jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2025-12-13 10:34:29 +05:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13 from Slava-Shchipunov/master

Browse Source 
feat: add AmneziaWG
This commit is contained in:
itdoginfo
2024-08-18 13:55:37 +03:00
committed by GitHub
parent 3f069118ca ec3655a8e9
commit 49beabdf05
2 changed files with 192 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -124,12 +124,16 @@ service getdomains start
Не работает под 21ой версией. Поэтому при его выборе playbook выдаст ошибку. Не работает под 21ой версией. Поэтому при его выборе playbook выдаст ошибку.
Для 22ой версии нужно установить пакет вручную. Для 22ой версии нужно установить пакет вручную.
- tun2socks настраивается только роутинг и зона. Всё остальное нужно настроить вручную - tun2socks настраивается только роутинг и зона. Всё остальное нужно настроить вручную
- wgForYoutube - настройка Wireguard только для Youtube. Настраивается автоматически через переменные
- Amnezia wireguard - настраивается автоматически через переменныепеременные. Скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют. Если подходящих пакетов нет, перед настройкой необходимо будет самостоятельно [собрать бинарники AmneziaWG](https://github.com/itdoginfo/domain-routing-openwrt/wiki/Amnezia-WG-Build) для своего устройства и установить их
Для **tunnel** четыре возможных значения: Для **tunnel** шесть возможных значений:
- wg - wg
- openvpn - openvpn
- singbox - singbox
- tun2socks - tun2socks
- wgForYoutube
- awg
В случае использования WG: В случае использования WG:
``` ```
@@ -200,4 +204,4 @@ service getdomains start
--- ---
[Telegram-канал с обновлениями](https://t.me/+lW1HmBO_Fa00M2Iy) [Telegram-канал с обновлениями](https://t.me/+lW1HmBO_Fa00M2Iy)

190
getdomains-install.sh
View File

@@ -13,6 +13,12 @@ cat << EOF > /etc/hotplug.d/iface/30-vpnroute
#!/bin/sh #!/bin/sh
ip route add table vpn default dev wg0 ip route add table vpn default dev wg0
EOF
elif [ "$TUNNEL" == awg ]; then
cat << EOF > /etc/hotplug.d/iface/30-vpnroute
#!/bin/sh
ip route add table vpn default dev awg0
EOF EOF
elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
cat << EOF > /etc/hotplug.d/iface/30-vpnroute cat << EOF > /etc/hotplug.d/iface/30-vpnroute
@@ -39,14 +45,15 @@ add_mark() {
} }
add_tunnel() { add_tunnel() {
echo "We can automatically configure only Wireguard. OpenVPN, Sing-box(Shadowsocks2022, VMess, VLESS, etc) and tun2socks will need to be configured manually" echo "We can automatically configure only Wireguard and Amnezia WireGuard. OpenVPN, Sing-box(Shadowsocks2022, VMess, VLESS, etc) and tun2socks will need to be configured manually"
echo "Select a tunnel:" echo "Select a tunnel:"
echo "1) WireGuard" echo "1) WireGuard"
echo "2) OpenVPN" echo "2) OpenVPN"
echo "3) Sing-box" echo "3) Sing-box"
echo "4) tun2socks" echo "4) tun2socks"
echo "5) wgForYoutube" echo "5) wgForYoutube"
echo "6) Skip this step" echo "6) Amnezia WireGuard"
echo "7) Skip this step"
while true; do while true; do
read -r -p '' TUNNEL read -r -p '' TUNNEL
@@ -77,7 +84,12 @@ add_tunnel() {
break break
;; ;;
6) 6)
TUNNEL=awg
break
;;
7)
echo "Skip" echo "Skip"
TUNNEL=0 TUNNEL=0
break break
@@ -218,6 +230,160 @@ EOF
add_internal_wg add_internal_wg
fi fi
if [ "$TUNNEL" == 'awg' ]; then
printf "\033[32;1mConfigure Amnezia WireGuard\033[0m\n"
# Получение pkgarch с наибольшим приоритетом
PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
AWG_DIR="/tmp/amneziawg"
mkdir -p "$AWG_DIR"
if opkg list-installed | grep -q amneziawg-tools; then
echo "amneziawg-tools already installed"
else
AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
curl -L -o "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q kmod-amneziawg; then
echo "kmod-amneziawg already installed"
else
KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q luci-app-amneziawg; then
echo "luci-app-amneziawg already installed"
