jeka/ansible-openwrt-hirkn
1
0
Fork 0
mirror of https://github.com/itdoginfo/ansible-openwrt-hirkn.git synced 2025-12-14 02:54:29 +05:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: jeka:abfe593bfe0cedc41ad4e7d455ffce5f76deb281
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1
...
compare: jeka:0.1.8
Branches Tags
jeka:master jeka:role
jeka:0.1.10 jeka:0.1.9 jeka:0.1.8 jeka:0.1.7 jeka:0.1.6 jeka:0.1.5 jeka:0.1.4 jeka:0.1.3 jeka:0.1.2 jeka:0.1.1 jeka:0.1

32 Commits
abfe593bfe ... 0.1.8

Author SHA1 Message Date
itdoginfo
02f5e5e5c8 Added openwrt 24.10 2024-12-16 00:23:42 +03:00
itdoginfo
f6a6864080 Merge pull request #33 from Akiyamov/master 
Add confdir for snapshot
 2024-12-16 00:17:23 +03:00
Akiyamov
86b9c1c075 Major release for ansible 2024-12-05 18:35:01 +05:00
Akiyamov
7b1f1631b3 Execute confdir only for 24 and newer versions 2024-12-05 15:55:03 +05:00
Akiyamov
f3bf5dda15 Update tasks/main.yml 
Co-authored-by: Morozov Dmitriy <hacker000@yandex.ru>
 2024-12-04 16:51:37 +05:00
Akiyamov
ae9e42a578 Add func exec 2024-12-04 16:16:30 +05:00
Akiyamov
a974ddef29 Add confdir for snapshot 2024-12-03 23:36:40 +05:00
itdoginfo
1e7a3bb8f6 Merge pull request #25 from HattabbI4/master 
feat: Added package installation check
 2024-10-31 13:18:51 +03:00
HattabbI4
a81fe1fb24 translate log messages 2024-10-31 14:53:16 +05:00
HattabbI4
71590700b0 Добавлена проверка установки пакетов 2024-10-31 13:52:28 +05:00
itdoginfo
4a0a38661d Update 2024-10-26 01:08:41 +03:00
itdoginfo
b6b639e76b Uninstall and AWG install 2024-10-26 00:49:36 +03:00
itdoginfo
55ceab7233 Uninstall script 2024-10-26 00:44:59 +03:00
itdoginfo
3f35560f48 Fix hotplug 2024-10-25 18:47:09 +03:00
itdoginfo
b506913226 Moved hotplug to net 2024-10-25 11:59:15 +03:00
itdoginfo
a7eb46bd7f Merge pull request #21 from vernette/master 
fix(getdomains-check.sh): add update_vpn_ip function to fix VPN IP address display for sing-box and tun2socks
 2024-09-19 11:23:38 +03:00
Nikita Skryabin
4d1a838e2d fix(getdomains-check.sh): add update_vpn_ip function to fix VPN IP address display for sing-box and tun2socks 2024-09-18 13:19:59 +03:00
itdoginfo
66f9fb75d4 Merge pull request #20 from vernette/master 
feat: translate getdomains-check.sh script to russian language
 2024-09-18 12:31:39 +03:00
Nikita Skryabin
202f635c89 docs(README.md): add launch command with --lang flag 2024-09-18 09:19:16 +03:00
Nikita Skryabin
b66d61fd23 refactor(getdomains-check.sh): move translations from translations file to the script 2024-09-18 09:12:52 +03:00
Nikita Skryabin
7f3cf77748 fix(getdomains-check.sh): remove forgotten code 2024-09-17 14:14:15 +03:00
Nikita Skryabin
c478349e9f feat(README.md): update the launch instructions 2024-09-17 13:59:11 +03:00
Nikita Skryabin
a8f8e53326 fix(getdomains-check.sh): change repository author back to itdoginfo 2024-09-17 13:46:10 +03:00
Nikita Skryabin
f5f4fadb42 feat(getdomains-check.sh): add --lang flag to choose language 2024-09-17 13:45:13 +03:00
Nikita Skryabin
4b2264ff24 feat(getdomains-check.sh): add code for downloading translations file from URL 2024-09-17 13:38:28 +03:00
Nikita Skryabin
648ff65835 refactor(getdomains-check.sh): replace text output with constants 2024-09-17 13:27:27 +03:00
Nikita Skryabin
9376926215 feat(translations.sh): add a translation file with english and russian languages 2024-09-17 13:26:58 +03:00
itdoginfo
22487c2c29 Merge pull request #19 from ampetelin/master 
feature: Added validation of the sing-box config
 2024-09-16 13:04:42 +03:00
Andrey Petelin
4422e8c40c feature: Added validation of the sing-box config 2024-09-16 14:57:38 +05:00
itdoginfo
03b2a1aa95 Merge pull request #16 from vernette/master 
refactor: improve model detection and reuse environment variables for version parsing
 2024-09-09 15:26:08 +03:00
itdoginfo
6790ff7502 Merge pull request #15 from Slava-Shchipunov/master 
Feat: add awg for youtube (#4)
 2024-09-09 15:23:51 +03:00
Slava-Shchipunov
77d3681ff3 Feat: add awg for youtube (#4) 
* feat: add awgForYoutube

