from ' + dest_ip
net = 'net:' + dest_ip
Add source destination IP support
2020-06-15 13:53:03 +00:00
if fwtype == 'ACCEPT':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + gencomment + "\n")
Fix IPv6 firewall
2022-10-02 17:44:12 +00:00
elif fwtype == 'DNAT' and vpn != 'default':
n.write('DNAT ' + net + ' vpn:' + vpn + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid == 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Add source destination IP support
2020-06-15 13:53:03 +00:00
elif fwtype == 'DNAT' and userid != 0:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
n.write('DNAT ' + net + ' vpn:$OMR_ADDR_USER' + str(userid) + ' ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + gencomment + "\n")
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall6/rules')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
if initial_md5 != final_md5:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q reload shorewall6")
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
def shorewall6_del_port(username, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip=''):
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
Add source destination IP support
2020-06-15 13:53:03 +00:00
if source_dip == '':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if fwtype == 'ACCEPT' and not port + ' # OMR open ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' open ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not port + ' # OMR redirect ' + name + ' port ' + proto in line and not port + ' # OMR ' + username + ' redirect ' + name + ' port ' + proto + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
else:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
if fwtype == 'ACCEPT' and not '# OMR ' + username + ' open ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
elif fwtype == 'DNAT' and not '# OMR ' + username + ' redirect ' + name + ' port ' + proto + ' to ' + source_dip + gencomment in line:
Add source destination IP support
2020-06-15 13:53:03 +00:00
n.write(line)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall6/rules')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
if initial_md5 != final_md5:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q reload shorewall6")
Fix and better code
2020-03-03 12:49:23 +00:00
def set_lastchange(sync=0):
Add lastchange support
2019-08-12 14:43:05 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = f.read()
Some fixes
2020-03-03 13:06:18 +00:00
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
Add lastchange support
2019-08-12 14:43:05 +00:00
try:
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
configdata = json.loads(content)
data = configdata
Add lastchange support
2019-08-12 14:43:05 +00:00
except ValueError as e:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'error': 'Config file not readable', 'route': 'lastchange'}
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
data["lastchange"] = time.time() + sync
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
if data and data != configdata:
backup_config()
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
Fix and add log
2021-02-05 14:28:56 +00:00
else:
LOG.debug("Empty data for set_last_change")
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f)
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if 'debug' in omr_config_data and omr_config_data['debug']:
LOG.setLevel(logging.DEBUG)
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
fake_users_db = omr_config_data['users'][0]
Initial commit
2018-11-08 12:55:20 +00:00
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
def verify_password(plain_password, user_password):
Fix timing attacks potential vulnerability
2021-04-08 15:37:19 +00:00
if secrets.compare_digest(plain_password,user_password):
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug("password true")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return True
return False
Add shorewall settings change
2018-11-08 17:05:34 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
def get_password_hash(password):
return password
def get_user(db, username: str):
if username in db:
user_dict = db[username]
return UserInDB(**user_dict)
def authenticate_user(fake_db, username: str, password: str):
user = get_user(fake_db, username)
if not user:
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug("user doesn't exist")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return False
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
if not verify_password(password, user.user_password):
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug("wrong password")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return False
return user
class Token(BaseModel):
Fix and better code
2020-03-03 12:49:23 +00:00
access_token: str = None
token_type: str = None
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
class TokenData(BaseModel):
username: str = None
class User(BaseModel):
username: str
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
vpn: str = None
vpn_port: int = None
vpn_client_ip: str = None
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
permissions: str = 'rw'
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
shadowsocks_port: int = None
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
disabled: bool = 'false'
userid: int = None
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
class UserInDB(User):
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
user_password: str
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
# Add support for auth before seeing doc
class OAuth2PasswordBearerCookie(OAuth2):
def __init__(
Some fixes
2020-03-03 13:06:18 +00:00
self,
tokenUrl: str,
scheme_name: str = None,
scopes: dict = None,
auto_error: bool = True,
Fix and better code
2020-03-03 12:49:23 +00:00
):
if not scopes:
scopes = {}
flows = OAuthFlowsModel(password={"tokenUrl": tokenUrl, "scopes": scopes})
super().__init__(flows=flows, scheme_name=scheme_name, auto_error=auto_error)
async def __call__(self, request: Request) -> Optional[str]:
header_authorization: str = request.headers.get("Authorization")
cookie_authorization: str = request.cookies.get("Authorization")
header_scheme, header_param = get_authorization_scheme_param(
header_authorization
)
cookie_scheme, cookie_param = get_authorization_scheme_param(
cookie_authorization
)
if header_scheme.lower() == "bearer":
authorization = True
scheme = header_scheme
param = header_param
elif cookie_scheme.lower() == "bearer":
authorization = True
scheme = cookie_scheme
param = cookie_param
Initial commit
2018-11-08 12:55:20 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
else:
authorization = False
if not authorization or scheme.lower() != "bearer":
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
)
else:
return None
return param
class BasicAuth(SecurityBase):
def __init__(self, scheme_name: str = None, auto_error: bool = True):
self.scheme_name = scheme_name or self.__class__.__name__
self.model = SecurityBaseModel(type="http")
self.auto_error = auto_error
async def __call__(self, request: Request) -> Optional[str]:
authorization: str = request.headers.get("Authorization")
scheme, param = get_authorization_scheme_param(authorization)
if not authorization or scheme.lower() != "basic":
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
)
else:
return None
return param
basic_auth = BasicAuth(auto_error=False)
Initial commit
2018-11-08 12:55:20 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
Fix and better code
2020-03-03 12:49:23 +00:00
oauth2_scheme = OAuth2PasswordBearerCookie(tokenUrl="/token")
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None, title="OpenMPTCProuter Server API")
Fix and better code
2020-03-03 12:49:23 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
def create_access_token(*, data: dict, expires_delta: timedelta = None):
to_encode = data.copy()
if expires_delta:
expire = datetime.utcnow() + expires_delta
else:
Add log debug and fix
2020-02-15 12:44:35 +00:00
expire = datetime.utcnow() + timedelta(minutes=60)
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
to_encode.update({"exp": expire})
encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
return encoded_jwt
async def get_current_user(token: str = Depends(oauth2_scheme)):
credentials_exception = HTTPException(
Fix and better code
2020-03-03 12:49:23 +00:00
status_code=HTTP_403_FORBIDDEN,
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"},
)
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
username: str = payload.get("sub")
if username is None:
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug("get_current_user: Username not found")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
raise credentials_exception
token_data = TokenData(username=username)
except PyJWTError:
raise credentials_exception
user = get_user(fake_users_db, username=token_data.username)
if user is None:
raise credentials_exception
return user
Fix and better code
2020-03-03 12:49:23 +00:00
async def get_current_active_user(current_user: User = Depends(get_current_user)):
if current_user.disabled:
raise HTTPException(status_code=400, detail="Inactive user")
return current_user
# Show something at homepage
@app.get("/")
async def homepage():
return "Welcome to OpenMPTCProuter Server part"
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
# Provide a method to create access tokens. The create_jwt()
# function is used to actually generate the token
@app.post('/token', response_model=Token)
async def login_for_access_token(form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(fake_users_db, form_data.username, form_data.password)
if not user:
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug("Incorrect username or password")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
raise HTTPException(status_code=400, detail="Incorrect username or password")
Initial commit
2018-11-08 12:55:20 +00:00
# Identity can be any data that is json serializable
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
Some fixes
2020-03-03 13:06:18 +00:00
data={"sub": form_data.username}, expires_delta=access_token_expires
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
)
return {"access_token": access_token, "token_type": "bearer"}
Initial commit
2018-11-08 12:55:20 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
@app.get("/logout")
async def route_logout_and_remove_cookie():
response = RedirectResponse(url="/")
response.delete_cookie("Authorization")
return response
# Login for doc
@app.get("/login_basic")
async def login_basic(auth: BasicAuth = Depends(basic_auth)):
if not auth:
response = Response(headers={"WWW-Authenticate": "Basic"}, status_code=401)
return response
try:
decoded = base64.b64decode(auth).decode("ascii")
username, _, password = decoded.partition(":")
user = authenticate_user(fake_users_db, username, password)
if not user:
raise HTTPException(status_code=400, detail="Incorrect email or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(
data={"sub": username}, expires_delta=access_token_expires
)
token = jsonable_encoder(access_token)
response = RedirectResponse(url="/docs")
response.set_cookie(
"Authorization",
value=f"Bearer {token}",
httponly=True,
max_age=1800,
expires=1800,
)
return response
except:
response = Response(headers={"WWW-Authenticate": "Basic"}, status_code=401)
return response
@app.get("/openapi.json")
async def get_open_api_endpoint(current_user: User = Depends(get_current_active_user)):
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
return JSONResponse(get_openapi(title="OpenMPTCProuter Server API", version="2.0.0", routes=app.routes))
Fix and better code
2020-03-03 12:49:23 +00:00
@app.get("/docs")
async def get_documentation(current_user: User = Depends(get_current_active_user)):
return get_swagger_ui_html(openapi_url="/openapi.json", title="docs")
Get client IP via script and add a no internet access option
2020-04-22 16:00:07 +00:00
# Get Client IP
@app.get('/clienthost')
async def status(request: Request):
client_host = request.client.host
return {"client_host": client_host}
Fix and better code
2020-03-03 12:49:23 +00:00
Add MPTCP check support
2021-04-14 19:10:24 +00:00
# Check if MPTCP is enabled on this connection
@app.get('/mptcpsupport')
async def mptcpsupport(request: Request):
ip = request.client.host
if type(ip_address(ip)) is IPv4Address:
ipr = list(reversed(ip.split('.')))
iptohex = '{:02X}{:02X}{:02X}{:02X}'.format(*map(int, ipr))
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
if path.exists('/proc/net/mptcp_net/mptcp'):
with open('/proc/net/mptcp_net/mptcp') as f:
if iptohex in f.read():
return {"mptcp": "working"}
elif not os.popen("ss -M | grep " + ip) == '':
return {"mptcp": "working"}
Add MPTCP check support
2021-04-14 19:10:24 +00:00
return {"mptcp": "not working"}
Initial commit
2018-11-08 12:55:20 +00:00
# Get VPS status
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
@app.get('/status', summary="Get current server load average, uptime and release")
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
async def status(userid: Optional[int] = Query(None), serial: Optional[str] = Query(None), current_user: User = Depends(get_current_user)):
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get status...')
status and config can be requested for any user by admin, add vpn traffic in status
2020-06-30 14:44:13 +00:00
if not current_user.permissions == "admin":
userid = current_user.userid
if userid is None:
userid = 0
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
username = get_username_from_userid(userid)
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
if not current_user.permissions == "admin" and serial is not None:
if not check_username_serial(username, serial):
return {'error': 'False serial number'}
Add VPS load avg and uptime
2018-11-29 13:47:05 +00:00
vps_loadavg = os.popen("cat /proc/loadavg | awk '{print $1\" \"$2\" \"$3}'").read().rstrip()
vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
Add VPS hostname to status info
2019-07-13 05:30:58 +00:00
vps_hostname = socket.gethostname()
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
vps_current_time = time.time()
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
vps_kernel = os.popen('uname -r').read().rstrip()
vps_omr_version = os.popen("grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}'").read().rstrip()
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
mptcp_enabled = "0"
if path.exists("/proc/sys/net/mptcp/mptcp_enabled"):
mptcp_enabled = os.popen('sysctl -qn net.mptcp.mptcp_enabled').read().rstrip()
elif path.exists("/proc/sys/net/mptcp/enabled"):
mptcp_enabled = os.popen('sysctl -qn net.mptcp.enabled').read().rstrip()
Only check data on used proxy
2022-02-04 08:53:32 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
proxy = 'shadowsocks'
if 'proxy' in omr_config_data['users'][0][username]:
proxy = omr_config_data['users'][0][username]['proxy']
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
shadowsocks_port = current_user.shadowsocks_port
Only check data on used proxy
2022-02-04 08:53:32 +00:00
if not shadowsocks_port == None and proxy == 'shadowsocks':
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
ss_traffic = get_bytes_ss(current_user.shadowsocks_port)
else:
ss_traffic = 0
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
ss_go_tx = 0
ss_go_rx = 0
if os.path.isfile('/etc/shadowsocks-go/server.json') and ('shadowsocks-go' in proxy or 'shadowsocks-rust' in proxy) and checkIfProcessRunning('shadowsocks-go'):
ss_go_txrx = get_bytes_ss_go(username)
ss_go_tx = ss_go_txrx['downlinkBytes']
ss_go_rx = ss_go_txrx['uplinkBytes']
Get v2ray traffic and proxy choice support
2020-08-20 18:31:29 +00:00
v2ray_tx = 0
v2ray_rx = 0
Fix V2Ray stats
2023-08-28 08:16:20 +00:00
if os.path.isfile('/etc/v2ray/v2ray-server.json') and 'v2ray' in proxy and checkIfProcessRunning('v2ray'):
Get v2ray traffic and proxy choice support
2020-08-20 18:31:29 +00:00
v2ray_tx = get_bytes_v2ray('tx',username)
v2ray_rx = get_bytes_v2ray('rx',username)
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
xray_tx = 0
xray_rx = 0
if os.path.isfile('/etc/xray/xray-server.json') and 'xray' in proxy and checkIfProcessRunning('xray'):
xray_tx = get_bytes_xray('tx',username)
xray_rx = get_bytes_xray('rx',username)
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
vpn = 'glorytun_tcp'
if 'vpn' in omr_config_data['users'][0][username]:
vpn = omr_config_data['users'][0][username]['vpn']
status and config can be requested for any user by admin, add vpn traffic in status
2020-06-30 14:44:13 +00:00
vpn_traffic_rx = 0
vpn_traffic_tx = 0
if vpn == 'glorytun_tcp':
vpn_traffic_rx = get_bytes('rx', 'gt-tun' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'gt-tun' + str(userid))
elif vpn == 'glorytun_udp':
vpn_traffic_rx = get_bytes('rx', 'gt-udp-tun' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'gt-udp-tun' + str(userid))
elif vpn == 'mlvpn':
vpn_traffic_rx = get_bytes('rx', 'mlvpn' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'mlvpn' + str(userid))
elif vpn == 'dsvpn':
vpn_traffic_rx = get_bytes('rx', 'dsvpn' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'dsvpn' + str(userid))
Add vpn traffic for openvpn and openvpn bonding
2020-12-21 14:17:26 +00:00
elif vpn == 'openvpn':
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
# vpn_traffic_rx = get_bytes('rx', 'tun0')
# vpn_traffic_tx = get_bytes('tx', 'tun0')
vpn_txrx = get_bytes_openvpn(username)
vpn_traffic_rx = vpn_txrx['uplinkBytes']
vpn_traffic_tx = vpn_txrx['downlinkBytes']
Add vpn traffic for openvpn and openvpn bonding
2020-12-21 14:17:26 +00:00
elif vpn == 'openvpn_bonding':
vpn_traffic_rx = get_bytes('rx', 'omr-bonding')
vpn_traffic_tx = get_bytes('tx', 'omr-bonding')
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get status: done')
if IFACE:
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
return {'vps': {'time': vps_current_time, 'loadavg': vps_loadavg, 'uptime': vps_uptime, 'mptcp': mptcp_enabled, 'hostname': vps_hostname, 'kernel': vps_kernel, 'omr_version': vps_omr_version}, 'network': {'tx': get_bytes('tx', IFACE), 'rx': get_bytes('rx', IFACE)}, 'shadowsocks': {'traffic': ss_traffic}, 'vpn': {'tx': vpn_traffic_tx, 'rx': vpn_traffic_rx}, 'v2ray': {'tx': v2ray_tx, 'rx': v2ray_rx},'xray': {'tx': xray_tx, 'rx': xray_rx},'shadowsocks_go': {'tx': ss_go_tx, 'rx': ss_go_rx}}
Initial commit
2018-11-08 12:55:20 +00:00
else:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'error': 'No iface defined', 'route': 'status'}
Initial commit
2018-11-08 12:55:20 +00:00
# Get VPS config
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/config', summary="Get full server configuration for current user")
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
async def config(userid: Optional[int] = Query(None), serial: Optional[str] = Query(None), current_user: User = Depends(get_current_user)):
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config...')
