From aa3ff6eea770d59d95f53d0d464319579bbf1795 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Sun, 5 Mar 2017 10:22:09 -0800 Subject: [PATCH] vpnbypass: updated service enable/start logic. Signed-off-by: Stan Grishin --- net/vpnbypass/Makefile | 2 +- net/vpnbypass/files/README.md | 23 +++++++++++++++++++++-- net/vpnbypass/files/vpnbypass.conf | 7 ++++--- net/vpnbypass/files/vpnbypass.init | 26 +++++++++++++------------- 4 files changed, 39 insertions(+), 19 deletions(-) diff --git a/net/vpnbypass/Makefile b/net/vpnbypass/Makefile index 3ae00a82e..1c55fe8a2 100644 --- a/net/vpnbypass/Makefile +++ b/net/vpnbypass/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vpnbypass PKG_VERSION:=1.3.0 -PKG_RELEASE:=1 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0+ PKG_MAINTAINER:=Stan Grishin diff --git a/net/vpnbypass/files/README.md b/net/vpnbypass/files/README.md index c4b95bf2a..93570355a 100644 --- a/net/vpnbypass/files/README.md +++ b/net/vpnbypass/files/README.md @@ -26,7 +26,26 @@ opkg install ip-full ipset iptables dnsmasq-full opkg update opkg install vpnbypass luci-app-vpnbypass ``` -Default install routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you. + +Until the packages are in the official feed/repo for your version, you can install them with: +- OpenWrt +```sh +opkg update; opkg install wget libopenssl +wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk +wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk +opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk +``` + +- LEDE Project +```sh +opkg update; opkg install uclient-fetch libustream-mbedtls +wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk +wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk +opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk +``` + +### Default Settings +Default configuration has service disabled (use Web UI to enable/start service or run ```uci set vpnbypass.config.enabled=1```) and routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you. ## Documentation / Discussion Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) for discussions of this service. @@ -40,7 +59,7 @@ Domain lists should be in following format/syntax: ```/domain1.com/domain2.com/v - Table ID, IPSET name and FW_MARK as well as FW_MASK can be defined in config file. - Uses iptables, not ip rules for handling local IPs/ranges. - More reliable creation/destruction of VPNBYPASS iptables chain. -- Updated Web UI enables/start and stops/disables service. +- Updated Web UI enables/start and stops service. - Beautified output. 1.2.0 diff --git a/net/vpnbypass/files/vpnbypass.conf b/net/vpnbypass/files/vpnbypass.conf index 2ecac72c4..0768e865c 100644 --- a/net/vpnbypass/files/vpnbypass.conf +++ b/net/vpnbypass/files/vpnbypass.conf @@ -1,4 +1,5 @@ config vpnbypass 'config' - list localport '32400' - list localsubnet '192.168.1.81/29' - list remotesubnet '25.0.0.0/8' + option enabled '0' + list localport '32400' + list localsubnet '192.168.1.81/29' + list remotesubnet '25.0.0.0/8' diff --git a/net/vpnbypass/files/vpnbypass.init b/net/vpnbypass/files/vpnbypass.init index 265300eb3..55789f819 100644 --- a/net/vpnbypass/files/vpnbypass.init +++ b/net/vpnbypass/files/vpnbypass.init @@ -13,14 +13,25 @@ output() { local msg=$(echo -n "${1/$p_name /service }" | sed 's|\\033\[[0-9]\?; PKG_NAME="${PKG_NAME:-vpnbypass}"; p_name="${PKG_NAME} ${PKG_VERSION}" is_enabled() { + local c=1 enabled config_load $PKG_NAME + config_get_bool enabled 'config' 'enabled' 1 config_get verbosity 'config' 'verbosity' '2' config_get TID 'config' 'table_number' '200' config_get IPSET 'config' 'ipset' 'vpnbypass' config_get FW_MARK 'config' 'fw_mark' '0x010000' config_get FW_MASK 'config' 'fw_mask' '0xff0000' source /lib/functions/network.sh - return 0 + [ "$enabled" -gt 0 ] || { output "$__error__: $p_name is not enabled.\n"; return 1; } + source /lib/functions/network.sh + while : ; do + network_find_wan wan_if4 + [ -n "$wan_if4" ] && network_get_gateway wan_gw $wan_if4 + [ "$c" -ge 25 -o -n "$wan_gw" ] && break + output "$p_name waiting for wan gateway...\n" + sleep 2; network_flush_cache; let "c+=1"; + done + [ -n "$wan_gw" ] && return 0 || { output "$__error__: $p_name failed to discover WAN gateway.\n"; return 1; } } ipt() { @@ -36,11 +47,8 @@ ipt() { iptables $* >/dev/null 2>&1 } -#boot() { ubus -t 30 wait_for network.interface.wan && { rc_procd start_service; rc_procd service_triggers; } || output "ERROR: $p_name failed to settle network interface!\n"; } - start_service() { - local ll c=1 - config_load vpnbypass + local ll is_enabled || return 1 config_get lports 'config' 'localport' config_get rports 'config' 'remoteport' @@ -53,13 +61,6 @@ start_service() { procd_set_param stderr 1 procd_close_instance - while : ; do - network_find_wan wan_if4; [ -n "wan_if4" ] && network_get_gateway wan_gw $wan_if4; - [ $c -ge 25 -o -n "$wan_gw" ] && break - output "$p_name waiting for wan gateway...\n"; sleep 2; network_flush_cache; let "c+=1"; - done - [ -z "$wan_gw" ] && output "$__error__: $p_name could not discover wan gateway IP!\n" && exit 1 - ipt -t mangle -N VPNBYPASS; ipt -t mangle -A PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS; ipt -t mangle -A VPNBYPASS -m set --match-set $IPSET dst -j MARK --set-mark ${FW_MARK}/${FW_MASK} ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET"; @@ -76,7 +77,6 @@ start_service() { } stop_service() { - local ll is_enabled || return 1 ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET";