jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2025-12-15 19:44:30 +05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jeka:0.1.7
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1
...
compare: jeka:abfe593bfe0cedc41ad4e7d455ffce5f76deb281
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1

18 Commits
0.1.7 ... abfe593bfe

Author SHA1 Message Date
Nikita Skryabin
abfe593bfe Merge 7177c18ecd into ceac5597ac 2024-09-05 17:07:07 +03:00
Nikita Skryabin
7177c18ecd fix: correct VERSION_ID extraction using echo instead of cat 2024-09-05 16:36:17 +03:00
Nikita Skryabin
0a71e0de9b refactor: reuse environment variables from /etc/os-release for version checks 2024-09-05 16:31:28 +03:00
Nikita Skryabin
67832bea31 refactor: switch model detection to use /tmp/sysinfo/model 2024-09-05 16:26:12 +03:00
itdoginfo
ceac5597ac Fix internal WG 2024-08-18 14:37:21 +03:00
itdoginfo
ffb3b54b28 Fix about awg 2024-08-18 14:36:15 +03:00
itdoginfo
49beabdf05 Merge pull request #13 from Slava-Shchipunov/master 
feat: add AmneziaWG
 2024-08-18 13:55:37 +03:00
Slava-Shchipunov
ec3655a8e9 refactor: remove DNS AWG settings (#3) 2024-08-17 22:41:32 +07:00
Slava-Shchipunov
db5df24e9d docs: update README.md 2024-08-17 03:49:57 +07:00
Slava-Shchipunov
1ae8f485fe feat: add automatical install amnezia wg packages (#2) 
* feat: add amnezia wg to settings

* feat: add TUNNEL = awg

* feat: update getdomains-install.sh

* fix: fix dns array processing

* fix: add awg to menu

* fix: fix script to awg

* fix: add missing space

* fix: add missing space

* feat: add downloading awg packages

* refactor: update comments

* refactor: fix typo

* fix: add sync before install package

* fix: fix file name
 2024-08-17 03:13:28 +07:00
Slava-Shchipunov
d5b842095c docs: update README.md 2024-08-13 13:45:51 +07:00
Slava-Shchipunov
973a151787 chore: delete docs directory 2024-08-13 13:38:12 +07:00
itdoginfo
3f069118ca Remove pppoe check 2024-08-12 07:39:20 +03:00
Slava-Shchipunov
0b3dac7307 feat: add how enable gh workflow 2024-08-09 15:30:00 +07:00
Slava-Shchipunov
27fb667059 feat: add image 2024-08-09 15:24:28 +07:00
Slava-Shchipunov
7c2e79db2f docs: add awg build instructions 2024-08-04 19:22:30 +07:00
Slava-Shchipunov
bb7c66dba2 Feat/add amnezia wg (#1) 
* feat: add amnezia wg to settings

* feat: add TUNNEL = awg

* feat: update getdomains-install.sh

* fix: fix dns array processing

* fix: add awg to menu

* fix: fix script to awg

* fix: add missing space

* fix: add missing space
 2024-08-04 16:15:32 +07:00
itdoginfo
20262f21db Added internal wg logic 2024-07-28 17:09:58 +03:00
3 changed files with 363 additions and 23 deletions
Expand all files Collapse all files

9
README.md
View File

@@ -12,6 +12,11 @@ Shell скрипт и [роль для Ansible](https://galaxy.ansible.com/ui/st
sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-install.sh)
```
## AmneziaWG
Через этот скрипт можно установить Amnezia wireguard. Скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют, и автоматически их устанавливает.
Если подходящих пакетов нет, перед настройкой необходимо будет самостоятельно [собрать бинарники AmneziaWG](https://github.com/itdoginfo/domain-routing-openwrt/wiki/Amnezia-WG-Build) для своего устройства и установить их.
## Скрипт для проверки конфигурации
Написан для OpenWrt 23.05 и 22.03. На 21.02 работает только половина проверок.
@@ -125,7 +130,7 @@ service getdomains start
Для 22ой версии нужно установить пакет вручную.
- tun2socks настраивается только роутинг и зона. Всё остальное нужно настроить вручную
Для **tunnel** четыре возможных значения:
Для **tunnel** шесть возможных значений:
- wg
- openvpn
- singbox
@@ -200,4 +205,4 @@ service getdomains start
---
[Telegram-канал с обновлениями](https://t.me/+lW1HmBO_Fa00M2Iy)
[Telegram-канал с обновлениями](https://t.me/+lW1HmBO_Fa00M2Iy)

17
getdomains-check.sh
View File

@@ -19,13 +19,13 @@ output_21() {
}
# System Details
MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2)
RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}')
printf "\033[34;1mModel:$MODEL\033[0m\n"
printf "\033[34;1mVersion: $RELEASE\033[0m\n"
MODEL=$(cat /tmp/sysinfo/model)
source /etc/os-release
printf "\033[34;1mModel: $MODEL\033[0m\n"
printf "\033[34;1mVersion: $OPENWRT_RELEASE\033[0m\n"
printf "\033[34;1mDate: $(date)\033[0m\n"
VERSION_ID=$(grep VERSION_ID /etc/os-release | awk -F '"' '{print $2}' | awk -F. '{print $1}')
VERSION_ID=$(echo $VERSION | awk -F. '{print $1}')
RAM=$(free -m | grep Mem: | awk '{print $2}')
if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]]
then
@@ -94,11 +94,6 @@ if curl -6 -s https://ifconfig.io | egrep -q "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-
checkpoint_false "IPv6 detected. This script does not currently work with IPv6"
fi
# PPPoE
if uci show network.wan.proto | grep -q "pppoe"; then
checkpoint_false "PPPoE is used. That could be a problem"
fi
# Tunnels
WIREGUARD=$(opkg list-installed | grep -c wireguard-tools )
if [ $WIREGUARD -eq 1 ]; then
@@ -467,4 +462,4 @@ fi
# Info
echo -e "\nTelegram channel: https://t.me/itdoginfo"
echo "Telegram chat: https://t.me/itdogchat"
echo "Telegram chat: https://t.me/itdogchat"

360
getdomains-install.sh
View File

@@ -13,6 +13,12 @@ cat << EOF > /etc/hotplug.d/iface/30-vpnroute
#!/bin/sh
ip route add table vpn default dev wg0
EOF
elif [ "$TUNNEL" == awg ]; then
cat << EOF > /etc/hotplug.d/iface/30-vpnroute
#!/bin/sh
ip route add table vpn default dev awg0
EOF
elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
cat << EOF > /etc/hotplug.d/iface/30-vpnroute
@@ -39,13 +45,15 @@ add_mark() {
}
add_tunnel() {
echo "We can automatically configure only Wireguard. OpenVPN, Sing-box(Shadowsocks2022, VMess, VLESS, etc) and tun2socks will need to be configured manually"
echo "We can automatically configure only Wireguard and Amnezia WireGuard. OpenVPN, Sing-box(Shadowsocks2022, VMess, VLESS, etc) and tun2socks will need to be configured manually"
echo "Select a tunnel:"
echo "1) WireGuard"
echo "2) OpenVPN"
echo "3) Sing-box"
echo "4) tun2socks"
echo "5) Skip this step"
echo "5) wgForYoutube"