status and config can be requested for any user by admin, add vpn traffic in status
2020-06-30 14:44:13 +00:00
if not current_user.permissions == "admin":
userid = current_user.userid
Fix and better code
2020-03-03 12:49:23 +00:00
if userid is None:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
userid = 0
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
username = get_username_from_userid(userid)
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
if not current_user.permissions == "admin" and serial is not None:
if not check_username_serial(username, serial):
return {'error': 'False serial number'}
Add iperf3 support and glorytun dhcp settings in json
2019-03-27 20:28:18 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... shadowsocks')
Check if v2ray is used before getting traffic
2022-02-08 07:32:25 +00:00
proxy = 'shadowsocks'
if 'proxy' in omr_config_data['users'][0][username]:
proxy = omr_config_data['users'][0][username]['proxy']
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
with open('/etc/shadowsocks-libev/manager.json') as f:
Fix https://github.com/Ysurac/openmptcprouter/issues/229
2018-11-29 21:43:02 +00:00
content = f.read()
Some fixes
2020-03-03 13:06:18 +00:00
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
try:
data = json.loads(content)
except ValueError as e:
Fix and get IPv6 network from config file
2020-05-10 19:02:18 +00:00
data = {'port_key': '', 'server_port': 65101, 'method': 'chacha20'}
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
#shadowsocks_port = data["server_port"]
shadowsocks_port = current_user.shadowsocks_port
Add case when no internet access available
2020-04-21 12:55:35 +00:00
if shadowsocks_port is not None:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if 'port_key' in data:
shadowsocks_key = data["port_key"][str(shadowsocks_port)]
else:
shadowsocks_key = data["port_conf"][str(shadowsocks_port)]["key"]
Add, remove and list users
2019-12-27 20:42:47 +00:00
else:
shadowsocks_key = ''
Initial commit
2018-11-08 12:55:20 +00:00
shadowsocks_method = data["method"]
Fix https://github.com/Ysurac/openmptcprouter/issues/230
2018-11-29 22:14:23 +00:00
if 'fast_open' in data:
shadowsocks_fast_open = data["fast_open"]
else:
shadowsocks_fast_open = False
Fix
2019-01-02 14:10:38 +00:00
if 'reuse_port' in data:
Fix https://github.com/Ysurac/openmptcprouter/issues/230
2018-11-29 22:14:23 +00:00
shadowsocks_reuse_port = data["reuse_port"]
else:
shadowsocks_reuse_port = False
if 'no_delay' in data:
shadowsocks_no_delay = data["no_delay"]
else:
shadowsocks_no_delay = False
if 'mptcp' in data:
shadowsocks_mptcp = data["mptcp"]
else:
shadowsocks_mptcp = False
Fix
2019-01-02 14:10:38 +00:00
if 'ebpf' in data:
shadowsocks_ebpf = data["ebpf"]
else:
shadowsocks_ebpf = False
Initial commit
2018-11-08 12:55:20 +00:00
if "plugin" in data:
shadowsocks_obfs = True
Add v2ray plugin support
2019-01-25 19:43:49 +00:00
if 'v2ray' in data["plugin"]:
shadowsocks_obfs_plugin = 'v2ray'
else:
shadowsocks_obfs_plugin = 'obfs'
if 'tls' in data["plugin_opts"]:
shadowsocks_obfs_type = 'tls'
else:
Fix obfs type
2019-01-25 21:17:55 +00:00
shadowsocks_obfs_type = 'http'
Initial commit
2018-11-08 12:55:20 +00:00
else:
shadowsocks_obfs = False
Add v2ray plugin support
2019-01-25 19:43:49 +00:00
shadowsocks_obfs_plugin = ''
shadowsocks_obfs_type = ''
Fixes and use enum
2019-12-30 19:49:39 +00:00
shadowsocks_port = current_user.shadowsocks_port
Check if v2ray is used before getting traffic
2022-02-08 07:32:25 +00:00
if not shadowsocks_port == None and proxy == 'shadowsocks':
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
ss_traffic = get_bytes_ss(current_user.shadowsocks_port)
else:
ss_traffic = 0
Add log debug and fix
2020-02-15 12:44:35 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... glorytun')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if os.path.isfile('/etc/glorytun-tcp/tun' + str(userid) +'.key'):
glorytun_key = open('/etc/glorytun-tcp/tun' + str(userid) + '.key').readline().rstrip()
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
else:
glorytun_key = ''
glorytun_port = '65001'
Add glorytun chacha20 status and setting
2019-05-23 19:55:49 +00:00
glorytun_chacha = False
Fix config display
2020-01-25 21:04:14 +00:00
glorytun_tcp_host_ip = ''
glorytun_tcp_client_ip = ''
glorytun_udp_host_ip = ''
glorytun_udp_client_ip = ''
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if os.path.isfile('/etc/glorytun-tcp/tun' + str(userid)):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-tcp/tun' + str(userid), "r") as glorytun_file:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
for line in glorytun_file:
if 'PORT=' in line:
glorytun_port = line.replace(line[:5], '').rstrip()
Fix config display
2020-01-25 21:04:14 +00:00
if 'LOCALIP=' in line:
glorytun_tcp_host_ip = line.replace(line[:8], '').rstrip()
if 'REMOTEIP=' in line:
glorytun_tcp_client_ip = line.replace(line[:9], '').rstrip()
Add glorytun chacha20 status and setting
2019-05-23 19:55:49 +00:00
if 'chacha' in line:
glorytun_chacha = True
Fix config display
2020-01-25 21:04:14 +00:00
if userid == 0 and glorytun_tcp_host_ip == '':
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if 'glorytun_tcp_type' in omr_config_data:
if omr_config_data['glorytun_tcp_type'] == 'static':
glorytun_tcp_host_ip = '10.255.255.1'
glorytun_tcp_client_ip = '10.255.255.2'
else:
glorytun_tcp_host_ip = 'dhcp'
glorytun_tcp_client_ip = 'dhcp'
else:
Add iperf3 support and glorytun dhcp settings in json
2019-03-27 20:28:18 +00:00
glorytun_tcp_host_ip = '10.255.255.1'
glorytun_tcp_client_ip = '10.255.255.2'
Fix config display
2020-01-25 21:04:14 +00:00
if os.path.isfile('/etc/glorytun-udp/tun' + str(userid)):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-udp/tun' + str(userid), "r") as glorytun_file:
Fix config display
2020-01-25 21:04:14 +00:00
for line in glorytun_file:
if 'LOCALIP=' in line:
glorytun_udp_host_ip = line.replace(line[:8], '').rstrip()
if 'REMOTEIP=' in line:
glorytun_udp_client_ip = line.replace(line[:9], '').rstrip()
if userid == 0 and glorytun_udp_host_ip == '':
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if 'glorytun_udp_type' in omr_config_data:
if omr_config_data['glorytun_udp_type'] == 'static':
glorytun_udp_host_ip = '10.255.254.1'
glorytun_udp_client_ip = '10.255.254.2'
else:
glorytun_udp_host_ip = 'dhcp'
glorytun_udp_client_ip = 'dhcp'
else:
Fix Glorytun UDP
2019-05-07 19:45:11 +00:00
glorytun_udp_host_ip = '10.255.254.1'
glorytun_udp_client_ip = '10.255.254.2'
Fix VPN list
2020-03-09 21:00:42 +00:00
available_vpn = ["glorytun_tcp", "glorytun_udp"]
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... dsvpn')
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
if os.path.isfile('/etc/dsvpn/dsvpn' + str(userid) + '.key'):
dsvpn_key = open('/etc/dsvpn/dsvpn' + str(userid) + '.key').readline().rstrip()
Add dsvpn support
2019-08-02 15:22:43 +00:00
available_vpn.append("dsvpn")
else:
dsvpn_key = ''
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
dsvpn_port = '65401'
Fix config display
2020-01-25 21:04:14 +00:00
dsvpn_host_ip = ''
dsvpn_client_ip = ''
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
if os.path.isfile('/etc/dsvpn/dsvpn' + str(userid)):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/dsvpn/dsvpn' + str(userid), "r") as dsvpn_file:
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
for line in dsvpn_file:
if 'PORT=' in line:
dsvpn_port = line.replace(line[:5], '').rstrip()
Fix config display
2020-01-25 21:04:14 +00:00
if 'LOCALTUNIP=' in line:
dsvpn_host_ip = line.replace(line[:11], '').rstrip()
if 'REMOTETUNIP=' in line:
dsvpn_client_ip = line.replace(line[:12], '').rstrip()
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
Fix config display
2020-01-25 21:04:14 +00:00
if userid == 0 and dsvpn_host_ip == '':
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
dsvpn_host_ip = '10.255.251.1'
dsvpn_client_ip = '10.255.251.2'
Fix
2018-11-23 14:19:30 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... iperf3')
Use public.pem instead of public.key for iperf3
2019-03-28 19:17:06 +00:00
if os.path.isfile('/etc/iperf3/public.pem'):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/iperf3/public.pem', "rb") as iperfkey_file:
Add iperf3 support and glorytun dhcp settings in json
2019-03-27 20:28:18 +00:00
iperf_keyb = base64.b64encode(iperfkey_file.read())
iperf3_key = iperf_keyb.decode('utf-8')
else:
iperf3_key = ''
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
if os.path.isfile('/etc/pihole/setupVars.conf'):
pihole = True
else:
pihole = False
Add iperf3 support and glorytun dhcp settings in json
2019-03-27 20:28:18 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... openvpn')
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
#if os.path.isfile('/etc/openvpn/server/static.key'):
# with open('/etc/openvpn/server/static.key',"rb") as ovpnkey_file:
# openvpn_keyb = base64.b64encode(ovpnkey_file.read())
# openvpn_key = openvpn_keyb.decode('utf-8')
# available_vpn.append("openvpn")
#else:
# openvpn_key = ''
openvpn_key = ''
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if os.path.isfile('/etc/openvpn/ca/pki/private/' + username + '.key'):
with open('/etc/openvpn/ca/pki/private/' + username + '.key', "rb") as ovpnkey_file:
Add MPTCP over OpenVPN support
2019-10-25 18:22:00 +00:00
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
openvpn_client_key = openvpn_keyb.decode('utf-8')
else:
openvpn_client_key = ''
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if os.path.isfile('/etc/openvpn/ca/pki/issued/' + username + '.crt'):
with open('/etc/openvpn/ca/pki/issued/' + username + '.crt', "rb") as ovpnkey_file:
Add MPTCP over OpenVPN support
2019-10-25 18:22:00 +00:00
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
openvpn_client_crt = openvpn_keyb.decode('utf-8')
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
available_vpn.append("openvpn")
Add MPTCP over OpenVPN support
2019-10-25 18:22:00 +00:00
else:
openvpn_client_crt = ''
Add, remove and list users
2019-12-27 20:42:47 +00:00
if os.path.isfile('/etc/openvpn/ca/pki/ca.crt'):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openvpn/ca/pki/ca.crt', "rb") as ovpnkey_file:
Add MPTCP over OpenVPN support
2019-10-25 18:22:00 +00:00
openvpn_keyb = base64.b64encode(ovpnkey_file.read())
openvpn_client_ca = openvpn_keyb.decode('utf-8')
else:
openvpn_client_ca = ''
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
openvpn_port = '65301'
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
openvpn_cipher = 'AES-256-CBC'
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
if os.path.isfile('/etc/openvpn/openvpn-tun0.conf'):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openvpn/openvpn-tun0.conf', "r") as openvpn_file:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
for line in openvpn_file:
if 'port ' in line:
openvpn_port = line.replace(line[:5], '').rstrip()
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
if 'cipher ' in line:
openvpn_cipher = line.replace(line[:7], '').rstrip()
Fix mlvpn and openvpn ip
2019-04-20 16:16:22 +00:00
openvpn_host_ip = '10.255.252.1'
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
#openvpn_client_ip = '10.255.252.2'
openvpn_client_ip = 'dhcp'
Fix
2018-11-23 14:19:30 +00:00
Add OpenVPN bonding support
2020-12-11 20:40:39 +00:00
if os.path.isfile('/etc/openvpn/bonding1.conf'):
available_vpn.append("openvpn_bonding")
Some fixes
2020-03-03 13:06:18 +00:00
LOG.debug('Get config... mlvpn')
Fix
2018-11-23 14:19:30 +00:00
if os.path.isfile('/etc/mlvpn/mlvpn0.conf'):
mlvpn_config = configparser.ConfigParser()
Fixes and add vps current time
2019-11-13 07:39:00 +00:00
mlvpn_config.read_file(open(r'/etc/mlvpn/mlvpn0.conf'))
Fix and better code
2020-03-03 12:49:23 +00:00
mlvpn_key = mlvpn_config.get('general', 'password').strip('"')
Add function to modify MLVPN config
2021-03-15 14:07:25 +00:00
mlvpn_timeout = mlvpn_config.get('general', 'timeout')
mlvpn_reorder_buffer_size = mlvpn_config.get('general', 'reorder_buffer_size')
mlvpn_loss_tolerence = mlvpn_config.get('general', 'loss_tolerence')
Fix
2021-03-15 19:37:05 +00:00
if mlvpn_config.has_option('general', 'cleartext_data'):
mlvpn_cleartext_data = mlvpn_config.get('general', 'cleartext_data')
else:
mlvpn_cleartext_data = ''
Fix shorewall redirect and add static ip for VPN
2018-12-03 10:07:03 +00:00
available_vpn.append("mlvpn")
Fix
2018-11-23 14:19:30 +00:00
else:
mlvpn_key = ''
Add function to modify MLVPN config
2021-03-15 14:07:25 +00:00
mlvpn_timeout = ''
mlvpn_reorder_buffer_size = ''
mlvpn_loss_tolerence = ''
mlvpn_cleartext_data = ''
Fix mlvpn and openvpn ip
2019-04-20 16:16:22 +00:00
mlvpn_host_ip = '10.255.253.1'
mlvpn_client_ip = '10.255.253.2'
Fix shorewall redirect and add static ip for VPN
2018-12-03 10:07:03 +00:00
Add wireguard support
2021-03-02 13:28:35 +00:00
LOG.debug('Get config... wireguard')
Fix wireguard support
2021-03-02 17:24:22 +00:00
if os.path.isfile('/etc/wireguard/vpn-server-public.key'):
with open('/etc/wireguard/vpn-server-public.key', "rb") as wgkey_file:
Add wireguard support
2021-03-02 13:28:35 +00:00
wireguard_key = wgkey_file.read()
else:
wireguard_key = ''
wireguard_host_ip = '10.255.247.1'
wireguard_port = '65311'
Update
2022-08-26 22:02:39 +00:00
LOG.debug('Get config... wireguard for external clients')
if os.path.isfile('/etc/wireguard/vpn-client-private.key'):
with open('/etc/wireguard/vpn-client-private.key', "rb") as wgkey_file:
wireguard_client_key = wgkey_file.read()
else:
wireguard_client_key = ''
wireguard_client_ip = '10.255.246.2'
wireguard_client_port = '65312'
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
gre_tunnel = False
gre_tunnel_conf = []
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
# for tunnel in pathlib.Path('/etc/openmptcprouter-vps-admin/intf').glob('gre-user' + str(userid) + '-ip*'):
# gre_tunnel = True
# with open(tunnel, "r") as tunnel_conf:
# for line in tunnel_conf:
# if 'LOCALIP=' in line:
# gre_tunnel_localip = line.replace(line[:8], '').rstrip()
# if 'REMOTEIP=' in line:
# gre_tunnel_remoteip = line.replace(line[:9], '').rstrip()
# if 'NETMASK=' in line:
# gre_tunnel_netmask = line.replace(line[:8], '').rstrip()
# if 'INTFADDR=' in line:
# gre_tunnel_intfaddr = line.replace(line[:9], '').rstrip()
# gre_tunnel_conf.append("{'local_ip': '" + gre_tunnel_localip + "', 'remote_ip': '" + gre_tunnel_remoteip + "', 'netmask': '" + gre_tunnel_netmask + "', 'public_ip': '" + gre_tunnel_intfaddr + "'}")
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if 'gre_tunnels' in omr_config_data['users'][0][username]:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
gre_tunnel = True
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
gre_tunnel_conf = omr_config_data['users'][0][username]['gre_tunnels']
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if 'vpnremoteip' in omr_config_data['users'][0][username]:
vpn_remote_ip = omr_config_data['users'][0][username]['vpnremoteip']
Fix VPN ip in config
2020-03-06 19:09:04 +00:00
else:
vpn_remote_ip = ''
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if 'vpnlocalip' in omr_config_data['users'][0][username]:
vpn_local_ip = omr_config_data['users'][0][username]['vpnlocalip']
Fix VPN ip in config
2020-03-06 19:09:04 +00:00
else:
vpn_local_ip = ''
Add MPTCP support
2018-11-14 16:34:13 +00:00
Add v2ray support
2020-08-10 18:49:47 +00:00
v2ray = False
v2ray_conf = []
v2ray_tx = 0
v2ray_rx = 0
if os.path.isfile('/etc/v2ray/v2ray-server.json'):
v2ray = True
if not 'v2ray' in omr_config_data['users'][0][username]:
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
v2ray_key = os.popen("jq -r '.inbounds[0].settings.clients[] | select(.email=" + '"' + username + '"' + ") | .id' /etc/v2ray/v2ray-server.json").read().rstrip()
Add v2ray support
2020-08-10 18:49:47 +00:00