* fix: add proto from variable

* fix: fix wg internal listen port
 2024-08-31 17:31:54 +07:00
5 changed files with 851 additions and 412 deletions
Expand all files Collapse all files

13
README.md
View File

@@ -12,9 +12,16 @@ Shell скрипт и [роль для Ansible](https://galaxy.ansible.com/ui/st
sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-install.sh) sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-install.sh)
``` ```
# Скрипт для удаления
```
sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/refs/heads/master/getdomains-uninstall.sh)
```
## AmneziaWG ## AmneziaWG
Через этот скрипт можно установить Amnezia wireguard. Скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют, и автоматически их устанавливает. Через этот скрипт можно установить Amnezia wireguard. Скрипт проверяет наличие пакетов под вашу платформу в [стороннем репозитории](https://github.com/Slava-Shchipunov/awg-openwrt/releases), так как в официальном репозитории OpenWRT они отсутствуют, и автоматически их устанавливает.
Если вам нужно установить только AWG, воспользуйтесь скриптом в репозитории: https://github.com/Slava-Shchipunov/awg-openwrt
Если подходящих пакетов нет, перед настройкой необходимо будет самостоятельно [собрать бинарники AmneziaWG](https://github.com/itdoginfo/domain-routing-openwrt/wiki/Amnezia-WG-Build) для своего устройства и установить их. Если подходящих пакетов нет, перед настройкой необходимо будет самостоятельно [собрать бинарники AmneziaWG](https://github.com/itdoginfo/domain-routing-openwrt/wiki/Amnezia-WG-Build) для своего устройства и установить их.
## Скрипт для проверки конфигурации ## Скрипт для проверки конфигурации
@@ -27,6 +34,12 @@ sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwr
wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-check.sh | sh wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-check.sh | sh
``` ```
По-умолчанию запускается на русском языке. Если нужно запустить на английском, то после `sh` нужно добавить `-s --lang en`. Аналогично для проверок на подмену DNS и создания дампа.
```
wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-check.sh | sh -s --lang en
```
### Запустить с проверкой на подмену DNS ### Запустить с проверкой на подмену DNS
``` ```
wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-check.sh | sh -s dns wget -O - https://raw.githubusercontent.com/itdoginfo/domain-routing-openwrt/master/getdomains-check.sh | sh -s dns

811
getdomains-check.sh
View File

@@ -1,190 +1,459 @@
#!/bin/sh #!/bin/sh
HIVPN=/etc/init.d/hivpn SCRIPTS_DIR="/etc/init.d"
GETDOMAINS=/etc/init.d/getdomains TMP_DIR="/tmp"
DUMP=/tmp/dump.txt HIVPN_SCRIPT_FILENAME="hivpn"
GETDOMAINS_SCRIPT_FILENAME="getdomains"
DUMP_FILENAME="dump.txt"
HIVPN_SCRIPT_PATH="$SCRIPTS_DIR/$HIVPN_SCRIPT_FILENAME"
GETDOMAINS_SCRIPT_PATH="$SCRIPTS_DIR/$GETDOMAINS_SCRIPT_FILENAME"
DUMP_PATH="$TMP_DIR/$DUMP_FILENAME"
COLOR_BOLD_BLUE="\033[34;1m"
COLOR_BOLD_GREEN="\033[32;1m"
COLOR_BOLD_RED="\033[31;1m"
COLOR_BOLD_CYAN="\033[36;1m"
COLOR_RESET="\033[0m"
UNSUPPORTED_OPENWRT_VERSION="21.02"
MIN_RAM="256"
DNSMASQ_FULL_REQUIRED_VERSION="2.87"
SINGBOX_CONFIG_PATH="/etc/config/sing-box"
CURL_PACKAGE="curl"
DNSMASQ_PACKAGE="dnsmasq"
DNSMASQ_FULL_PACKAGE="$DNSMASQ_PACKAGE-full"
XRAY_CORE_PACKAGE="xray-core"
LUCI_APP_XRAY_PACKAGE="luci-app-xray"
WIREGUARD_TOOLS_PACKAGE="wireguard-tools"
OPENVPN_PACKAGE="openvpn"
SINGBOX_PACKAGE="sing-box"
TUN2SOCKS_PACKAGE="tun2socks"
DNSCRYPT_PACKAGE="dnscrypt-proxy2"
STUBBY_PACKAGE="stubby"
WIREGUARD_PROTOCOL="Wireguard"
OPENVPN_PROTOCOL="OpenVPN"
LANGUAGE="ru"
SUPPORTED_LANGUAGES="ru, en"
set_language_en() {
DEVICE_MODEL="Model"
OPENWRT_VERSION="Version"
CURRENT_DATE="Date"
INSTALLED="is installed"
NOT_INSTALLED="is not installed"
RUNNING="is running"
NOT_RUNNING="is not running"
ENABLED="is enabled"
DISABLED="is disabled"
EXISTS="exists"
DOESNT_EXIST="doesn't exist"
UNSUPPORTED_OPENWRT="You are using OpenWrt $UNSUPPORTED_OPENWRT_VERSION. This check script does not support it."