echo "6) Amnezia WireGuard"
echo "7) Skip this step"
while true; do
read -r -p '' TUNNEL
@@ -71,7 +79,17 @@ add_tunnel() {
break
;;
5)
5)
TUNNEL=wgForYoutube
break
;;
6)
TUNNEL=awg
break
;;
7)
echo "Skip"
TUNNEL=0
break
@@ -207,6 +225,165 @@ EOF
printf "\033[32;1mConfigure route for Sing-box\033[0m\n"
route_vpn
fi
if [ "$TUNNEL" == 'wgForYoutube' ]; then
add_internal_wg
fi
if [ "$TUNNEL" == 'awg' ]; then
printf "\033[32;1mConfigure Amnezia WireGuard\033[0m\n"
# Получение pkgarch с наибольшим приоритетом
PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
AWG_DIR="/tmp/amneziawg"
mkdir -p "$AWG_DIR"
if opkg list-installed | grep -q amneziawg-tools; then
echo "amneziawg-tools already installed"
else
AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
curl -L -o "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q kmod-amneziawg; then
echo "kmod-amneziawg already installed"
else
KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q luci-app-amneziawg; then
echo "luci-app-amneziawg already installed"
else
LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
fi
rm -rf "$AWG_DIR"
route_vpn
read -r -p "Enter the private key (from [Interface]):"$'\n' AWG_PRIVATE_KEY
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (Address from [Interface]):"$'\n' AWG_IP
if echo "$AWG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
echo "This IP is not valid. Please repeat"
fi
done
read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
read -r -p "Enter the public key (from [Peer]):"$'\n' AWG_PUBLIC_KEY
read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' AWG_PRESHARED_KEY
read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' AWG_ENDPOINT
read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' AWG_ENDPOINT_PORT
AWG_ENDPOINT_PORT=${AWG_ENDPOINT_PORT:-51820}
if [ "$AWG_ENDPOINT_PORT" = '51820' ]; then
echo $AWG_ENDPOINT_PORT
fi
uci set network.awg0=interface
uci set network.awg0.proto='amneziawg'
uci set network.awg0.private_key=$AWG_PRIVATE_KEY
uci set network.awg0.listen_port='51820'
uci set network.awg0.addresses=$AWG_IP
uci set network.awg0.awg_jc=$AWG_JC
uci set network.awg0.awg_jmin=$AWG_JMIN
uci set network.awg0.awg_jmax=$AWG_JMAX
uci set network.awg0.awg_s1=$AWG_S1
uci set network.awg0.awg_s2=$AWG_S2
uci set network.awg0.awg_h1=$AWG_H1
uci set network.awg0.awg_h2=$AWG_H2
uci set network.awg0.awg_h3=$AWG_H3
uci set network.awg0.awg_h4=$AWG_H4
if ! uci show network | grep -q amneziawg_awg0; then
uci add network amneziawg_awg0
fi
uci set network.@amneziawg_awg0[0]=amneziawg_awg0
uci set network.@amneziawg_awg0[0].name='awg0_client'
uci set network.@amneziawg_awg0[0].public_key=$AWG_PUBLIC_KEY
uci set network.@amneziawg_awg0[0].preshared_key=$AWG_PRESHARED_KEY
uci set network.@amneziawg_awg0[0].route_allowed_ips='0'
uci set network.@amneziawg_awg0[0].persistent_keepalive='25'
uci set network.@amneziawg_awg0[0].endpoint_host=$AWG_ENDPOINT
uci set network.@amneziawg_awg0[0].allowed_ips='0.0.0.0/0'
uci set network.@amneziawg_awg0[0].endpoint_port=$AWG_ENDPOINT_PORT
uci commit
fi
}
dnsmasqfull() {
@@ -254,14 +431,25 @@ add_zone() {
while uci -q delete firewall.@zone[$zone_wg_id]; do :; done
fi
zone_awg_id=$(uci show firewall | grep -E '@zone.*awg0' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ "$zone_awg_id" == 0 ] || [ "$zone_awg_id" == 1 ]; then