v2ray_port = os.popen('jq -r .inbounds[0].port /etc/v2ray/v2ray-server.json').read().rstrip()
v2ray_conf = { 'key': v2ray_key, 'port': v2ray_port}
modif_config_user(username, {'v2ray': v2ray_conf})
else:
v2ray_conf = omr_config_data['users'][0][username]['v2ray']
Check if v2ray is used before getting traffic
2022-02-08 07:32:25 +00:00
if checkIfProcessRunning('v2ray') and proxy == 'v2ray':
Fix v2ray stats
2020-09-11 18:58:38 +00:00
v2ray_tx = get_bytes_v2ray('tx',username)
v2ray_rx = get_bytes_v2ray('rx',username)
Add v2ray support
2020-08-10 18:49:47 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
xray = False
xray_conf = []
xray_tx = 0
xray_rx = 0
if os.path.isfile('/etc/xray/xray-server.json'):
xray = True
if not 'xray' in omr_config_data['users'][0][username]:
xray_key = os.popen("jq -r '.inbounds[0].settings.clients[] | select(.email=" + '"' + username + '"' + ") | .id' /etc/xray/xray-server.json").read().rstrip()
xray_ss_skey = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-shadowsocks-tunnel' + '"' + ") | .settings.password' /etc/xray/xray-server.json").read().rstrip()
xray_ss_ukey = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-shadowsocks-tunnel' + '"' + ") | .settings.clients[] | select(.email=" + '"' + username + '"' + ") | .password' /etc/xray/xray-server.json").read().rstrip()
xray_ss_key = xray_ss_skey + ':' + xray_ss_ukey
xray_port = os.popen('jq -r .inbounds[0].port /etc/xray/xray-server.json').read().rstrip()
Add XRay Shadowsocks method changes
2023-12-14 16:31:00 +00:00
xray_ss_method = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-shadowsocks-tunnel' + '"' + ") | .settings.method' /etc/xray/xray-server.json").read().rstrip()
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
xray_vless_reality_public_key = ''
if os.path.isfile('/etc/xray/xray-vless-reality.json'):
xray_vless_reality_public_key = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-vless-reality' + '"' + ") | .streamSettings.realitySettings.publicKey' /etc/xray/xray-vless-reality.json").read().rstrip()
test_vless_reality = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-vless-reality' + '"' + ")' /etc/xray/xray-server.json").read().rstrip()
if test_vless_reality != '':
vless_reality = True
else:
vless_reality = False
Add XRay Shadowsocks method changes
2023-12-14 16:31:00 +00:00
xray_conf = { 'key': xray_key, 'port': xray_port, 'sskey': xray_ss_key, 'vless_reality': vless_reality, 'vless_reality_key': xray_vless_reality_public_key, 'ss_method': xray_ss_method }
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
modif_config_user(username, {'xray': xray_conf})
else:
xray_conf = omr_config_data['users'][0][username]['xray']
if checkIfProcessRunning('xray') and proxy == 'xray':
xray_tx = get_bytes_xray('tx',username)
xray_rx = get_bytes_xray('rx',username)
shadowsocks_go = False
shadowsocks_go_conf = []
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
ss_go_tx = 0
ss_go_rx = 0
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/shadowsocks-go/server.json'):
shadowsocks_go = True
if not 'shadowsocks-go' in omr_config_data['users'][0][username]:
shadowsocks_go_psk = os.popen("jq -r '.servers[] | select(.name=" + '"ss-2022"' + ") | .psk' /etc/shadowsocks-go/server.json").read().rstrip()
shadowsocks_go_port = os.popen("jq -r '.servers[] | select(.name=" + '"ss-2022"' + ") | .tcpListeners[0].address' /etc/shadowsocks-go/server.json | cut -d ':' -f1").read().rstrip()
shadowsocks_go_protocol = os.popen("jq -r '.servers[] | select(.name=" + '"ss-2022"' + ") | .protocol' /etc/shadowsocks-go/server.json").read().rstrip()
shadowsocks_go_upsk = os.popen("jq -r --arg user " + '"' + username + '"' + " '.[$user]' /etc/shadowsocks-go/upsks.json").read().rstrip()
shadowsocks_go_conf= { 'password': shadowsocks_go_psk + ':' + shadowsocks_go_upsk, 'port': shadowsocks_go_port, 'protocol': shadowsocks_go_protocol }
modif_config_user(username, {'shadowsocks-go': shadowsocks_go_conf})
else:
shadowsocks_go_conf = omr_config_data['users'][0][username]['shadowsocks-go']
Add Shadowsocks-go traffic support
2023-10-09 14:46:10 +00:00
ss_go_txrx = get_bytes_ss_go(username)
Really fix https://github.com/Ysurac/openmptcprouter/issues/3018
2023-11-05 06:35:41 +00:00
ss_go_tx = int(ss_go_txrx['downlinkBytes'])
ss_go_rx = int(ss_go_txrx['uplinkBytes'])
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... mptcp')
Add MPTCP version support
2022-07-14 19:33:27 +00:00
mptcp_version = mptcp_enabled = mptcp_checksum = '0'
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
mptcp_path_manager = mptcp_scheduler = mptcp_syn_retries = ''
if path.exists('/proc/sys/net/mptcp/mptcp_enabled'):
mptcp_enabled = os.popen('sysctl -n net.mptcp.mptcp_enabled').read().rstrip()
mptcp_checksum = os.popen('sysctl -n net.mptcp.mptcp_checksum').read().rstrip()
mptcp_path_manager = os.popen('sysctl -n net.mptcp.mptcp_path_manager').read().rstrip()
mptcp_scheduler = os.popen('sysctl -n net.mptcp.mptcp_scheduler').read().rstrip()
mptcp_syn_retries = os.popen('sysctl -n net.mptcp.mptcp_syn_retries').read().rstrip()
Add MPTCP version support
2022-07-14 19:33:27 +00:00
mptcp_version = os.popen('sysctl -n net.mptcp.mptcp_version').read().rstrip()
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
elif path.exists('/proc/sys/net/mptcp/enabled'):
mptcp_enabled = os.popen('sysctl -n net.mptcp.enabled').read().rstrip()
mptcp_checksum = os.popen('sysctl -n net.mptcp.checksum_enabled').read().rstrip()
Add MPTCP version support
2022-07-14 19:33:27 +00:00
mptcp_version = '1'
Add MPTCP support
2018-11-14 16:34:13 +00:00
congestion_control = os.popen('sysctl -n net.ipv4.tcp_congestion_control').read().rstrip()
Initial commit
2018-11-08 12:55:20 +00:00
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config... ipv6')
Fix and get IPv6 network from config file
2020-05-10 19:02:18 +00:00
if 'ipv6_network' in omr_config_data:
ipv6_network = omr_config_data['ipv6_network']
else:
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
ipv6_network = os.popen('ip -6 addr show ' + IFACE6 +' | grep -oP "(?<=inet6 ).*(?= scope global)"').read().rstrip()
Threaded and permanent session
2019-02-28 07:26:37 +00:00
#ipv6_addr = os.popen('wget -6 -qO- -T 2 ipv6.openmptcprouter.com').read().rstrip()
Fix and get IPv6 network from config file
2020-05-10 19:02:18 +00:00
if 'ipv6_addr' in omr_config_data:
ipv6_addr = omr_config_data['ipv6_addr']
else:
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
ipv6_addr = os.popen('ip -6 addr show ' + IFACE6 +' | grep -oP "(?<=inet6 ).*(?= scope global)" | cut -d/ -f1').read().rstrip()
Check IP other way
2019-07-25 06:25:12 +00:00
#ipv4_addr = os.popen('wget -4 -qO- -T 1 https://ip.openmptcprouter.com').read().rstrip()
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('get server IPv4')
Remove dig requirement
2023-09-10 07:26:32 +00:00
ipv4_addr = ''
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
if 'ipv4' in omr_config_data:
Fix
2020-03-27 19:09:24 +00:00
ipv4_addr = omr_config_data['ipv4']
Add case when no internet access available
2020-04-21 12:55:35 +00:00
elif 'internet' in omr_config_data and not omr_config_data['internet']:
ipv4_addr = os.popen('ip -4 addr show ' + IFACE +' | grep -oP "(?<=inet ).*(?= scope global)" | cut -d/ -f1').read().rstrip()
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
else:
Remove dig requirement
2023-09-10 07:26:32 +00:00
#ipv4_addr = os.popen("dig -4 TXT +timeout=2 +tries=1 +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'\"' '{ print $2}'").read().rstrip()
Fix firewall with multi IPs
2020-11-27 13:48:48 +00:00
if ipv4_addr == '':
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
ipv4_addr = os.popen('wget -4 -qO- -t 1 -T 1 http://ip.openmptcprouter.com').read().rstrip()
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
if ipv4_addr == '':
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
ipv4_addr = os.popen('wget -4 -qO- -t 1 -T 1 http://ifconfig.me').read().rstrip()
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
if ipv4_addr != '':
set_global_param('ipv4', ipv4_addr)
More info from the VPS
2018-11-21 09:00:00 +00:00
Add AES check on VPS
2019-06-15 18:31:01 +00:00
test_aes = os.popen('cat /proc/cpuinfo | grep aes').read().rstrip()
if test_aes == '':
vps_aes = False
else:
vps_aes = True
More info from the VPS
2018-11-21 09:00:00 +00:00
vps_kernel = os.popen('uname -r').read().rstrip()
vps_machine = os.popen('uname -m').read().rstrip()
Fix OMR VPS version when host is OpenMPTCProuter
2019-03-29 17:27:58 +00:00
vps_omr_version = os.popen("grep -s 'OpenMPTCProuter VPS' /etc/* | awk '{print $4}'").read().rstrip()
Add VPS load avg and uptime
2018-11-29 13:47:05 +00:00
vps_loadavg = os.popen("cat /proc/loadavg | awk '{print $1" "$2" "$3}'").read().rstrip()
vps_uptime = os.popen("cat /proc/uptime | awk '{print $1}'").read().rstrip()
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('get hostname')
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
if 'hostname' in omr_config_data:
Fix
2020-03-27 19:26:49 +00:00
vps_domain = omr_config_data['hostname']
Add case when no internet access available
2020-04-21 12:55:35 +00:00
elif 'internet' in omr_config_data and not omr_config_data['internet']:
vps_domain = ''
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
else:
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
vps_domain = os.popen('wget -4 -qO- -t 1 -T 1 http://hostname.openmptcprouter.com').read().rstrip()
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
if vps_domain != '':
set_global_param('hostname', vps_domain)
Check IP other way
2019-07-25 06:25:12 +00:00
#vps_domain = os.popen('dig -4 +short +times=3 +tries=1 -x ' + ipv4_addr + " | sed 's/\.$//'").read().rstrip()
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
user_permissions = current_user.permissions
Add license info and add a message when result is done
2018-11-16 13:14:08 +00:00
Get client IP via script and add a no internet access option
2020-04-22 16:00:07 +00:00
internet = True
if 'internet' in omr_config_data and not omr_config_data['internet']:
internet = False
Fix and better code
2020-03-03 12:49:23 +00:00
localip6 = ''
remoteip6 = ''
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
ula = ''
Add shorewall by user support
2020-01-20 20:05:40 +00:00
if userid == 0:
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
if os.path.isfile('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid)):
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid), "r") as omr6in4_file:
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
for line in omr6in4_file:
if 'LOCALIP6=' in line:
localip6 = line.replace(line[:9], '').rstrip()
if 'REMOTEIP6=' in line:
remoteip6 = line.replace(line[:10], '').rstrip()
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if 'ULA=' in line:
ula = line.replace(line[:4], '').rstrip()
Add shorewall by user support
2020-01-20 20:05:40 +00:00
else:
Revert to fe80 for 6in4
2020-05-22 09:09:04 +00:00
locaip6 = 'fe80::a00:1'
remoteip6 = 'fe80::a00:2'
Add shorewall by user support
2020-01-20 20:05:40 +00:00
Fix vpn initial setting
2020-02-24 09:27:15 +00:00
vpn = 'glorytun_tcp'
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if 'vpn' in omr_config_data['users'][0][username]:
vpn = omr_config_data['users'][0][username]['vpn']
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
status and config can be requested for any user by admin, add vpn traffic in status
2020-06-30 14:44:13 +00:00
vpn_traffic_rx = 0
vpn_traffic_tx = 0
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
if vpn == 'glorytun_tcp':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
vpn_traffic_rx = get_bytes('rx', 'gt-tun' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'gt-tun' + str(userid))
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
elif vpn == 'glorytun_udp':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
vpn_traffic_rx = get_bytes('rx', 'gt-udp-tun' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'gt-udp-tun' + str(userid))
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
elif vpn == 'mlvpn':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
vpn_traffic_rx = get_bytes('rx', 'mlvpn' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'mlvpn' + str(userid))
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
elif vpn == 'dsvpn':
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
vpn_traffic_rx = get_bytes('rx', 'dsvpn' + str(userid))
vpn_traffic_tx = get_bytes('tx', 'dsvpn' + str(userid))
Add vpn traffic for openvpn and openvpn bonding
2020-12-21 14:17:26 +00:00
elif vpn == 'openvpn':
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
#vpn_traffic_rx = get_bytes('rx', 'tun0')
#vpn_traffic_tx = get_bytes('tx', 'tun0')
vpn_txrx = get_bytes_openvpn(username)
vpn_traffic_rx = vpn_txrx['uplinkBytes']
vpn_traffic_tx = vpn_txrx['downlinkBytes']
Add vpn traffic for openvpn and openvpn bonding
2020-12-21 14:17:26 +00:00
elif vpn == 'openvpn_bonding':
vpn_traffic_rx = get_bytes('rx', 'omr-bonding')
vpn_traffic_tx = get_bytes('tx', 'omr-bonding')
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
#vpn = current_user.vpn
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
available_proxy = ["shadowsocks", "shadowsocks-go","v2ray","v2ray-vmess","v2ray-socks","v2ray-trojan","xray","xray-vless-reality","xray-vmess","xray-socks","xray-trojan","xray-shadowsocks"]
Fix client2client IPs
2020-03-05 14:02:20 +00:00
if user_permissions == 'ro':
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
del available_vpn
available_vpn = [vpn]
Add v2ray support
2020-08-10 18:49:47 +00:00
del available_proxy
available_proxy = [proxy]
Current VPN can be set by client
2019-06-24 16:14:16 +00:00
Add localvpn in API status answer, for future use
2024-01-26 15:12:35 +00:00
localvpn = ""
if os.popen('ip l | grep " vpn"').read().rstrip() != '':
localvpn = "vpn1"
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
alllanips = []
client2client = False
Fix and better code
2020-03-03 12:49:23 +00:00
if 'client2client' in omr_config_data and omr_config_data['client2client']:
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
client2client = True
for users in omr_config_data['users'][0]:
Fix vpn traffic and get username from userid
2020-06-30 15:02:02 +00:00
if 'lanips' in omr_config_data['users'][0][users] and users != username and omr_config_data['users'][0][users]['lanips'][0] not in alllanips:
Fix client2client IPs
2020-03-05 14:02:20 +00:00
alllanips.append(omr_config_data['users'][0][users]['lanips'][0])
Fix and add client2client info in config
2020-01-28 20:32:29 +00:00
Last changes
2018-11-14 14:10:42 +00:00
shorewall_redirect = "enable"
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/rules', 'r') as f:
Error if no parameters
2018-11-08 17:22:43 +00:00
for line in f:
if '#DNAT net vpn:$OMR_ADDR tcp 1-64999' in line:
Last changes
2018-11-14 14:10:42 +00:00
shorewall_redirect = "disable"
Fix and better code
2020-03-03 12:49:23 +00:00
LOG.debug('Get config: done')
Add localvpn in API status answer, for future use
2024-01-26 15:12:35 +00:00