RAM_WARNING="Your router has less than $MIN_RAM MB of RAM. It is recommended to use only the vpn_domains list."
CURL_INSTALLED="$CURL_PACKAGE $INSTALLED"
CURL_NOT_INSTALLED="$CURL_PACKAGE $NOT_INSTALLED. Install it: opkg install $CURL_PACKAGE"
DNSMASQ_FULL_INSTALLED="$DNSMASQ_FULL_PACKAGE $INSTALLED"
DNSMASQ_FULL_NOT_INSTALLED="$DNSMASQ_FULL_PACKAGE $NOT_INSTALLED"
DNSMASQ_FULL_DETAILS="If you don't use vpn_domains set, it's OK\nCheck version: opkg list-installed | grep $DNSMASQ_FULL_PACKAGE\nRequired version >= $DNSMASQ_FULL_REQUIRED_VERSION. For OpenWrt 22.03 follow manual: https://t.me/itdoginfo/12"
OPENWRT_21_DETAILS="\nYou are using OpenWrt $UNSUPPORTED_OPENWRT_VERSION. This check does not support it.\nManual for OpenWrt $UNSUPPORTED_OPENWRT_VERSION: https://t.me/itdoginfo/8"
XRAY_CORE_PACKAGE_DETECTED="$XRAY_CORE_PACKAGE package detected"
LUCI_APP_XRAY_PACKAGE_DETECTED="$LUCI_APP_XRAY_PACKAGE package detected which is incompatible. Remove it: opkg remove $LUCI_APP_XRAY_PACKAGE --force-removal-of-dependent-packages"
DNSMASQ_SERVICE_RUNNING="$DNSMASQ_PACKAGE service $RUNNING"
DNSMASQ_SERVICE_NOT_RUNNING="$DNSMASQ_PACKAGE service $NOT_RUNNING. Check configuration: /etc/config/dhcp"
INTERNET_IS_AVAILABLE="Internet is available"
INTERNET_IS_NOT_AVAILABLE="Internet is not available"
INTERNET_DETAILS="Check internet connection. If it's ok, check date on router. Details: https://cli.co/2EaW4rO\nFor more info run: curl -Is https://community.antifilter.download/"
IPV6_DETECTED="IPv6 detected. This script does not currently work with IPv6"
WIREGUARD_TOOLS_INSTALLED="$WIREGUARD_TOOLS_PACKAGE $INSTALLED"
WIREGUARD_ROUTING_DOESNT_WORK="Tunnel to the $WIREGUARD_PROTOCOL server works, but routing to the internet does not work. Check server configuration. Details: https://cli.co/RSCvOxI"
WIREGUARD_TUNNEL_NOT_WORKING="Bad news: $WIREGUARD_PROTOCOL tunnel isn't working. Check your $WIREGUARD_PROTOCOL configuration. Details: https://cli.co/hGUUXDs\nIf you don't use $WIREGUARD_PROTOCOL, but $OPENVPN_PROTOCOL for example, it's OK"
WIREGUARD_ROUTE_ALLOWED_IPS_ENABLED="$WIREGUARD_PROTOCOL route_allowed_ips $ENABLED. All traffic goes into the tunnel. Read more at: https://cli.co/SaxBzH7"
WIREGUARD_ROUTE_ALLOWED_IPS_DISABLED="$WIREGUARD_PROTOCOL route_allowed_ips $DISABLED"
WIREGUARD_ROUTING_TABLE_EXISTS="$WIREGUARD_PROTOCOL routing table $EXISTS"
WIREGUARD_ROUTING_TABLE_DOESNT_EXIST="$WIREGUARD_PROTOCOL routing table $DOESNT_EXIST. Details: https://cli.co/Atxr6U3"
OPENVPN_INSTALLED="$OPENVPN_PACKAGE $INSTALLED"
OPENVPN_ROUTING_DOESNT_WORK="Tunnel to the $OPENVPN_PROTOCOL server works, but routing to the internet does not work. Check server configuration."