printf "\033[32;1mawg0 zone has an identifier of 0 or 1. That's not ok. Fix your firewall. lan and wan zones should have identifiers 0 and 1. \033[0m\n"
exit 1
fi
if [ ! -z "$zone_awg_id" ]; then
while uci -q delete firewall.@zone[$zone_awg_id]; do :; done
fi
uci add firewall zone
uci set firewall.@zone[-1].name="$TUNNEL"
if [ "$TUNNEL" == wg ]; then
uci set firewall.@zone[-1].network='wg0'
elif [ "$TUNNEL" == awg ]; then
uci set firewall.@zone[-1].network='awg0'
elif [ "$TUNNEL" == singbox ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
uci set firewall.@zone[-1].device='tun0'
fi
if [ "$TUNNEL" == wg ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
if [ "$TUNNEL" == wg ] || [ "$TUNNEL" == awg ] || [ "$TUNNEL" == ovpn ] || [ "$TUNNEL" == tun2socks ]; then
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT'
@@ -288,6 +476,11 @@ add_zone() {
remove_forwarding
fi
if [[ $TUNNEL != "awg" ]]; then
forward_id=$(uci show firewall | grep -E "@forwarding.*dest='awg'" | awk -F '[][{}]' '{print $2}' | head -n 1)
remove_forwarding
fi
if [[ $TUNNEL != "ovpn" ]]; then
forward_id=$(uci show firewall | grep -E "@forwarding.*dest='ovpn'" | awk -F '[][{}]' '{print $2}' | head -n 1)
remove_forwarding
@@ -552,13 +745,160 @@ EOF
fi
}
# System Details
MODEL=$(grep machine /proc/cpuinfo | cut -d ':' -f 2)
RELEASE=$(grep OPENWRT_RELEASE /etc/os-release | awk -F '"' '{print $2}')
printf "\033[34;1mModel:$MODEL\033[0m\n"
printf "\033[34;1mVersion: $RELEASE\033[0m\n"
add_internal_wg() {
printf "\033[32;1mConfigure WireGuard\033[0m\n"
if opkg list-installed | grep -q wireguard-tools; then
echo "Wireguard already installed"
else
echo "Installed wg..."
opkg install wireguard-tools
fi
VERSION_ID=$(grep VERSION_ID /etc/os-release | awk -F '"' '{print $2}' | awk -F. '{print $1}')
read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' WG_IP
if echo "$WG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
echo "This IP is not valid. Please repeat"
fi
done
read -r -p "Enter the public key (from [Peer]):"$'\n' WG_PUBLIC_KEY_INT
read -r -p "If use PresharedKey, Enter this (from [Peer]). If your don't use leave blank:"$'\n' WG_PRESHARED_KEY_INT
read -r -p "Enter Endpoint host without port (Domain or IP) (from [Peer]):"$'\n' WG_ENDPOINT_INT
read -r -p "Enter Endpoint host port (from [Peer]) [51820]:"$'\n' WG_ENDPOINT_PORT_INT
WG_ENDPOINT_PORT_INT=${WG_ENDPOINT_PORT_INT:-51820}
if [ "$WG_ENDPOINT_PORT_INT" = '51820' ]; then
echo $WG_ENDPOINT_PORT_INT
fi
uci set network.wg1=interface
uci set network.wg1.proto='wireguard'
uci set network.wg1.private_key=$WG_PRIVATE_KEY_INT
uci set network.wg1.listen_port='51820'
uci set network.wg1.addresses=$WG_IP
if ! uci show network | grep -q wireguard_wg1; then
uci add network wireguard_wg1
fi
uci set network.@wireguard_wg1[0]=wireguard_wg1
uci set network.@wireguard_wg1[0].name='wg1_client'
uci set network.@wireguard_wg1[0].public_key=$WG_PUBLIC_KEY_INT
uci set network.@wireguard_wg1[0].preshared_key=$WG_PRESHARED_KEY_INT
uci set network.@wireguard_wg1[0].route_allowed_ips='0'
uci set network.@wireguard_wg1[0].persistent_keepalive='25'
uci set network.@wireguard_wg1[0].endpoint_host=$WG_ENDPOINT_INT
uci set network.@wireguard_wg1[0].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_wg1[0].endpoint_port=$WG_ENDPOINT_PORT_INT
uci commit network
grep -q "110 vpninternal" /etc/iproute2/rt_tables || echo '110 vpninternal' >> /etc/iproute2/rt_tables
if ! uci show network | grep -q mark0x2; then