return {'vps': {'kernel': vps_kernel, 'machine': vps_machine, 'omr_version': vps_omr_version, 'loadavg': vps_loadavg, 'uptime': vps_uptime, 'aes': vps_aes}, 'shadowsocks': {'traffic': ss_traffic, 'key': shadowsocks_key, 'port': shadowsocks_port, 'method': shadowsocks_method, 'fast_open': shadowsocks_fast_open, 'reuse_port': shadowsocks_reuse_port, 'no_delay': shadowsocks_no_delay, 'mptcp': shadowsocks_mptcp, 'ebpf': shadowsocks_ebpf, 'obfs': shadowsocks_obfs, 'obfs_plugin': shadowsocks_obfs_plugin, 'obfs_type': shadowsocks_obfs_type}, 'glorytun': {'key': glorytun_key, 'udp': {'host_ip': glorytun_udp_host_ip, 'client_ip': glorytun_udp_client_ip}, 'tcp': {'host_ip': glorytun_tcp_host_ip, 'client_ip': glorytun_tcp_client_ip}, 'port': glorytun_port, 'chacha': glorytun_chacha}, 'dsvpn': {'key': dsvpn_key, 'host_ip': dsvpn_host_ip, 'client_ip': dsvpn_client_ip, 'port': dsvpn_port}, 'openvpn': {'key': openvpn_key, 'client_key': openvpn_client_key, 'client_crt': openvpn_client_crt, 'client_ca': openvpn_client_ca, 'host_ip': openvpn_host_ip, 'client_ip': openvpn_client_ip, 'port': openvpn_port, 'cipher': openvpn_cipher},'wireguard': {'key': wireguard_key, 'host_ip': wireguard_host_ip, 'port': wireguard_port, 'client_key': wireguard_client_key, 'client_ip': wireguard_client_ip, 'client_port': wireguard_client_port}, 'mlvpn': {'key': mlvpn_key, 'host_ip': mlvpn_host_ip, 'client_ip': mlvpn_client_ip,'timeout': mlvpn_timeout,'reorder_buffer_size': mlvpn_reorder_buffer_size,'loss_tolerence': mlvpn_loss_tolerence,'cleartext_data': mlvpn_cleartext_data}, 'shorewall': {'redirect_ports': shorewall_redirect}, 'mptcp': {'enabled': mptcp_enabled, 'checksum': mptcp_checksum, 'path_manager': mptcp_path_manager, 'scheduler': mptcp_scheduler, 'syn_retries': mptcp_syn_retries, 'version': mptcp_version}, 'network': {'congestion_control': congestion_control, 'ipv6_network': ipv6_network, 'ipv6': ipv6_addr, 'ipv4': ipv4_addr, 'domain': vps_domain, 'internet': internet}, 'vpn': {'available': available_vpn, 'current': vpn, 'remoteip': vpn_remote_ip, 'localip': vpn_local_ip, 'rx': vpn_traffic_rx, 'tx': vpn_traffic_tx}, 'iperf': {'user': 'openmptcprouter', 'password': 'openmptcprouter', 'key': iperf3_key}, 'pihole': {'state': pihole}, 'user': {'name': username, 'permission': user_permissions}, 'ip6in4': {'localip': localip6, 'remoteip': remoteip6, 'ula': ula}, 'client2client': {'enabled': client2client, 'lanips': alllanips}, 'gre_tunnel': {'enabled': gre_tunnel, 'config': gre_tunnel_conf}, 'v2ray': {'enabled': v2ray, 'config': v2ray_conf, 'tx': v2ray_tx, 'rx': v2ray_rx},'xray': {'enabled': xray, 'config': xray_conf, 'tx': xray_tx, 'rx': xray_rx},'shadowsocks_go': {'enabled': shadowsocks_go, 'config': shadowsocks_go_conf,'tx': ss_go_tx, 'rx': ss_go_rx}, 'proxy': {'available': available_proxy, 'current': proxy}, 'localvpn': vpn1}
Initial commit
2018-11-08 12:55:20 +00:00
# Set shadowsocks config
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
class OBFSPLUGIN(str, Enum):
v2ray = "v2ray"
obfs = "obfs"
class OBFSTYPE(str, Enum):
tls = "tls"
http = "http"
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class ShadowsocksConfigparams(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
port: int = Query(..., gt=0, lt=65535)
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
method: str
Some fix for shadowsocks
2019-11-24 18:48:22 +00:00
fast_open: bool
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
reuse_port: bool
no_delay: bool
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
mptcp: bool = Query(True, title="Enable/Disable MPTCP support")
obfs: bool = Query(False, title="Enable/Disable obfuscation support")
obfs_plugin: OBFSPLUGIN = Query("v2ray", title="Choose obfuscation plugin")
obfs_type: OBFSTYPE = Query("tls", title="Choose obfuscation method")
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
key: str
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/shadowsocks', summary="Modify Shadowsocks-libev configuration")
Fix and better code
2020-03-03 12:49:23 +00:00
def shadowsocks(*, params: ShadowsocksConfigparams, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shadowsocks'}
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
ipv6_network = os.popen('ip -6 addr show ' + IFACE6 +' | grep -oP "(?<=inet6 ).*(?= scope global)"').read().rstrip()
Fix shadowsocks change key
2020-10-28 16:47:50 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/manager.json', 'rb'))).hexdigest()
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
with open('/etc/shadowsocks-libev/manager.json') as f:
Fix https://github.com/Ysurac/openmptcprouter/issues/229
2018-11-29 21:43:02 +00:00
content = f.read()
Some fixes
2020-03-03 13:06:18 +00:00
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
try:
data = json.loads(content)
except ValueError as e:
data = {'timeout': 600, 'verbose': 0, 'prefer_ipv6': False}
Fix https://github.com/Ysurac/openmptcprouter/issues/229
2018-11-29 21:43:02 +00:00
#key = data["key"]
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
if 'timeout' in data:
timeout = data["timeout"]
Fix https://github.com/Ysurac/openmptcprouter/issues/230
2018-11-29 22:14:23 +00:00
if 'verbose' in data:
verbose = data["verbose"]
else:
verbose = 0
Initial commit
2018-11-08 12:55:20 +00:00
prefer_ipv6 = data["prefer_ipv6"]
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
port = params.port
method = params.method
fast_open = params.fast_open
reuse_port = params.reuse_port
no_delay = params.no_delay
mptcp = params.mptcp
obfs = params.obfs
obfs_plugin = params.obfs_plugin
obfs_type = params.obfs_type
Some fix for shadowsocks
2019-11-24 18:48:22 +00:00
ebpf = 0
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
key = params.key
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if 'port_key' in data:
portkey = data["port_key"]
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
portkey[str(port)] = key
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if 'port_conf' in data:
portconf = data["port_conf"]
Some fixes for gre_tunnel
2020-06-21 07:06:52 +00:00
portconf[str(port)]['key'] = key
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
modif_config_user(current_user.username, {'shadowsocks_port': port})
Get hostname from config
2020-04-01 19:17:31 +00:00
userid = current_user.userid
if userid is None:
userid = 0
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
Try to define an ACL
2019-08-29 20:39:22 +00:00
#ipv4_addr = os.popen('wget -4 -qO- -T 2 http://ip.openmptcprouter.com').read().rstrip()
Get hostname from config
2020-04-01 19:17:31 +00:00
if 'hostname' in omr_config_data:
vps_domain = omr_config_data['hostname']
else:
Fix global settings and hostname retrieve
2023-11-28 10:36:28 +00:00
vps_domain = os.popen('wget -4 -qO- -t 1 -T 1 http://hostname.openmptcprouter.com').read().rstrip()
Get hostname from config
2020-04-01 19:17:31 +00:00
if vps_domain != '':
set_global_param('hostname', vps_domain)
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
fix bytes encode
2019-01-06 17:53:06 +00:00
if port is None or method is None or fast_open is None or reuse_port is None or no_delay is None or key is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shadowsocks'}
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if 'port_key' in data:
if ipv6_network == '':
if obfs:
if obfs_plugin == "v2ray":
if obfs_type == "tls":
if vps_domain == '':
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls'}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls;host=' + vps_domain}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server'}
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if obfs_type == 'tls':
if vps_domain == '':
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400;host=' + vps_domain}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
Add v2ray plugin support
2019-01-25 19:43:49 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '0.0.0.0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl'}
else:
if obfs:
if obfs_plugin == "v2ray":
if obfs_type == "tls":
if vps_domain == '':
shadowsocks_config = {'server': '::0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls'}
else:
shadowsocks_config = {'server': '::0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls;host=' + vps_domain}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '::0', 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server'}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if obfs_type == 'tls':
if vps_domain == '':
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400;host=' + vps_domain}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_key': portkey, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl'}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if ipv6_network == '':
if obfs:
if obfs_plugin == "v2ray":
if obfs_type == "tls":
if vps_domain == '':
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls'}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls;host=' + vps_domain}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server'}
Open shorewall port via omr-admin
2019-04-18 19:09:26 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if obfs_type == 'tls':
if vps_domain == '':
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400;host=' + vps_domain}
else:
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
Add v2ray plugin support
2019-01-25 19:43:49 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '0.0.0.0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl'}
else:
if obfs:
if obfs_plugin == "v2ray":
if obfs_type == "tls":
if vps_domain == '':
shadowsocks_config = {'server': '::0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls'}
else:
shadowsocks_config = {'server': '::0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server;tls;host=' + vps_domain}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
shadowsocks_config = {'server': '::0', 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/v2ray-plugin', 'plugin_opts': 'server'}
Fix
2019-12-17 18:10:09 +00:00
else:
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
if obfs_type == 'tls':
if vps_domain == '':
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=tls;mptcp;fast-open;t=400;host=' + vps_domain}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl', 'plugin': '/usr/local/bin/obfs-server', 'plugin_opts': 'obfs=http;mptcp;fast-open;t=400'}
else:
shadowsocks_config = {'server': ('[::0]', '0.0.0.0'), 'port_conf': portconf, 'local_port': 1081, 'mode': 'tcp_and_udp', 'timeout': timeout, 'method': method, 'verbose': verbose, 'ipv6_first': True, 'prefer_ipv6': prefer_ipv6, 'fast_open': fast_open, 'no_delay': no_delay, 'reuse_port': reuse_port, 'mptcp': mptcp, 'ebpf': ebpf, 'acl': '/etc/shadowsocks-libev/local.acl'}
Initial commit
2018-11-08 12:55:20 +00:00
Fix shadowsocks change key
2020-10-28 16:47:50 +00:00
with open('/etc/shadowsocks-libev/manager.json', 'w') as outfile:
json.dump(shadowsocks_config, outfile, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/manager.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
Use shadowsocks-manager
2019-11-16 19:49:26 +00:00
os.system("systemctl restart shadowsocks-libev-manager@manager.service")
Fix
2020-03-07 21:57:11 +00:00
#for x in range(1, os.cpu_count()):
# os.system("systemctl restart shadowsocks-libev-manager@manager" + str(x) + ".service")
Fix and better code
2020-03-03 12:49:23 +00:00
shorewall_add_port(current_user, str(port), 'tcp', 'shadowsocks')
shorewall_add_port(current_user, str(port), 'udp', 'shadowsocks')
Add lastchange support
2019-08-12 14:43:05 +00:00
set_lastchange()
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'shadowsocks'}
Initial commit
2018-11-08 12:55:20 +00:00
else:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'no changes', 'route': 'shadowsocks'}
Initial commit
2018-11-08 12:55:20 +00:00
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
class ShadowsocksGoConfigparams(BaseModel):
port: int = Query(..., gt=0, lt=65535)
method: str
fast_open: bool
reuse_port: bool
mptcp: bool = Query(True, title="Enable/Disable MPTCP support")
#key: str
@app.post('/shadowsocks-go', summary="Modify Shadowsocks-Go configuration")
def shadowsocks_go(*, params: ShadowsocksGoConfigparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
set_lastchange(10)
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shadowsocks-go'}
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-go/server.json', 'rb'))).hexdigest()
with open('/etc/shadowsocks-go/server.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
try:
data = json.loads(content)
except ValueError as e:
return {'result': 'error', 'reason': 'Read only user', 'route': 'shadowsocks-go'}
port = params.port
Add function to get bypassed IPs
2023-12-28 18:49:59 +00:00
# If method is aes 128 then key need to be length 16 instead of 32, so force aes-256-gcm for now
#method = params.method
method = "2022-blake3-aes-256-gcm"
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
fast_open = params.fast_open
reuse_port = params.reuse_port
mptcp = params.mptcp
#key = params.key
modif_config_user(current_user.username, {'shadowsocks-go_port': port})
userid = current_user.userid
if userid is None:
userid = 0
data["servers"][0]["tcpListeners"][0]["address"] = ":" + str(port)
data["servers"][0]["tcpListeners"][0]["fastOpen"] = fast_open
data["servers"][0]["listenerTFO"] = fast_open
data["servers"][0]["tcpListeners"][0]["reusePort"] = reuse_port
data["servers"][0]["tcpListeners"][0]["multipath"] = mptcp
data["servers"][0]["protocol"] = method
#data.servers[0].psk = key
with open('/etc/shadowsocks-go/server.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-go/server.json', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl restart shadowsocks-go.service")
shorewall_add_port(current_user, str(port), 'tcp', 'shadowsocks-go')
shorewall_add_port(current_user, str(port), 'udp', 'shadowsocks-go')
set_lastchange()
return {'result': 'done', 'reason': 'changes applied', 'route': 'shadowsocks-go'}
else:
return {'result': 'done', 'reason': 'no changes', 'route': 'shadowsocks-go'}
Add shorewall settings change
2018-11-08 17:05:34 +00:00
# Set shorewall config
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
class IPPROTO(str, Enum):
ipv4 = "ipv4"
ipv6 = "ipv6"
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class ShorewallAllparams(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
redirect_ports: str = Query(..., title="Port or ports range")
ipproto: IPPROTO = Query("ipv4", title="Protocol IP to apply changes")
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/shorewall', summary="Redirect all ports from Server to router")
Fix and better code
2020-03-03 12:49:23 +00:00
def shorewall(*, params: ShorewallAllparams, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shorewall'}
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
state = params.redirect_ports
fix bytes encode
2019-01-06 17:53:06 +00:00
if state is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewall'}
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if params.ipproto == 'ipv4':
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/rules', 'r') as f, open(tmpfile, 'a+') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
if state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
n.write(line.replace(line[:1], ''))
elif state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR udp 1-64999\n':
n.write(line.replace(line[:1], ''))
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
n.write('#' + line)
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR udp 1-64999\n':
n.write('#' + line)
else:
n.write(line)
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall/rules')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/rules', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q reload shorewall")
else:
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall6/rules', 'r') as f, open(tmpfile, 'a+') as n:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
if state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
n.write(line.replace(line[:1], ''))
elif state == 'enable' and line == '#DNAT net vpn:$OMR_ADDR udp 1-64999\n':
n.write(line.replace(line[:1], ''))
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR tcp 1-64999\n':
n.write('#' + line)
elif state == 'disable' and line == 'DNAT net vpn:$OMR_ADDR udp 1-64999\n':
n.write('#' + line)
else:
n.write(line)
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall6/rules')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/rules', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
os.system("systemctl -q reload shorewall6")
