Browse Source

Merge pull request #3987 from stangri/vpnbypass

vpnbypass: new service triggers, typo fix
lilik-openwrt-22.03
Hannu Nyman 8 years ago
committed by GitHub
parent
commit
3e470396bd
3 changed files with 44 additions and 34 deletions
  1. +5
    -4
      net/vpnbypass/Makefile
  2. +5
    -2
      net/vpnbypass/files/README.md
  3. +34
    -28
      net/vpnbypass/files/vpnbypass.init

+ 5
- 4
net/vpnbypass/Makefile View File

@ -4,7 +4,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=vpnbypass PKG_NAME:=vpnbypass
PKG_VERSION:=1.0.1
PKG_VERSION:=1.1.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+ PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net> PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
@ -22,10 +22,9 @@ endef
define Package/$(PKG_NAME)/description define Package/$(PKG_NAME)/description
This service can be used to enable simple VPN split tunnelling. This service can be used to enable simple VPN split tunnelling.
Supports accessing domains, IP ranges outside of your VPN tunnel.
Supports accessing domains, IP ranges outside of your VPN tunnel.
Also supports dedicating local ports/IP ranges for direct internet access (outside of your VPN tunnel). Also supports dedicating local ports/IP ranges for direct internet access (outside of your VPN tunnel).
Please see the README for further information. Please see the README for further information.
endef endef
define Package/$(PKG_NAME)/conffiles define Package/$(PKG_NAME)/conffiles
@ -33,6 +32,8 @@ define Package/$(PKG_NAME)/conffiles
endef endef
define Build/Prepare define Build/Prepare
sed -i "s|^\(PKG_NAME\).*|\1='$(PKG_NAME)'|" ./files/vpnbypass.init
sed -i "s|^\(PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" ./files/vpnbypass.init
endef endef
define Build/Configure define Build/Configure
@ -50,4 +51,4 @@ define Package/$(PKG_NAME)/install
$(INSTALL_DATA) ./files/vpnbypass.hotplug $(1)/etc/hotplug.d/firewall/92-vpnbypass $(INSTALL_DATA) ./files/vpnbypass.hotplug $(1)/etc/hotplug.d/firewall/92-vpnbypass
endef endef
$(eval $(call BuildPackage,$(PKG_NAME)))
$(eval $(call BuildPackage,$(PKG_NAME)))

+ 5
- 2
net/vpnbypass/files/README.md View File

@ -28,7 +28,10 @@ Default install routes Plex Media Server traffic (port 32400) outside of the VPN
Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) or [OpenWrt Forum]() for discussions of this service. Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) or [OpenWrt Forum]() for discussions of this service.
## What's New ## What's New
1.0.1:
1.1.1
- More reliable way of obtaining WAN gateway on boot (thanks @dibdot for the hint!).
1.1.0:
- Detects individual IP addresses in the config and converts them to subnet automatically. - Detects individual IP addresses in the config and converts them to subnet automatically.
- Proper implementation of reload on vpnbypass config change. - Proper implementation of reload on vpnbypass config change.
@ -51,4 +54,4 @@ uci add_list dhcp.@dnsmasq[-1].ipset='/github.com/plex.tv/google.com/vpnbypass'
uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass' uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass'
uci commit dhcp uci commit dhcp
/etc/init.d/dnsmasq restart /etc/init.d/dnsmasq restart
```
```