else
LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
fi
rm -rf "$AWG_DIR"
route_vpn
read -r -p "Enter the private key (from [Interface]):"$'\n' AWG_PRIVATE_KEY
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (Address from [Interface]):"$'\n' AWG_IP
if echo "$AWG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
echo "This IP is not valid. Please repeat"
fi
done
read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
read -r -p "Enter the public key (from [Peer]):"$'\n' AWG_PUBLIC_KEY
read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' AWG_PRESHARED_KEY
read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' AWG_ENDPOINT
read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' AWG_ENDPOINT_PORT
AWG_ENDPOINT_PORT=${AWG_ENDPOINT_PORT:-51820}
if [ "$AWG_ENDPOINT_PORT" = '51820' ]; then
echo $AWG_ENDPOINT_PORT
fi
uci set network.awg0=interface
uci set network.awg0.proto='amneziawg'
uci set network.awg0.private_key=$AWG_PRIVATE_KEY
uci set network.awg0.listen_port='51820'
uci set network.awg0.addresses=$AWG_IP
uci set network.awg0.awg_jc=$AWG_JC
uci set network.awg0.awg_jmin=$AWG_JMIN
uci set network.awg0.awg_jmax=$AWG_JMAX
uci set network.awg0.awg_s1=$AWG_S1
uci set network.awg0.awg_s2=$AWG_S2
uci set network.awg0.awg_h1=$AWG_H1
uci set network.awg0.awg_h2=$AWG_H2
uci set network.awg0.awg_h3=$AWG_H3
uci set network.awg0.awg_h4=$AWG_H4
if ! uci show network | grep -q amneziawg_awg0; then
uci add network amneziawg_awg0
fi
uci set network.@amneziawg_awg0[0]=amneziawg_awg0
uci set network.@amneziawg_awg0[0].name='awg0_client'
uci set network.@amneziawg_awg0[0].public_key=$AWG_PUBLIC_KEY
uci set network.@amneziawg_awg0[0].preshared_key=$AWG_PRESHARED_KEY
uci set network.@amneziawg_awg0[0].route_allowed_ips='0'
uci set network.@amneziawg_awg0[0].persistent_keepalive='25'
uci set network.@amneziawg_awg0[0].endpoint_host=$AWG_ENDPOINT
uci set network.@amneziawg_awg0[0].allowed_ips='0.0.0.0/0'
uci set network.@amneziawg_awg0[0].endpoint_port=$AWG_ENDPOINT_PORT
uci commit
fi
} }
dnsmasqfull() { dnsmasqfull() {
@@ -265,14 +431,25 @@ add_zone() {
while uci -q delete firewall.@zone[$zone_wg_id]; do :; done while uci -q delete firewall.@zone[$zone_wg_id]; do :; done
fi fi
zone_awg_id=$(uci show firewall | grep -E '@zone.*awg0' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ "$zone_awg_id" == 0 ] || [ "$zone_awg_id" == 1 ]; then
printf "\033[32;1mawg0 zone has an identifier of 0 or 1. That's not ok. Fix your firewall. lan and wan zones should have identifiers 0 and 1. \033[0m\n"
exit 1
fi
if [ ! -z "$zone_awg_id" ]; then
while uci -q delete firewall.@zone[$zone_awg_id]; do :; done
fi
uci add firewall zone uci add firewall zone
uci set firewall.@zone[-1].name="$TUNNEL" uci set firewall.@zone[-1].name="$TUNNEL"
if [ "$TUNNEL" == wg ]; then if [ "$TUNNEL" == wg ]; then
uci set firewall.@zone[-1].network='wg0' uci set firewall.@zone[-1].network='wg0'
elif [ "$TUNNEL" == awg ]; then
uci set firewall.@zone[-1].network='awg0'
elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
uci set firewall.@zone[-1].device='tun0' uci set firewall.@zone[-1].device='tun0'
fi fi
if [ "$TUNNEL" == wg ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then if [ "$TUNNEL" == wg ] || [ "$TUNNEL" == awg ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].input='REJECT'
@@ -299,6 +476,11 @@ add_zone() {
remove_forwarding remove_forwarding
fi fi
if [[ $TUNNEL != "awg" ]]; then
forward_id=$(uci show firewall | grep -E "@forwarding.*dest='awg'" | awk -F '[][{}]' '{print $2}' | head -n 1)
remove_forwarding
fi
if [[ $TUNNEL != "ovpn" ]]; then if [[ $TUNNEL != "ovpn" ]]; then
forward_id=$(uci show firewall | grep -E "@forwarding.*dest='ovpn'" | awk -F '[][{}]' '{print $2}' | head -n 1) forward_id=$(uci show firewall | grep -E "@forwarding.*dest='ovpn'" | awk -F '[][{}]' '{print $2}' | head -n 1)
remove_forwarding remove_forwarding