Add shorewall settings change
2018-11-08 17:05:34 +00:00
# Need to do the same for IPv6...
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Add shorewall settings change
2018-11-08 17:05:34 +00:00
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class ShorewallListparams(BaseModel):
name: str
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
ipproto: IPPROTO = Query("ipv4", title="Protocol IP to list")
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/shorewalllist', summary="Display all OpenMPTCProuter rules in Shorewall config")
Fix and better code
2020-03-03 12:49:23 +00:00
def shorewall_list(*, params: ShorewallListparams, current_user: User = Depends(get_current_user)):
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
name = params.name
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
if name is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewalllist'}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
fwlist = []
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if params.ipproto == 'ipv4':
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/rules', 'r') as f:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
Fix get shorewall rules
2020-03-09 14:52:15 +00:00
if '# OMR ' + current_user.username + ' ' + name in line:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
fwlist.append(line)
else:
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall6/rules', 'r') as f:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
for line in f:
Fix get shorewall rules
2020-03-09 14:52:15 +00:00
if '# OMR ' + current_user.username + ' ' + name in line:
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
fwlist.append(line)
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'list': fwlist}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class Shorewallparams(BaseModel):
name: str
Fix
2019-12-17 18:10:09 +00:00
port: str
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
proto: str
fwtype: str
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
ipproto: IPPROTO = Query("ipv4", title="Protocol IP for changes")
Add source destination IP support
2020-06-15 13:53:03 +00:00
source_dip: str = ""
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
source_ip: str = ""
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
comment: str = ""
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/shorewallopen', summary="Redirect a port from Server to Router")
Fix and better code
2020-03-03 12:49:23 +00:00
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shorewallopen'}
Use gre tunnel when redirecting from a public IP
2020-09-29 13:41:48 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
name = params.name
port = params.port
proto = params.proto
fwtype = params.fwtype
Add source destination IP support
2020-06-15 13:53:03 +00:00
source_dip = params.source_dip
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
source_ip = params.source_ip
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
comment = params.comment
if comment != '':
comment = ' --- ' + comment
Use gre tunnel when redirecting from a public IP
2020-09-29 13:41:48 +00:00
vpn = "default"
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
username = current_user.username
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
if name is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
#proxy = 'shadowsocks'
#if 'proxy' in omr_config_data['users'][0][username]:
# proxy = omr_config_data['users'][0][username]['proxy']
#if proxy == 'v2ray':
# v2ray_add_port(current_user, str(port), proto, name)
# fwtype = 'ACCEPT'
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if params.ipproto == 'ipv4':
Use gre tunnel when redirecting from a public IP
2020-09-29 13:41:48 +00:00
if 'gre_tunnels' in omr_config_data['users'][0][current_user.username]:
for tunnel in omr_config_data['users'][0][current_user.username]['gre_tunnels']:
if omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['public_ip'] == source_dip:
vpn = omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['remote_ip']
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, vpn, comment)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
else:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, comment)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/shorewallclose', summary="Remove a redirected port")
Fix and better code
2020-03-03 12:49:23 +00:00
def shorewall_close(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shorewallclose'}
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
name = params.name
port = params.port
proto = params.proto
fwtype = params.fwtype
Add source destination IP support
2020-06-15 13:53:03 +00:00
source_dip = params.source_dip
Add source ip support and fix remove shorewall rule
2020-07-25 14:16:55 +00:00
source_ip = params.source_ip
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
comment = params.comment
if comment != '':
comment = ' --- ' + comment
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
if name is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallclose'}
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
#v2ray_del_port(current_user.username, str(port), proto, name)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
if params.ipproto == 'ipv4':
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
shorewall_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip, comment)
shorewall_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip, comment)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
else:
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
shorewall6_del_port(current_user.username, str(port), proto, name, 'DNAT', source_dip, source_ip, comment)
shorewall6_del_port(current_user.username, str(port), proto, name, 'ACCEPT', source_dip, source_ip, comment)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'shorewallclose'}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
class SipALGparams(BaseModel):
Fix typo
2022-05-17 18:39:44 +00:00
enable: bool = Query(True, title="Enable or disable SIP ALG")
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
@app.post('/sipalg', summary="Enable/Disable SIP ALG")
def sipalg(*, params: SipALGparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'sipalg'}
enable = params.enable
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/shorewall.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/shorewall/shorewall.conf', 'r') as f, open(tmpfile, 'a+') as n:
for line in f:
Fix sipalg
2022-05-18 07:15:48 +00:00
if not enable and line == 'DONT_LOAD=\n':
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
n.write('DONT_LOAD=nf_conntrack_sip\n')
Fix sipalg
2022-05-18 07:15:48 +00:00
elif not enable and line == 'AUTOHELPERS=Yes\n':
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
n.write('AUTOHELPERS=No\n')
Update
2022-08-26 22:02:39 +00:00
elif enable and 'DONT_LOAD' in line and line != 'DONT_LOAD=\n':
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
n.write('DONT_LOAD=\n')
Fix sipalg
2022-05-18 07:15:48 +00:00
elif enable and line == 'AUTOHELPERS=No\n':
Add option to enable/disable sip ALG
2022-05-17 10:16:39 +00:00
n.write('AUTOHELPERS=Yes\n')
else:
n.write(line)
os.close(fd)
move(tmpfile, '/etc/shorewall/shorewall.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/shorewall.conf', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q reload shorewall")
return {'result': 'done', 'reason': 'changes applied', 'route': 'sipalg'}
Allow v2ray userid change via API
2020-11-02 19:39:18 +00:00
class V2rayconfig(BaseModel):
userid: str
@app.post('/v2ray', summary="Set v2ray settings")
def v2ray(*, params: V2rayconfig, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'v2rayredirect'}
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
#with open('/etc/v2ray/v2ray-server.json') as f:
# v2ray_config = json.load(f)
#v2ruserid = params.userid
#for inbounds in v2ray_config['inbounds']:
# if inbounds['tag'] == 'omrin-tunnel':
# inbounds['settings']['clients'][0]['id'] = v2ruserid
#with open('/etc/v2ray/v2ray-server.json', 'w') as outfile:
# json.dump(v2ray_config, outfile, indent=4)
Simplify v2ray key change code
2020-11-10 14:05:53 +00:00
username = current_user.username
Allow v2ray userid change via API
2020-11-02 19:39:18 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/v2ray/v2ray-server.json', 'rb'))).hexdigest()
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
v2ray_key = os.popen("jq -r '.inbounds[0].settings.clients[] | select(.email=" + '"' + username + '"' + ") | .id' /etc/v2ray/v2ray-server.json").read().rstrip()
Fix v2ray key change
2020-11-10 14:02:02 +00:00
v2ray_port = os.popen('jq -r .inbounds[0].port /etc/v2ray/v2ray-server.json').read().rstrip()
v2ray_conf = { 'key': v2ray_key, 'port': v2ray_port}
modif_config_user(username, {'v2ray': v2ray_conf})
Allow v2ray userid change via API
2020-11-02 19:39:18 +00:00
if initial_md5 != final_md5:
os.system("systemctl restart v2ray")
set_lastchange()
return {'result': 'done', 'reason': 'changes applied', 'route': 'v2ray'}
else:
return {'result': 'done', 'reason': 'no changes', 'route': 'v2ray'}
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
class Xrayconfig(BaseModel):
userid: str
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
vless_reality: bool = Query(False, title="Enable or disable VLESS Reality")
Add XRay Shadowsocks method changes
2023-12-14 16:31:00 +00:00
ss_method: str = "2022-blake3-aes-256-gcm"
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
@app.post('/xray', summary="Set xray settings")
def xray(*, params: Xrayconfig, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'xrayredirect'}
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
test_vless_reality = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-vless-reality' + '"' + ")' /etc/xray/xray-server.json").read().rstrip()
if test_vless_reality != '':
chk_vless_reality = True
else:
chk_vless_reality = False
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
with open('/etc/xray/xray-server.json') as f:
xray_config = json.load(f)
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
if params.vless_reality and not chk_vless_reality:
with open('/etc/xray/xray-vless-reality.json') as f:
vless_reality_config = json.load(f)
xray_config['inbounds'].append(vless_reality_config['inbounds'][0])
elif not params.vless_reality and chk_vless_reality:
for inbounds in xray_config['inbounds']:
if inbounds['tag'] == 'omrin-vless-reality':
xray_config['inbounds'].remove(inbounds)
Add XRay Shadowsocks method changes
2023-12-14 16:31:00 +00:00
for inbounds in xray_config['inbounds']:
if inbounds['tag'] == 'omrin-shadowsocks-tunnel':
inbounds['settings']['method'] = params.ss_method
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
with open('/etc/xray/xray-server.json', 'w') as outfile:
json.dump(xray_config, outfile, indent=4)
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
#with open('/etc/xray/xray-server.json') as f:
# xray_config = json.load(f)
#xruserid = params.userid
#for inbounds in xray_config['inbounds']:
# if inbounds['tag'] == 'omrin-tunnel':
# inbounds['settings']['clients'][0]['id'] = xruserid
#with open('/etc/xray/xray-server.json', 'w') as outfile:
# json.dump(xray_config, outfile, indent=4)
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
username = current_user.username
final_md5 = hashlib.md5(file_as_bytes(open('/etc/xray/xray-server.json', 'rb'))).hexdigest()
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
xray_key = os.popen("jq -r '.inbounds[0].settings.clients[] | select(.email=" + '"' + username + '"' + ") | .id' /etc/xray/xray-server.json").read().rstrip()
xray_ss_skey = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-shadowsocks-tunnel' + '"' + ") | .settings.password' /etc/xray/xray-server.json").read().rstrip()
xray_ss_ukey = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-shadowsocks-tunnel' + '"' + ") | .settings.clients[] | select(.email=" + '"' + username + '"' + ") | .password' /etc/xray/xray-server.json").read().rstrip()
xray_ss_key = xray_ss_skey + ':' + xray_ss_ukey
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
xray_port = os.popen('jq -r .inbounds[0].port /etc/xray/xray-server.json').read().rstrip()
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
test_vless_reality = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-vless-reality' + '"' + ")' /etc/xray/xray-server.json").read().rstrip()
if test_vless_reality != '':
vless_reality = True
else:
vless_reality = False
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
if os.path.isfile('/etc/xray/xray-vless-reality.json'):
xray_vless_reality_public_key = os.popen("jq -r '.inbounds[] | select(.tag==" + '"' + 'omrin-vless-reality' + '"' + ") | .streamSettings.realitySettings.publicKey' /etc/xray/xray-vless-reality.json").read().rstrip()
Add XRay Shadowsocks method changes
2023-12-14 16:31:00 +00:00
xray_conf = { 'key': xray_key, 'port': xray_port, 'sskey': xray_ss_key, 'vless_reality_key': xray_vless_reality_public_key, 'vless_reality': vless_reality, 'ss_method': params.ss_method }
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
modif_config_user(username, {'xray': xray_conf})
if initial_md5 != final_md5:
Add XRay VLESS Reality protocol support
2023-10-17 13:17:22 +00:00
if params.vless_reality and not chk_vless_reality:
shorewall_add_port(current_user, '443', 'tcp', 'xray vless-reality')
elif not params.vless_reality and chk_vless_reality:
shorewall_del_port(current_user.username, '443', 'tcp', 'xray vless-reality')
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
os.system("systemctl restart xray")
set_lastchange()
return {'result': 'done', 'reason': 'changes applied', 'route': 'xray'}
else:
return {'result': 'done', 'reason': 'no changes', 'route': 'xray'}
Allow v2ray userid change via API
2020-11-02 19:39:18 +00:00
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
class V2rayparams(BaseModel):
name: str
port: str
proto: str
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
destip: str = ""
destport: str = ""
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
@app.post('/v2rayredirect', summary="Redirect a port from Server to Router with V2Ray")
def v2ray_redirect(*, params: V2rayparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'v2rayredirect'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
name = params.name
port = params.port
proto = params.proto
destip = params.destip
Add port destination option for v2ray
2020-10-20 18:01:10 +00:00
destport = params.destport
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
username = current_user.username
if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'v2rayredirect'}
Add port destination option for v2ray
2020-10-20 18:01:10 +00:00
v2ray_add_port(current_user, port, proto, name, destip, destport)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
class Xrayparams(BaseModel):
name: str
port: str
proto: str
destip: str = ""
destport: str = ""
@app.post('/xrayredirect', summary="Redirect a port from Server to Router with XRay")
def xray_redirect(*, params: Xrayparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'xrayredirect'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
name = params.name
port = params.port
proto = params.proto
destip = params.destip
destport = params.destport