+ 34
- 28
net/vpnbypass/files/vpnbypass.init View File

@ -1,33 +1,40 @@
#!/bin/sh /etc/rc.common #!/bin/sh /etc/rc.common
PKG_NAME='vpnbypass'
PKG_VERSION=
START=92
START=94
USE_PROCD=1 USE_PROCD=1
TID="200"; FW_MARK="0x010000"; IPSET="vpnbypass";
TID="200"; FW_MARK="0x010000"; IPSET="vpnbypass";
output() { output() {
[ -z "$verbosity" ] && config_get verbosity 'config' 'verbosity' '2'
[ -n "$2" -a $((verbosity)) -ne $(($2)) ] && return 0;
[ -n "$2" ] && [ ! $(($verbosity & $2)) -gt 0 ] && return 0;
[ -t 1 ] && echo -e -n "$1" [ -t 1 ] && echo -e -n "$1"
[ $(echo -e -n "$1" | wc -l) -gt 0 ] && logger -t "vpnbypass[$$]" "$(echo -e -n ${logmsg}${1})" && logmsg='' || logmsg=${logmsg}${1}
[ $(echo -e -n "$1" | wc -l) -gt 0 ] && logger -t "${PKG_NAME:-service} [$$]" "$(echo -e -n ${logmsg}${1//$p_name /service })" && logmsg='' || logmsg=${logmsg}${1//p_name /service }
} }
vpnbypass_enabled() { vpnbypass_enabled() {
config_get_bool enabled 'config' 'enabled' 0
[ $((enabled)) -gt 0 ] && return 0 || { output "VPNBypass is not enabled in the config file!\nTo enable, run 'uci set vpnbypass.config.enabled=1; uci commit vpnbypass'\n"; return 1; }
config_load vpnbypass
config_get_bool enabled 'config' 'enabled' 0
config_get verbosity 'config' 'verbosity' '2'
[ -n "$PKG_NAME" -a -n "$PKG_VERSION" ] && p_name="$PKG_NAME $PKG_VERSION" || p_name='vpnbypass'
[ "$enabled" -ne "0" ] && return 0
output "$p_name is not enabled in the config file!\n"
output "To enable, run 'uci set vpnbypass.config.enabled=1; uci commit vpnbypass'\n"
return 1
} }
boot() { ubus -t 30 wait_for network.interface.wan && rc_procd start_service || output 'ERROR: Failed to settle network interface!\n'; }
boot() { ubus -t 30 wait_for network.interface.wan && { rc_procd start_service; rc_procd service_triggers; } || output "ERROR: $p_name failed to settle network interface!\n"; }
start_service() { start_service() {
local ll c=1 local ll c=1
config_load vpnbypass
vpnbypass_enabled || return 1
config_get lports 'config' 'localport'
config_get rports 'config' 'remoteport'
config_get routes 'config' 'remotesubnet'
config_get ranges 'config' 'localsubnet'
config_get domains 'config' 'domain'
config_load vpnbypass
vpnbypass_enabled || return 1
config_get lports 'config' 'localport'
config_get rports 'config' 'remoteport'
config_get routes 'config' 'remotesubnet'
config_get ranges 'config' 'localsubnet'
config_get domains 'config' 'domain'
procd_open_instance procd_open_instance
procd_set_param stdout 1 procd_set_param stdout 1
@ -35,8 +42,8 @@ start_service() {
procd_close_instance procd_close_instance
source /lib/functions/network.sh source /lib/functions/network.sh
while : ; do network_get_ipaddr wanip wan; network_get_gateway gwip wan; [ $c -ge 5 ] && break || let "c+=1"; [ -n "$wanip" -a -n "$gwip" ] && break || sleep 5; done
[ -z "$wanip" -o -z "$gwip" ] && output 'ERROR: Could not get WAN interface IP: $wanip or Gateway: $gwip\n' && exit 0
while : ; do network_get_ipaddr wanip wan; network_get_gateway gwip wan; [ $c -ge 5 ] && break || let "c+=1"; [ -n "$wanip" -a -n "$gwip" ] && break || output "$p_name waiting for wan gateway...\n"; sleep 2; network_flush_cache; done
[ -z "$wanip" -o -z "$gwip" ] && output "ERROR: $p_name could not get wan interface IP: $wanip or gateway: $gwip!\n" && exit 0
for ll in ${routes}; do { [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll; ip route add $ll via $gwip; } >/dev/null 2>&1; done for ll in ${routes}; do { [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll; ip route add $ll via $gwip; } >/dev/null 2>&1; done
{ ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1 { ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1
@ -49,28 +56,27 @@ start_service() {
for ll in ${ranges}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; iptables -t mangle -I PREROUTING -s $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"; done for ll in ${ranges}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; iptables -t mangle -I PREROUTING -s $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"; done
iptables -t mangle -A PREROUTING -m set --match-set $IPSET dst -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass" iptables -t mangle -A PREROUTING -m set --match-set $IPSET dst -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass"
ip rule add fwmark $FW_MARK table $TID ip rule add fwmark $FW_MARK table $TID
output "vpnbypass started with TID: $TID; FW_MARK: $FW_MARK\n"
output "$p_name started with TID: $TID; FW_MARK: $FW_MARK\n"
} }
stop_service() { stop_service() {
local ll local ll
config_load vpnbypass
vpnbypass_enabled || return 1
config_get routes 'config' 'remotesubnet'
vpnbypass_enabled || return 1
config_get routes 'config' 'remotesubnet'
for ll in ${routes}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll >/dev/null 2>&1; done for ll in ${routes}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll >/dev/null 2>&1; done
# iptables-save | grep -Fv -- "vpnbypass" | iptables-restore # iptables-save | grep -Fv -- "vpnbypass" | iptables-restore
{ ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1 { ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1
{ ip route flush table $TID; ip route flush cache; } >/dev/null 2>&1 { ip route flush table $TID; ip route flush cache; } >/dev/null 2>&1
output "vpnbypass stopped\n"
output "$p_name stopped\n"
} }
reload_service()
{
start_service
}
reload_service(){ start_service; }
service_triggers() { service_triggers() {
procd_add_reload_trigger 'vpnbypass'
procd_add_reload_interface_trigger 'wan'
procd_add_reload_trigger 'vpnbypass'
procd_open_trigger
procd_add_config_trigger "config.change" "vpnbypass" /etc/init.d/vpnbypass reload
procd_add_interface_trigger "interface.*" "wan" /etc/init.d/vpnbypass reload
procd_close_trigger
} }

Loading…
Cancel
Save