OPENVPN_TUNNEL_NOT_WORKING="Bad news: $OPENVPN_PROTOCOL tunnel isn't working. Check your $OPENVPN_PROTOCOL configuration."
OPENVPN_REDIRECT_GATEWAY_ENABLED="$OPENVPN_PROTOCOL redirect-gateway $ENABLED. All traffic goes into the tunnel. Read more at: https://cli.co/vzTNq_3"
OPENVPN_REDIRECT_GATEWAY_DISABLED="$OPENVPN_PROTOCOL redirect-gateway $DISABLED"
OPENVPN_ROUTING_TABLE_EXISTS="$OPENVPN_PROTOCOL routing table $EXISTS"
OPENVPN_ROUTING_TABLE_DOESNT_EXIST="$OPENVPN_PROTOCOL routing table $DOESNT_EXIST. Details: https://cli.co/Atxr6U3"
SINGBOX_INSTALLED="$SINGBOX_PACKAGE $INSTALLED"
SINGBOX_ROUTING_TABLE_EXISTS="$SINGBOX_PACKAGE routing table $EXISTS"
SINGBOX_ROUTING_TABLE_DOESNT_EXIST="$SINGBOX_PACKAGE routing table $DOESNT_EXIST. Try: service network restart. Details: https://cli.co/n7xAbc1"
SINGBOX_UCI_CONFIG_OK="$SINGBOX_PACKAGE UCI configuration has been successfully validated"
SINGBOX_UCI_CONFIG_ERROR="$SINGBOX_PACKAGE Error validation UCI configuration. Check $SINGBOX_CONFIG_PATH"
SINGBOX_CONFIG_OK="$SINGBOX_PACKAGE configuration has been successfully validated"
SINGBOX_CONFIG_ERROR="$SINGBOX_PACKAGE configuration validation error"
SINGBOX_WORKING_TEMPLATE="$SINGBOX_PACKAGE works. VPN IP: %s"
SINGBOX_ROUTING_DOESNT_WORK="$SINGBOX_PACKAGE: Your traffic is not routed through the VPN. Check configuration: https://cli.co/Badmn3K"
TUN2SOCKS_INSTALLED="$TUN2SOCKS_PACKAGE $INSTALLED"
TUN2SOCKS_ROUTING_TABLE_EXISTS="$TUN2SOCKS_PACKAGE routing table $EXISTS"
TUN2SOCKS_ROUTING_TABLE_DOESNT_EXIST="$TUN2SOCKS_PACKAGE routing table $DOESNT_EXIST. Try: service network restart. Details: https://cli.co/n7xAbc1"
TUN2SOCKS_WORKING_TEMPLATE="$TUN2SOCKS_PACKAGE works. VPN IP: %s"
TUN2SOCKS_ROUTING_DOESNT_WORK="$TUN2SOCKS_PACKAGE: Your traffic is not routed through the VPN. Check configuration: https://cli.co/VNZISEM"
VPN_DOMAINS_SET_EXISTS="vpn_domains set $EXISTS"
VPN_DOMAINS_SET_DOESNT_EXIST="vpn_domains set $DOESNT_EXIST"
IPS_IN_VPN_DOMAINS_SET_OK="IPs are successfully added to vpn_domains set"
IPS_IN_VPN_DOMAINS_SET_ERROR="IPs were not added to vpn_domains set"
VPN_DOMAINS_DETAILS="If you don't use vpn_domains, it's OK.\nBut if you want to use it, check the configuration and run: service getdomains start"
VPN_DOMAINS_DETAILS_2="If you don't use vpn_domains, it's OK.\nBut if you want use, check the configuration: https://cli.co/AwUGeM6"
VPN_IP_SET_EXISTS="vpn_ip set $EXISTS"
VPN_IP_SET_DOESNT_EXIST="vpn_ip set $DOESNT_EXIST. Check configuration: https://cli.co/AwUGeM6"
IPS_IN_VPN_IP_SET_OK="IPs are successfully added to vpn_ip set"
IPS_IN_VPN_IP_SET_ERROR="IPs were not added to vpn_ip set. But if you want to use it, check configuration"