username = current_user.username
if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'xrayredirect'}
xray_add_port(current_user, port, proto, name, destip, destport)
return {'result': 'done', 'reason': 'changes applied'}
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
@app.post('/v2rayunredirect', summary="Remove a redirected port from Server to Router with V2Ray")
def v2ray_unredirect(*, params: V2rayparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'v2rayredirect'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
name = params.name
port = params.port
proto = params.proto
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
destip = params.destip
destport = params.destport
Add release note
2022-07-08 18:11:59 +00:00
username = current_user.username
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'v2rayunredirect'}
Add changes needed for V2Ray firewall rules modifications
2022-07-11 18:21:16 +00:00
v2ray_del_port(current_user, port, proto, name, destip, destport)
Add V2Ray forward support
2020-10-19 14:49:27 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
@app.post('/xrayunredirect', summary="Remove a redirected port from Server to Router with XRay")
def xray_unredirect(*, params: Xrayparams, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'xrayredirect'}
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
try:
omr_config_data = json.load(f)
except ValueError as e:
omr_config_data = {}
name = params.name
port = params.port
proto = params.proto
destip = params.destip
destport = params.destport
username = current_user.username
if name is None:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'xrayunredirect'}
xray_del_port(current_user, port, proto, name, destip, destport)
return {'result': 'done', 'reason': 'changes applied'}
Add MPTCP support
2018-11-14 16:34:13 +00:00
# Set MPTCP config
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class MPTCPparams(BaseModel):
checksum: str
path_manager: str
scheduler: str
syn_retries: int
congestion_control: str
Add MPTCP version support
2022-07-14 19:33:27 +00:00
version: int = 0
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/mptcp', summary="Modify MPTCP configuration of the server")
Fix and better code
2020-03-03 12:49:23 +00:00
def mptcp(*, params: MPTCPparams, current_user: User = Depends(get_current_user)):
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
if current_user.permissions == "ro":
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'mptcp'}
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
checksum = params.checksum
path_manager = params.path_manager
scheduler = params.scheduler
syn_retries = params.syn_retries
congestion_control = params.congestion_control
Add MPTCP version support
2022-07-14 19:33:27 +00:00
version = params.version
Use not instead of none for sysctl
2019-01-06 18:00:45 +00:00
if not checksum or not path_manager or not scheduler or not syn_retries or not congestion_control:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'mptcp'}
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
if path.exists('/proc/sys/net/mptcp/mptcp_enabled'):
os.system('sysctl -qw net.mptcp.mptcp_checksum=' + checksum)
os.system('sysctl -qw net.mptcp.mptcp_path_manager=' + path_manager)
os.system('sysctl -qw net.mptcp.mptcp_scheduler=' + scheduler)
os.system('sysctl -qw net.mptcp.mptcp_syn_retries=' + str(syn_retries))
Add MPTCP version support
2022-07-14 19:33:27 +00:00
os.system('sysctl -qw net.mptcp.mptcp_version=' + str(version))
Add changes for MPTCP upstream support
2021-09-01 15:44:58 +00:00
else:
os.system('sysctl -qw net.mptcp.checksum_enabled=' + checksum)
Less verbose script
2018-12-28 07:55:46 +00:00
os.system('sysctl -qw net.ipv4.tcp_congestion_control=' + congestion_control)
Add MPTCP version support
2022-07-14 19:33:27 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/sysctl.d/90-shadowsocks.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
with open('/etc/sysctl.d/90-shadowsocks.conf', 'r') as f, open(tmpfile, 'a+') as n:
for line in f:
if not 'net.mptcp' in line and not 'net.ipv4.tcp_congestion_control' in line:
n.write(line)
Fix line ending for MPTCP settings
2022-07-15 05:34:57 +00:00
n.write('net.mptcp.mptcp_checksum=' + checksum + "\n")
n.write('net.mptcp.mptcp_path_manager=' + path_manager + "\n")
n.write('net.mptcp.mptcp_scheduler=' + scheduler + "\n")
n.write('net.mptcp.mptcp_syn_retries=' + str(syn_retries) + "\n")
n.write('net.mptcp.mptcp_version=' + str(version) + "\n")
n.write('net.mptcp.checksum_enabled=' + checksum + "\n")
n.write('net.ipv4.tcp_congestion_control=' + congestion_control + "\n")
Add MPTCP version support
2022-07-14 19:33:27 +00:00
os.close(fd)
move(tmpfile, '/etc/sysctl.d/90-shadowsocks.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/sysctl.d/90-shadowsocks.conf', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart shadowsocks-libev-manager@manager")
os.system("systemctl -q restart v2ray")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
os.system("systemctl -q restart xray")
Add MPTCP version support
2022-07-14 19:33:27 +00:00
os.system("systemctl -q restart glorytun-tcp@tun0")
os.system("systemctl -q restart openvpn@tun0")
Add lastchange support
2019-08-12 14:43:05 +00:00
set_lastchange()
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
class VPN(str, Enum):
openvpn = "openvpn"
Add OpenVPN bonding support
2020-12-11 20:40:39 +00:00
openvpnbonding = "openvpn_bonding"
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
glorytuntcp = "glorytun_tcp"
glorytunudp = "glorytun_udp"
dsvpn = "dsvpn"
Get v2ray traffic and proxy choice support
2020-08-20 18:31:29 +00:00
mlvpn = "mlvpn"
none = "none"
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
class Vpn(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
vpn: VPN
Add MPTCP support
2018-11-14 16:34:13 +00:00
Current VPN can be set by client
2019-06-24 16:14:16 +00:00
# Set global VPN config
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/vpn', summary="Set VPN used by the current user")
Fix and better code
2020-03-03 12:49:23 +00:00
def vpn(*, vpnconfig: Vpn, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'vpn'}
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
vpn = vpnconfig.vpn
Current VPN can be set by client
2019-06-24 16:14:16 +00:00
if not vpn:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'vpn'}
Current VPN can be set by client
2019-06-24 16:14:16 +00:00
os.system('echo ' + vpn + ' > /etc/openmptcprouter-vps-admin/current-vpn')
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
modif_config_user(current_user.username, {'vpn': vpn})
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
current_user.vpn = vpn
Add lastchange support
2019-08-12 14:43:05 +00:00
set_lastchange()
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'done', 'reason': 'changes applied'}
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
Add v2ray support
2020-08-10 18:49:47 +00:00
class PROXY(str, Enum):
v2ray = "v2ray"
Fix Proxy setting
2023-10-04 13:33:36 +00:00
v2rayvless = "v2ray-vless"
v2rayvmess = "v2ray-vmess"
v2raysocks = "v2ray-socks"
v2raytrojan = "v2ray-trojan"
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
xray = "xray"
Fix Proxy setting
2023-10-04 13:33:36 +00:00
xrayvless = "xray-vless"
xrayvmess = "xray-vmess"
xraysocks = "xray-socks"
xraytrojan = "xray-trojan"
xrayshadowsocks = "xray-shadowsocks"
Add v2ray support
2020-08-10 18:49:47 +00:00
shadowsockslibev = "shadowsocks"
Fix Proxy setting
2023-10-04 13:33:36 +00:00
shadowsocksgo = "shadowsocks-go"
shadowsocksrust = "shadowsocks-rust"
Add v2ray support
2020-08-10 18:49:47 +00:00
none = "none"
class Proxy(BaseModel):
proxy: PROXY
# Set global Proxy config
@app.post('/proxy', summary="Set Proxy used by the current user")
def proxy(*, proxyconfig: Proxy, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
set_lastchange(10)
return {'result': 'permission', 'reason': 'Read only user', 'route': 'proxy'}
Get v2ray traffic and proxy choice support
2020-08-20 18:31:29 +00:00
proxy = proxyconfig.proxy
Add v2ray support
2020-08-10 18:49:47 +00:00
if not proxy:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'proxy'}
os.system('echo ' + proxy + ' > /etc/openmptcprouter-vps-admin/current-proxy')
modif_config_user(current_user.username, {'proxy': proxy})
Fix v2ray stats
2020-09-11 18:58:38 +00:00
#current_user.proxy = proxy
Add v2ray support
2020-08-10 18:49:47 +00:00
set_lastchange()
return {'result': 'done', 'reason': 'changes applied'}
Current VPN can be set by client
2019-06-24 16:14:16 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
class GlorytunConfig(BaseModel):
key: str
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
port: int = Query(..., gt=0, lt=65535, title="Glorytun TCP and UDP port")
Add upload speedtest and replace deprecated regex by pattern
2023-08-07 17:18:44 +00:00
chacha: bool = Query(True, title="Enable of disable chacha20, if disable AES is used")
Add MPTCP support
2018-11-14 16:34:13 +00:00
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
# Set Glorytun config
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/glorytun', summary="Modify Glorytun configuration")
Fix and better code
2020-03-03 12:49:23 +00:00
def glorytun(*, glorytunconfig: GlorytunConfig, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'glorytun'}
Various fixes
2020-01-10 19:50:06 +00:00
userid = current_user.userid
Add case when no internet access available
2020-04-21 12:55:35 +00:00
if userid is None:
Various fixes
2020-01-10 19:50:06 +00:00
userid = 0
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
key = glorytunconfig.key
port = glorytunconfig.port
chacha = glorytunconfig.chacha
Various fixes
2020-01-10 19:50:06 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-tcp/tun' + str(userid), 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-tcp/tun' + str(userid) + '.key', 'w') as outfile:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
outfile.write(key)
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-udp/tun' + str(userid) + '.key', 'w') as outfile:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
outfile.write(key)
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-tcp/tun' + str(userid), 'r') as f, open(tmpfile, 'a+') as n:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
for line in f:
if 'PORT=' in line:
n.write('PORT=' + str(port) + '\n')
Add glorytun chacha20 status and setting
2019-05-23 19:55:49 +00:00
elif 'OPTIONS=' in line:
if chacha:
n.write('OPTIONS="chacha20 retry count -1 const 5000000 timeout 90000 keepalive count 5 idle 10 interval 2 buffer-size 65536 multiqueue"\n')
else:
n.write('OPTIONS="retry count -1 const 5000000 timeout 90000 keepalive count 5 idle 10 interval 2 buffer-size 65536 multiqueue"\n')
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
else:
n.write(line)
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/glorytun-tcp/tun' + str(userid))
Various fixes
2020-01-10 19:50:06 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-tcp/tun' + str(userid), 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Various fixes
2020-01-10 19:50:06 +00:00
os.system("systemctl -q restart glorytun-tcp@tun" + str(userid))
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun' + str(userid), 'rb'))).hexdigest()
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/glorytun-udp/tun' + str(userid), 'r') as f, open(tmpfile, 'a+') as n:
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
for line in f:
if 'BIND_PORT=' in line:
n.write('BIND_PORT=' + str(port) + '\n')
Add glorytun chacha20 status and setting
2019-05-23 19:55:49 +00:00
elif 'OPTIONS=' in line:
if chacha:
n.write('OPTIONS="chacha persist"\n')
else:
n.write('OPTIONS="persist"\n')
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
else:
n.write(line)
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/glorytun-udp/tun' + str(userid))
Various fixes
2020-01-10 19:50:06 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/glorytun-udp/tun' + str(userid), 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Various fixes
2020-01-10 19:50:06 +00:00
os.system("systemctl -q restart glorytun-udp@tun" + str(userid))
Fix and better code
2020-03-03 12:49:23 +00:00
shorewall_add_port(current_user, str(port), 'tcp', 'glorytun')
Open glorytun UDP port and doesn't check ip and hostname at each config request
2020-03-24 20:07:41 +00:00
shorewall_add_port(current_user, str(port), 'udp', 'glorytun')
Add lastchange support
2019-08-12 14:43:05 +00:00
set_lastchange()
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'result': 'done'}
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
Add dsvpn support
2019-08-02 15:22:43 +00:00
# Set A Dead Simple VPN config
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class DSVPN(BaseModel):
key: str
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
port: int = Query(..., gt=0, lt=65535)
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/dsvpn', summary="Modify DSVPN configuration")
Fix and better code
2020-03-03 12:49:23 +00:00
def dsvpn(*, params: DSVPN, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'dsvpn'}
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
userid = current_user.userid
Add case when no internet access available
2020-04-21 12:55:35 +00:00
if userid is None:
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
userid = 0
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
key = params.key
port = params.port
Add dsvpn support
2019-08-02 15:22:43 +00:00
if not key or port is None:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'dsvpn'}
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/dsvpn/dsvpn' + str(userid), 'r') as f, open(tmpfile, 'a+') as n:
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
for line in f:
if 'PORT=' in line:
n.write('PORT=' + str(port) + '\n')
else:
n.write(line)
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/dsvpn/dsvpn' + str(userid))
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn' + str(userid) + '.key', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/dsvpn/dsvpn.key', 'w') as outfile:
Add dsvpn support
2019-08-02 15:22:43 +00:00
outfile.write(key)
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/dsvpn/dsvpn' + str(userid) + '.key', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
os.system("systemctl -q restart dsvpn-server@dsvpn" + str(userid))
Fix and better code
2020-03-03 12:49:23 +00:00
shorewall_add_port(current_user, str(port), 'tcp', 'dsvpn')
Add lastchange support
2019-08-12 14:43:05 +00:00
set_lastchange()
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'result': 'done'}
Add dsvpn support
2019-08-02 15:22:43 +00:00
Add function to modify MLVPN config
2021-03-15 14:07:25 +00:00
# Set MLVPN config
class MLVPN(BaseModel):
timeout: int
reorder_buffer_size: int
loss_tolerence: int
cleartext_data: int
password: str
@app.post('/mlvpn', summary="Modify MLVPN configuration")
def mlvpn(*, params: MLVPN, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
set_lastchange(10)
return {'result': 'permission', 'reason': 'Read only user', 'route': 'mlvpn'}
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/mlvpn/mlvpn0.conf', 'rb'))).hexdigest()
mlvpn_config = configparser.ConfigParser()
mlvpn_config.read_file(open(r'/etc/mlvpn/mlvpn0.conf'))
mlvpn_config.set('general', 'password', '"' + params.password + '"')