printf "\033[32;1mConfigure mark rule\033[0m\n"
uci add network rule
uci set network.@rule[-1].name='mark0x2'
uci set network.@rule[-1].mark='0x2'
uci set network.@rule[-1].priority='110'
uci set network.@rule[-1].lookup='vpninternal'
uci commit
fi
if ! uci show network | grep -q vpn_route_internal; then
printf "\033[32;1mAdd route\033[0m\n"
uci set network.vpn_route_internal=route
uci set network.vpn_route_internal.name='vpninternal'
uci set network.vpn_route_internal.interface='wg1'
uci set network.vpn_route_internal.table='vpninternal'
uci set network.vpn_route_internal.target='0.0.0.0/0'
uci commit network
fi
if ! uci show firewall | grep -q "@zone.*name='wg_internal'"; then
printf "\033[32;1mZone Create\033[0m\n"
uci add firewall zone
uci set firewall.@zone[-1].name="wg_internal"
uci set firewall.@zone[-1].network='wg1'
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].family='ipv4'
uci commit firewall
fi
if ! uci show firewall | grep -q "@forwarding.*name='wg_internal'"; then
printf "\033[32;1mConfigured forwarding\033[0m\n"
uci add firewall forwarding
uci set firewall.@forwarding[-1]=forwarding
uci set firewall.@forwarding[-1].name="wg_internal-lan"
uci set firewall.@forwarding[-1].dest="wg_internal"
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].family='ipv4'
uci commit firewall
fi
if uci show firewall | grep -q "@ipset.*name='vpn_domains_internal'"; then
printf "\033[32;1mSet already exist\033[0m\n"
else
printf "\033[32;1mCreate set\033[0m\n"
uci add firewall ipset
uci set firewall.@ipset[-1].name='vpn_domains_internal'
uci set firewall.@ipset[-1].match='dst_net'
uci commit firewall
fi
if uci show firewall | grep -q "@rule.*name='mark_domains_intenal'"; then
printf "\033[32;1mRule for set already exist\033[0m\n"
else
printf "\033[32;1mCreate rule set\033[0m\n"
uci add firewall rule
uci set firewall.@rule[-1]=rule
uci set firewall.@rule[-1].name='mark_domains_intenal'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].dest='*'
uci set firewall.@rule[-1].proto='all'
uci set firewall.@rule[-1].ipset='vpn_domains_internal'
uci set firewall.@rule[-1].set_mark='0x2'
uci set firewall.@rule[-1].target='MARK'
uci set firewall.@rule[-1].family='ipv4'
uci commit firewall
fi
if uci show dhcp | grep -q "@ipset.*name='vpn_domains_internal'"; then
printf "\033[32;1mDomain on vpn_domains_internal already exist\033[0m\n"
else
printf "\033[32;1mCreate domain for vpn_domains_internal\033[0m\n"
uci add dhcp ipset
uci add_list dhcp.@ipset[-1].name='vpn_domains_internal'
uci add_list dhcp.@ipset[-1].domain='youtube.com'
uci add_list dhcp.@ipset[-1].domain='googlevideo.com'
uci add_list dhcp.@ipset[-1].domain='youtubekids.com'
uci add_list dhcp.@ipset[-1].domain='googleapis.com'
uci add_list dhcp.@ipset[-1].domain='ytimg.com'
uci add_list dhcp.@ipset[-1].domain='ggpht.com'
uci commit dhcp
fi
sed -i "/done/a sed -i '/youtube.com\\\|ytimg.com\\\|ggpht.com\\\|googlevideo.com\\\|googleapis.com\\\|youtubekids.com/d' /tmp/dnsmasq.d/domains.lst" "/etc/init.d/getdomains"
service dnsmasq restart
service network restart
exit 0
}
# System Details
MODEL=$(cat /tmp/sysinfo/model)
source /etc/os-release
printf "\033[34;1mModel: $MODEL\033[0m\n"
printf "\033[34;1mVersion: $OPENWRT_RELEASE\033[0m\n"
VERSION_ID=$(echo $VERSION | awk -F. '{print $1}')
if [ "$VERSION_ID" -ne 23 ]; then
printf "\033[31;1mScript only support OpenWrt 23.05\033[0m\n"