mlvpn_config.set('general', 'timeout',str(params.timeout))
mlvpn_config.set('general', 'reorder_buffer_size',str(params.reorder_buffer_size))
mlvpn_config.set('general', 'loss_tolerence',str(params.loss_tolerence))
mlvpn_config.set('general', 'cleartext_data',str(params.cleartext_data))
with open('/etc/mlvpn/mlvpn0.conf','w') as mlvpn_file:
mlvpn_config.write(mlvpn_file)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/mlvpn/mlvpn0.conf', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("systemctl -q restart mlvpn@mlvpn0")
set_lastchange()
return {'result': 'done', 'reason': 'changes applied', 'route': 'mlvpn'}
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
# Set OpenVPN config
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class OpenVPN(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
port: int = Query(..., gt=0, lt=65535)
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
cipher: str = "AES-256-CBC"
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/openvpn', summary="Modify OpenVPN TCP configuration")
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
def openvpn(*, params: OpenVPN, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
set_lastchange(10)
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'openvpn'}
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
fd, tmpfile = mkstemp()
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
with open('/etc/openvpn/tun0.conf', 'r') as f, open(tmpfile, 'a+') as n:
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
for line in f:
if 'cipher ' in line:
n.write('cipher ' + params.cipher + '\n')
elif 'port ' in line:
n.write('port ' + str(params.port) + '\n')
else:
n.write(line)
os.close(fd)
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
move(tmpfile, '/etc/openvpn/tun0.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Only restart app after changes
2019-06-02 21:11:58 +00:00
os.system("systemctl -q restart openvpn@tun0")
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
shorewall_add_port(current_user, str(params.port), 'tcp', 'openvpn')
OpenVPN cipher can be changed
2020-07-02 16:12:31 +00:00
set_lastchange()
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'result': 'done'}
Add wireguard support
2021-03-02 13:28:35 +00:00
# Set WireGuard config
class WireGuardPeer(BaseModel):
ip: str
key: str
class WireGuard(BaseModel):
peers: List[WireGuardPeer] = []
@app.post('/wireguard', summary="Modify Wireguard configuration")
def wireguard(*, params: WireGuard, current_user: User = Depends(get_current_user)):
Fix wireguard peer
2021-03-05 18:56:56 +00:00
if not os.path.isfile('/etc/wireguard/wg0.conf'):
return {'result': 'error', 'reason': 'Wireguard config not found', 'route': 'wireguard'}
Fix wireguard support
2021-03-02 17:24:22 +00:00
wg_config = configparser.ConfigParser(strict=False)
Add wireguard support
2021-03-02 13:28:35 +00:00
wg_config.read_file(open(r'/etc/wireguard/wg0.conf'))
wg_port = wg_config.get('Interface', 'ListenPort')
wg_key = wg_config.get('Interface', 'PrivateKey')
Fix wireguard support
2021-03-02 17:24:22 +00:00
fd, tmpfile = mkstemp()
Add wireguard support
2021-03-02 13:28:35 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/wireguard/wg0.conf', 'rb'))).hexdigest()
with open(tmpfile, 'a+') as n:
n.write('[Interface]\n')
n.write('ListenPort = ' + wg_port + '\n')
n.write('PrivateKey = ' + wg_key + '\n')
for peer in params.peers:
n.write('\n')
Fix wireguard peer
2021-03-05 18:56:56 +00:00
n.write('[Peer]\n')
Add wireguard support
2021-03-02 13:28:35 +00:00
n.write('PublicKey = ' + peer.key + '\n')
Fix wireguard support
2021-03-02 17:24:22 +00:00
n.write('AllowedIPs = ' + peer.ip + '\n')
Add wireguard support
2021-03-02 13:28:35 +00:00
move(tmpfile, '/etc/wireguard/wg0.conf')
final_md5 = hashlib.md5(file_as_bytes(open('/etc/wireguard/wg0.conf', 'rb'))).hexdigest()
if initial_md5 != final_md5:
os.system("wg setconf wg0 /etc/wireguard/wg0.conf")
shorewall_add_port(current_user, str(wg_port), 'udp', 'wireguard')
set_lastchange()
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'wireguard'}
Add wireguard support
2021-03-02 13:28:35 +00:00
Add function to get bypassed IPs
2023-12-28 18:49:59 +00:00
class ByPass(BaseModel):
ipv4s: List[str] = []
ipv6s: List[str] = []
intf: str
@app.post('/bypass', summary="Set IPs to Bypass")
def bypass(*, bypassconfig: ByPass, current_user: User = Depends(get_current_user)):
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'bypass'}
bypassipv4s = bypassconfig.ipv4s
bypassipv6s = bypassconfig.ipv6s
if not bypassconfig.intf:
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'bypass'}
if os.path.isfile('/etc/openmptcprouter-vps-admin/omr-bypass.json'):
with open('/etc/openmptcprouter-vps-admin/omr-bypass.json') as f:
content = f.read()
content = re.sub(",\s*}", "}", content) # pylint: disable=W1401
try:
configdata = json.loads(content)
data = configdata
except ValueError as e:
return {'error': 'Config file not readable', 'route': 'lastchange'}
else:
data = {}
configdata = {}
data[bypassconfig.intf] = {}
data[bypassconfig.intf]["ipv4"] = bypassipv4s
data[bypassconfig.intf]["ipv6"] = bypassipv6s
#if data and data != configdata:
with open('/etc/openmptcprouter-vps-admin/omr-bypass.json', 'w') as outfile:
json.dump(data, outfile, indent=4)
return {'result': 'done', 'reason': 'changes applied', 'route': 'bypass'}
Add wireguard support
2021-03-02 13:28:35 +00:00
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
class Wanips(BaseModel):
ips: str
Last changes
2018-11-14 14:10:42 +00:00
Try to define an ACL
2019-08-29 20:39:22 +00:00
# Set WANIP
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/wan', summary="Set WAN IPs")
Fix and better code
2020-03-03 12:49:23 +00:00
def wan(*, wanips: Wanips, current_user: User = Depends(get_current_user)):
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
ips = wanips.ips
Try to define an ACL
2019-08-29 20:39:22 +00:00
if not ips:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'wan'}
Try to define an ACL
2019-08-29 20:39:22 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shadowsocks-libev/local.acl', 'w') as outfile:
Try to define an ACL
2019-08-29 20:39:22 +00:00
outfile.write('[white_list]\n')
outfile.write(ips)
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shadowsocks-libev/local.acl', 'rb'))).hexdigest()
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
#modif_config_user(current_user.username,{'wanips': wanip})
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'wan'}
Try to define an ACL
2019-08-29 20:39:22 +00:00
Use username in shorewall rules, get lan IPs
2020-01-09 21:20:05 +00:00
class Lanips(BaseModel):
lanips: List[str] = []
# Set user lan config
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/lan', summary="Set current user LAN IPs")
Fix and better code
2020-03-03 12:49:23 +00:00
def lan(*, lanconfig: Lanips, current_user: User = Depends(get_current_user)):
Add function to get bypassed IPs
2023-12-28 18:49:59 +00:00
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'lan'}
Use username in shorewall rules, get lan IPs
2020-01-09 21:20:05 +00:00
lanips = lanconfig.lanips
if not lanips:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'lan'}
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
modif_config_user(current_user.username, {'lanips': lanips})
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f)
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
client2client = False
Add multiple DSVPN support
2020-01-12 17:41:34 +00:00
if 'client2client' in omr_config_data:
client2client = omr_config_data["client2client"]
Fix client2client
2020-01-17 20:32:48 +00:00
if client2client == True:
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openvpn/ccd/' + current_user.username, 'w') as outfile:
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
for lan in lanips:
ip = IPNetwork(lan)
outfile.write('iroute ' + str(ip.network) + ' ' + str(ip.netmask) + "\n")
#outfile.write('route ' + str(ip.network) + ' ' + str(ip.netmask) + "\n")
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openvpn/tun0.conf', 'r') as f, open(tmpfile, 'a+') as n:
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
for line in f:
if not 'push "route ' + str(ip.network) + ' ' + str(ip.netmask) + '"' in line:
n.write(line)
n.write('push "route ' + str(ip.network) + ' ' + str(ip.netmask) + '"' + "\n")
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/openvpn/tun0.conf')
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
os.system("systemctl -q restart openvpn@tun0")
set_lastchange()
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'lan'}
Use username in shorewall rules, get lan IPs
2020-01-09 21:20:05 +00:00
Fix userid and various changes
2020-01-17 07:10:44 +00:00
class VPNips(BaseModel):
Add upload speedtest and replace deprecated regex by pattern
2023-08-07 17:18:44 +00:00
remoteip: str = Query(..., pattern='^(10(\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){3}|((172\.(1[6-9]|2[0-9]|3[01]))|192\.168)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){2})$')
localip: str = Query(..., pattern='^(10(\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){3}|((172\.(1[6-9]|2[0-9]|3[01]))|192\.168)(\.(25[0-5]|2[0-4][0-9]|1[0-9]{1,2}|[0-9]{1,2})){2})$')
Remove IPv6 IP check
2023-07-09 18:14:00 +00:00
remoteip6: Optional[str] = None
localip6: Optional[str] = None
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
ula: Optional[str] = None
Fix userid and various changes
2020-01-17 07:10:44 +00:00
# Set user vpn IPs
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/vpnips', summary="Set current user VPN IPs")
Fix and better code
2020-03-03 12:49:23 +00:00
def vpnips(*, vpnconfig: VPNips, current_user: User = Depends(get_current_user)):
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if current_user.permissions == "ro":
return {'result': 'permission', 'reason': 'Read only user', 'route': 'vpnips'}
Fix userid and various changes
2020-01-17 07:10:44 +00:00
remoteip = vpnconfig.remoteip
localip = vpnconfig.localip
Add shadowsocks and vpn traffic, fix ipv6
2020-05-20 16:23:24 +00:00
remoteip6 = vpnconfig.remoteip6
localip6 = vpnconfig.localip6
Add ipv6 ULA prefix
2020-04-15 11:33:20 +00:00
ula = vpnconfig.ula
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if not remoteip or not localip:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'vpnips'}
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
modif_config_user(current_user.username, {'vpnremoteip': remoteip})
modif_config_user(current_user.username, {'vpnlocalip': localip})
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if ula:
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
modif_config_user(current_user.username, {'ula': ula})
Fix userid and various changes
2020-01-17 07:10:44 +00:00
userid = current_user.userid
Add case when no internet access available
2020-04-21 12:55:35 +00:00
if userid is None:
Fix userid and various changes
2020-01-17 07:10:44 +00:00
userid = 0
Some fixes
2020-01-21 18:30:29 +00:00
if os.path.isfile('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid)):
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid), 'rb'))).hexdigest()
else:
initial_md5 = ''
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid), 'w+') as n:
Fix userid and various changes
2020-01-17 07:10:44 +00:00
n.write('LOCALIP=' + localip + "\n")
n.write('REMOTEIP=' + remoteip + "\n")
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if localip6:
n.write('LOCALIP6=' + localip6 + "\n")
else:
Revert to fe80 for 6in4
2020-05-22 09:09:04 +00:00
n.write('LOCALIP6=fe80::a0' + hex(userid)[2:] + ':1/126' + "\n")
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if remoteip6:
n.write('REMOTEIP6=' + remoteip6 + "\n")
else:
Revert to fe80 for 6in4
2020-05-22 09:09:04 +00:00
n.write('REMOTEIP6=fe80::a0' + hex(userid)[2:] + ':2/126' + "\n")
Another interface can be defined for IPv6, ULA can be set from router
2020-05-14 08:44:16 +00:00
if ula:
n.write('ULA=' + ula + "\n")
Some fixes
2020-01-21 18:30:29 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openmptcprouter-vps-admin/omr-6in4/user' + str(userid), 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Fix userid and various changes
2020-01-17 07:10:44 +00:00
os.system("systemctl -q restart omr6in4@user" + str(userid))
set_lastchange()
Add shorewall by user support
2020-01-20 20:05:40 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/params.vpn', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/params.vpn', 'r') as f, open(tmpfile, 'a+') as n:
Add shorewall by user support
2020-01-20 20:05:40 +00:00
for line in f:
Some fixes
2020-01-21 18:30:29 +00:00
if not ('OMR_ADDR_USER' + str(userid) +'=' in line and not userid == 0) and not ('OMR_ADDR=' in line and userid == 0):
Add shorewall by user support
2020-01-20 20:05:40 +00:00
n.write(line)
Some fixes
2020-01-21 18:30:29 +00:00
if not userid == 0:
n.write('OMR_ADDR_USER' + str(userid) + '=' + remoteip + '\n')
elif userid == 0:
n.write('OMR_ADDR=' + remoteip + '\n')
Add shorewall by user support
2020-01-20 20:05:40 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall/params.vpn')
Add shorewall by user support
2020-01-20 20:05:40 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/params.vpn', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q reload shorewall")
Add shorewall by user support
2020-01-20 20:05:40 +00:00
set_lastchange()
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/params.vpn', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall6/params.vpn', 'r') as f, open(tmpfile, 'a+') as n:
Add shorewall by user support
2020-01-20 20:05:40 +00:00
for line in f:
Some fixes
2020-01-21 18:30:29 +00:00
if not ('OMR_ADDR_USER' + str(userid) +'=' in line and not userid == 0) and not ('OMR_ADDR=' in line and userid == 0):
Add shorewall by user support
2020-01-20 20:05:40 +00:00
n.write(line)
Some fixes
2020-01-21 18:30:29 +00:00
if not userid == 0:
Revert to fe80 for 6in4
2020-05-22 09:09:04 +00:00
n.write('OMR_ADDR_USER' + str(userid) + '=fe80::a0' + hex(userid)[2:] + ':2/126' + '\n')
Some fixes
2020-01-21 18:30:29 +00:00
elif userid == 0:
Revert to fe80 for 6in4
2020-05-22 09:09:04 +00:00
n.write('OMR_ADDR=fe80::a0' + hex(userid)[2:] + ':2/126' + '\n')
Some fixes
2020-01-21 18:30:29 +00:00
Add shorewall by user support
2020-01-20 20:05:40 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall6/params.vpn')
Add shorewall by user support
2020-01-20 20:05:40 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall6/params.vpn', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Fix and better code
2020-03-03 12:49:23 +00:00
os.system("systemctl -q reload shorewall6")
Add shorewall by user support
2020-01-20 20:05:40 +00:00
set_lastchange()
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'reason': 'changes applied', 'route': 'vpnips'}
Fix userid and various changes
2020-01-17 07:10:44 +00:00
Fix Shadowsocks settings change, add glorytun and openvpn support
2018-12-06 09:48:23 +00:00
# Update VPS
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/update', summary="Update VPS script")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
def update(current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'update'}
Fix VPS update via API
2021-01-06 08:27:40 +00:00
LOG.debug("Update VPS...")
Fix VPS update
2021-05-08 06:41:02 +00:00
with open("/etc/openmptcprouter-vps-admin/update", mode='a'): pass
Fix VPS update via API
2021-01-06 08:27:40 +00:00
os.system("systemctl stop omr")
Fix VPS update
2021-05-08 06:41:02 +00:00
os.system("systemctl -q restart omr-update")
Fix VPS update via API
2021-01-06 08:27:40 +00:00
LOG.debug("Update VPS... done")
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'route': 'update'}
Add shorewall settings change
2018-11-08 17:05:34 +00:00
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
# Backup
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
class Backupfile(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
data: str = Query(..., title="OpenMPTCProuter backup file in tar.gz encoded in base64")
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/backuppost', summary="Send current user router backup file")
Fix and better code
2020-03-03 12:49:23 +00:00
def backuppost(*, backupfile: Backupfile, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'backuppost'}
More function should work with FastAPI now
2019-11-02 17:32:35 +00:00
backup_file = backupfile.data
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
if not backup_file:
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'backuppost'}
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
with open('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz', 'wb') as f, open('/var/opt/openmptcprouter/' + current_user.username + '-' + str(int(time.time())) + '-backup.tar.gz', 'wb') as g:
g.write(base64.b64decode(backup_file))
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
f.write(base64.b64decode(backup_file))
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
delete_oldest_files('/var/opt/openmptcprouter/' + current_user.username + '-*-backup.tar.gz')
Fix Debian packages and more log
2021-03-04 13:52:04 +00:00
return {'result': 'done', 'route': 'backuppost'}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/backupget', summary="Get current user router backup file")
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
def send_backup(filename: Optional[str] = Query(None), current_user: User = Depends(get_current_user)):
if filename is not None and current_user.username in filename:
with open('/var/opt/openmptcprouter/' + filename, "rb") as backup_file:
file_base64 = base64.b64encode(backup_file.read())
file_base64utf = file_base64.decode('utf-8')
else:
with open('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz', "rb") as backup_file:
file_base64 = base64.b64encode(backup_file.read())
file_base64utf = file_base64.decode('utf-8')
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'data': file_base64utf}
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/backuplist', summary="List available current user backup")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
def list_backup(current_user: User = Depends(get_current_user)):
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
files = glob.glob('/var/opt/openmptcprouter/' + current_user.username + '*' + '-backup.tar.gz')
fileData = {}
for fname in files:
fileData[os.path.relpath(fname,'/var/opt/openmptcprouter/')] = os.stat(fname).st_mtime
sorted_files = sorted(fileData.items(), key = itemgetter(1))
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
if os.path.isfile('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz'):
modiftime = os.path.getmtime('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz')
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
if len(sorted_files) > 0:
return {'backup': True, 'modif': modiftime,'sorted': sorted_files}
Add backup modify via API
2019-10-10 19:13:14 +00:00
else:
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'backup': False}
Add backup modify via API
2019-10-10 19:13:14 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/backupshow', summary="Show current user backup")
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
def show_backup(current_user: User = Depends(get_current_user)):
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
if os.path.isfile('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz'):
router = OpenWrt(native=open('/var/opt/openmptcprouter/' + current_user.username + '-backup.tar.gz'))
Fix and better code
2020-03-03 12:49:23 +00:00
return {'backup': True, 'data': router}
Add backup modify via API
2019-10-10 19:13:14 +00:00
else:
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'backup': False}
Add backup modify via API
2019-10-10 19:13:14 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/backupedit', summary="Modify current user backup")
Fix and better code
2020-03-03 12:49:23 +00:00
def edit_backup(params, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if current_user.permissions == "ro":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Read only user', 'route': 'backupedit'}
Add backup modify via API
2019-10-10 19:13:14 +00:00
o = OpenWrt(params)
Fix and better code
2020-03-03 12:49:23 +00:00
o.write(current_user.username + '-backup', path='/var/opt/openmptcprouter/')
Migrate from flask to fastapi
2019-11-02 17:10:10 +00:00
return {'result': 'done'}
Add backup modify via API
2019-10-10 19:13:14 +00:00
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
#class VPN(str, Enum):
# openvpn = "openvpn"
# glorytuntcp = "glorytun_tcp"
# glorytunudp = "glorytun_udp"
# dsvpn = "dsvpn"
Fixes and use enum
2019-12-30 19:49:39 +00:00
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
class permissions(str, Enum):
Fixes and use enum
2019-12-30 19:49:39 +00:00
ro = "ro"
rw = "rw"
admin = "admin"
Add backup and only needed firewall redirect support
2019-09-29 18:54:54 +00:00
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
class NewUser(BaseModel):
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
username: str = Query(..., title="Username")
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
permission: permissions = Query("ro", title="permission of the user")
vpn: VPN = Query("openvpn", title="default VPN for the user")
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
proxy: PROXY = Query("shadowsocks-rust", title="default Proxy for the user")
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
shadowsocks_port: Optional[int] = Query(None, gt=0, lt=65535, title="Shadowsocks port")
userid: Optional[int] = Query(None, title="User ID")
ips: Optional[List[str]] = Query(None, title="Public exit IP")
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
# userid: int = Query(0, title="User ID",description="User ID is used to create port of each VPN and shadowsocks",gt=0,le=99)
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/add_user', summary="Add a new user")
Fix and better code
2020-03-03 12:49:23 +00:00
def add_user(*, params: NewUser, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if not current_user.permissions == "admin":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'add_user'}
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f)
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
userid = params.userid
Fix user add
2020-08-21 16:50:34 +00:00
if userid is None or userid == 0:
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
userid = 2
for users in content['users'][0]:
if 'userid' in content['users'][0][users]:
if int(content['users'][0][users]['userid']) > userid:
userid = int(content['users'][0][users]['userid'])
userid = userid + 1
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if params.ips is None:
publicips = []
else:
publicips = params.ips
Add, remove and list users
2019-12-27 20:42:47 +00:00
user_key = secrets.token_hex(32)
Fix adduser
2020-08-21 17:50:34 +00:00
user_json = json.loads('{"'+ params.username + '": {"username":"'+ params.username +'","permissions":"'+params.permission+'","user_password": "'+user_key.upper()+'","disabled":"false","userid":"' + str(userid) + '","public_ips":'+ json.dumps(publicips) +'}}')
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
# shadowsocks_port = params.shadowsocks_port
# if params.shadowsocks_port is None:
Add a ss-server by IP
2020-06-20 07:08:51 +00:00
# shadowsocks_port = '651{:02d}'.format(userid)
Fix adduser
2020-08-21 17:50:34 +00:00
shadowsocks_port = params.shadowsocks_port
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
shadowsocks_key = base64.urlsafe_b64encode(secrets.token_hex(16).encode())
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
shadowsocks2022_key = base64.urlsafe_b64encode(secrets.token_hex(32).encode())
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if not publicips:
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/shadowsocks-libev/manager.json'):
shadowsocks_port = add_ss_user(str(shadowsocks_port), shadowsocks_key.decode('utf-8'), userid)
if os.path.isfile('/etc/shadowsocks-go/server.json'):
upsk = add_ss_go_user(params.username, shadowsocks2022_key.decode('utf-8'))
else:
upsk = ''
if os.path.isfile('/etc/v2ray/v2ray-server.json'):
OpenVPN stats by users, Vless-Reality fix, ss-go stats fix,...
2023-11-16 10:50:47 +00:00
if params.proxy is not None and params.proxy == 'v2ray-vmess':
uuid = v2ray_add_user(params.username,'',0)
else:
uuid = v2ray_add_user(params.username)
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
else:
uuid = ''
if os.path.isfile('/etc/xray/xray-server.json'):
xray_add_user(params.username,uuid,upsk)
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
else:
for publicip in publicips:
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/shadowsocks-libev/manager.json'):
shadowsocks_port = add_ss_user(str(shadowsocks_port), shadowsocks_key.decode('utf-8'), userid, publicip)
shadowsocks_port = shadowsocks_port + 1
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
user_json[params.username].update({"shadowsocks_port": shadowsocks_port})
Add, remove and list users
2019-12-27 20:42:47 +00:00
if params.vpn is not None:
user_json[params.username].update({"vpn": params.vpn})
Fix OpenVPN support
2023-11-03 10:30:21 +00:00
if params.proxy is not None:
user_json[params.username].update({"proxy": params.proxy})
Add, remove and list users
2019-12-27 20:42:47 +00:00
content['users'][0].update(user_json)
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
if content:
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
backup_config()
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as f:
json.dump(content, f, indent=4)
Fix and add log
2021-02-05 14:28:56 +00:00
else:
LOG.debug("Empty data for add_user")
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
# Create VPNs configuration
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/openvpn/tun0.conf'):
Fix adding OpenVPN user
2023-12-06 09:02:05 +00:00
os.system('cd /etc/openvpn/ca && EASYRSA_CERT_EXPIRE=3650 ./easyrsa --batch build-client-full "' + params.username + '" nopass')
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/glorytun-tcp/tun0'):
add_glorytun_tcp(userid)
if os.path.isfile('/etc/glorytun-udp/tun0'):
add_glorytun_udp(userid)
if os.path.isfile('/etc/dsvpn/dsvpn0'):
add_dsvpn(userid)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
set_lastchange(30)
fix adding new user
2020-01-06 20:18:29 +00:00
os.execv(__file__, sys.argv)
Add, remove and list users
2019-12-27 20:42:47 +00:00
class RemoveUser(BaseModel):
username: str
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/remove_user', summary="Remove an user")
Fix and better code
2020-03-03 12:49:23 +00:00
def remove_user(*, params: RemoveUser, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if not current_user.permissions == "admin":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'remove_user'}
Add, remove and list users
2019-12-27 20:42:47 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f)
shadowsocks_port = content['users'][0][params.username]['shadowsocks_port']
Some fixes
2020-03-03 13:06:18 +00:00
userid = int(content['users'][0][params.username]['userid'])
Add, remove and list users
2019-12-27 20:42:47 +00:00
del content['users'][0][params.username]
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/shadowsocks-libev/manager.json'):
remove_ss_user(str(shadowsocks_port))
if os.path.isfile('/etc/shadowsocks-go/server.json'):
remove_ss_go_user(params.username)
if os.path.isfile('/etc/v2ray/v2ray-server.json'):
v2ray_remove_user(params.username)
if os.path.isfile('/etc/xray/xray-server.json'):
xray_remove_user(params.username)
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
if content:
Add support for up to 10 router backups, rotated
2023-09-01 07:13:17 +00:00
backup_config()
Check if json not empty before writing config file
2021-02-05 13:33:43 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json', 'w') as f:
json.dump(content, f, indent=4)
Fix and add log
2021-02-05 14:28:56 +00:00
else:
LOG.debug("Empty data for remover_user")
Add XRay and Shadowsocks-go support
2023-09-27 13:10:56 +00:00
if os.path.isfile('/etc/openvpn/tun0.conf'):
os.system('cd /etc/openvpn/ca && ./easyrsa --batch revoke ' + params.username)
os.system('cd /etc/openvpn/ca && ./easyrsa gen-crl')
os.system("systemctl -q restart openvpn@tun0")
if os.path.isfile('/etc/glorytun-tcp/tun0'):
remove_glorytun_tcp(userid)
if os.path.isfile('/etc/glorytun-udp/tun0'):
remove_glorytun_udp(userid)
if os.path.isfile('/etc/dsvpn/dsvpn0'):
remove_dsvpn(userid)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
set_lastchange(30)
fix adding new user
2020-01-06 20:18:29 +00:00
os.execv(__file__, sys.argv)
Add, remove and list users
2019-12-27 20:42:47 +00:00
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
class ClienttoClient(BaseModel):
enable: bool = False
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.post('/client2client', summary="Enable client 2 client communications")
Fix and better code
2020-03-03 12:49:23 +00:00
def client2client(*, params: ClienttoClient, current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if not current_user.permissions == "admin":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'client2client'}
set_global_param('client2client', params.enable)
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/openvpn/tun0.conf', 'r') as f, open(tmpfile, 'a+') as n:
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
for line in f:
if not 'client-to-client' in line:
n.write(line)
Fix client2client disable
2020-03-05 14:09:49 +00:00
if params.enable == True:
n.write('client-to-client' + "\n")
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/openvpn/tun0.conf')
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/openvpn/tun0.conf', 'rb'))).hexdigest()
More info for API doc and small changes
2020-07-03 14:27:09 +00:00
if initial_md5 != final_md5:
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
os.system("systemctl -q restart openvpn@tun0")
client2client support in shorewall
2020-01-29 20:20:43 +00:00
initial_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
fd, tmpfile = mkstemp()
Fix and better code
2020-03-03 12:49:23 +00:00
with open('/etc/shorewall/policy', 'r') as f, open(tmpfile, 'a+') as n:
client2client support in shorewall
2020-01-29 20:20:43 +00:00
for line in f:
if not line == 'vpn vpn DROP\n' and not line == '# THE FOLLOWING POLICY MUST BE LAST\n' and not line == 'all all REJECT info\n':
n.write(line)
Fix c2c
2020-03-06 18:49:33 +00:00
if params.enable == False:
client2client support in shorewall
2020-01-29 20:20:43 +00:00
n.write('vpn vpn DROP\n')
n.write('# THE FOLLOWING POLICY MUST BE LAST\n')
n.write('all all REJECT info\n')
os.close(fd)
Fix and better code
2020-03-03 12:49:23 +00:00
move(tmpfile, '/etc/shorewall/policy')
client2client support in shorewall
2020-01-29 20:20:43 +00:00
final_md5 = hashlib.md5(file_as_bytes(open('/etc/shorewall/policy', 'rb'))).hexdigest()
Fix client2client IPs
2020-03-05 14:02:20 +00:00
if initial_md5 != final_md5:
client2client support in shorewall
2020-01-29 20:20:43 +00:00
os.system("systemctl -q reload shorewall")
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
return {'result': 'done'}
Fix for firewall rules deletion and small changes
2020-11-23 15:54:46 +00:00
class SerialEnforce(BaseModel):
enable: bool = False
@app.post('/serialenforce', summary="Enable client serial number control")
def serialenforce(*, params: SerialEnforce, current_user: User = Depends(get_current_user)):
if not current_user.permissions == "admin":
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'serialenforce'}
set_global_param('serial_enforce', params.enable)
return {'result': 'done'}
Fix for gre tunnel, userid in shadowsocks and better generated doc
2020-06-23 18:26:08 +00:00
@app.get('/list_users', summary="List all users")
Add log debug and fix
2020-02-15 12:44:35 +00:00
async def list_users(current_user: User = Depends(get_current_user)):
Fix and add client2client for OpenVPN
2020-01-13 20:47:29 +00:00
if not current_user.permissions == "admin":
Fix and better code
2020-03-03 12:49:23 +00:00
return {'result': 'permission', 'reason': 'Need admin user', 'route': 'list_users'}
Add, remove and list users
2019-12-27 20:42:47 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
content = json.load(f)
Add glorytun users and descriptions WIP
2020-01-09 08:48:02 +00:00
return content['users'][0]
Add permission system, use username in backup, default to log_level error and send shadowsocks traffic, omr version and kernel in status
2019-12-26 19:25:11 +00:00
Default debug to false, add a debug info for tunnel creation, test speedtest
2020-07-16 07:55:19 +00:00
@app.get('/speedtest', summary="Test speed from the server")
Require authentication for upload and download test
2023-12-15 18:31:57 +00:00
async def speedtest(current_user: User = Depends(get_current_user)):
Add v2ray support
2020-08-10 18:49:47 +00:00
return FileResponse('/usr/share/omr-server/speedtest/test.img')
Default debug to false, add a debug info for tunnel creation, test speedtest
2020-07-16 07:55:19 +00:00
Add upload speedtest and replace deprecated regex by pattern
2023-08-07 17:18:44 +00:00
@app.post('/speedtest', summary="Test upload speed from the server")
Require authentication for upload and download test
2023-12-15 18:31:57 +00:00
async def speedtestul(file: UploadFile, current_user: User = Depends(get_current_user)):
Add upload speedtest and replace deprecated regex by pattern
2023-08-07 17:18:44 +00:00
if not file:
return {'result': 'No upload file sent'}
else:
return {'filename': file.filename}
Default debug to false, add a debug info for tunnel creation, test speedtest
2020-07-16 07:55:19 +00:00
Add port and host arguments to omr-admin.py
2021-02-10 13:48:43 +00:00
def main(omrport: int, omrhost: str):
Add GRE tunnel support when multiples IPs are available on server
2020-06-19 13:49:07 +00:00
LOG.debug("Main OMR-Admin launch")
Fix arguments and change TLS setting
2021-02-25 09:44:34 +00:00
uvicorn.run(app, host=omrhost, port=omrport, log_level='error', ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem', ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem', ssl_version=5)
Add port and host arguments to omr-admin.py
2021-02-10 13:48:43 +00:00
if __name__ == '__main__':
Listen port can be defined in json
2018-12-13 14:14:45 +00:00
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
omr_config_data = json.load(f)
Fix and better code
2020-03-03 12:49:23 +00:00
omrport = 65500
Listen port can be defined in json
2018-12-13 14:14:45 +00:00
if 'port' in omr_config_data:
omrport = omr_config_data["port"]
Fix and better code
2020-03-03 12:49:23 +00:00
omrhost = '0.0.0.0'
Add, remove and list users
2019-12-27 20:42:47 +00:00
if 'host' in omr_config_data:
omrhost = omr_config_data["host"]
Fix arguments and change TLS setting
2021-02-25 09:44:34 +00:00
parser = argparse.ArgumentParser(description="OpenMPTCProuter Server API")
Add port and host arguments to omr-admin.py
2021-02-10 13:48:43 +00:00
parser.add_argument("--port", type=int, help="Listening port", default=omrport)
parser.add_argument("--host", type=str, help="Listening host", default=omrhost)
args = parser.parse_args()
main(args.port, args.host)
Only check data on used proxy
2022-02-04 08:53:32 +00:00
#uvicorn.run("__main__:app", host=omrhost, port=omrport, log_level='error', ssl_certfile='/etc/openmptcprouter-vps-admin/cert.pem', ssl_keyfile='/etc/openmptcprouter-vps-admin/key.pem', ssl_version=5, workers=6)
Reference in a new issue Copy permalink