VPN_SUBNET_SET_EXISTS="vpn_subnets set $EXISTS"
VPN_SUBNET_SET_DOESNT_EXIST="vpn_subnets set $DOESNT_EXIST. Check configuration: https://cli.co/AwUGeM6"
IPS_IN_VPN_SUBNET_SET_OK="IPs are successfully added to vpn_subnets set"
IPS_IN_VPN_SUBNET_SET_ERROR="IPs were not added to vpn_subnets set. But if you want to use it, check configs"
VPN_COMMUNITY_SET_EXISTS="vpn_community set $EXISTS"
VPN_COMMUNITY_SET_DOESNT_EXIST="vpn_community set $DOESNT_EXIST. Check configuration: https://cli.co/AwUGeM6"
IPS_IN_VPN_COMMUNITY_SET_OK="IPs are successfully added to vpn_community set"
IPS_IN_VPN_COMMUNITY_SET_ERROR="IPs were not added to vpn_community set. But if you want to use it, check configs"
GETDOMAINS_SCRIPT_EXISTS="Script $GETDOMAINS_SCRIPT_FILENAME $EXISTS"
GETDOMAINS_SCRIPT_DOESNT_EXIST="Script $GETDOMAINS_SCRIPT_FILENAME $DOESNT_EXIST. Script doesn't exists in $GETDOMAINS_SCRIPT_PATH. If you don't use getdomains, it's OK"
GETDOMAINS_SCRIPT_CRONTAB_OK="Script $GETDOMAINS_SCRIPT_FILENAME has been successfully added to crontab"
GETDOMAINS_SCRIPT_CRONTAB_ERROR="Script $GETDOMAINS_SCRIPT_FILENAME has not been added to crontab. Check: crontab -l"
DNSCRYPT_INSTALLED="$DNSCRYPT_PACKAGE $INSTALLED"
DNSCRYPT_SERVICE_RUNNING="$DNSCRYPT_PACKAGE service $RUNNING"
DNSCRYPT_SERVICE_NOT_RUNNING="$DNSCRYPT_PACKAGE service $NOT_RUNNING. Check configuration: https://cli.co/wN-tc_S"
DNSMASQ_CONFIG_FOR_DNSCRYPT_OK="$DNSMASQ_PACKAGE configuration for $DNSCRYPT_PACKAGE is ok"
DNSMASQ_CONFIG_FOR_DNSCRYPT_ERROR="$DNSMASQ_PACKAGE configuration for $DNSCRYPT_PACKAGE is not ok. Check configuration: https://cli.co/rooc0uz"
STUBBY_INSTALLED="$STUBBY_PACKAGE $INSTALLED"
STUBBY_SERVICE_RUNNING="$STUBBY_PACKAGE service $RUNNING"
STUBBY_SERVICE_NOT_RUNNING="$STUBBY_PACKAGE service $NOT_RUNNING. Check configuration: https://cli.co/HbDBT2V"
DNSMASQ_CONFIG_FOR_STUBBY_OK="$DNSMASQ_PACKAGE configuration for $STUBBY_PACKAGE is ok"
DNSMASQ_CONFIG_FOR_STUBBY_ERROR="$DNSMASQ_PACKAGE configuration for $STUBBY_PACKAGE is not ok. Check configuration: https://cli.co/HbDBT2V"
DUMP_CREATION="Creating dump without private variables"
DUMP_DETAILS="Dump is here: $DUMP_PATH\nFor download on Linux/Mac use: scp root@IP_ROUTER:$DUMP_PATH .\nFor Windows use WinSCP/PSCP or WSL"
DNS_CHECK="Checking DNS servers"
IS_DNS_TRAFFIC_BLOCKED="Checking DNS traffic blocking (Port 53/udp is available)"
IS_DOH_AVAILABLE="Checking DOH availability"
RESPONSE_NOT_CONTAINS_127_0_0_8="Checking that the response does not contain an address from 127.0.0.8"
ONE_IP_FOR_TWO_DOMAINS="Checking IP for two different domains"
IPS_ARE_THE_SAME="IPs are the same"
IPS_ARE_DIFFERENT="IPs are different"
RESPONSE_IS_NOT_BLANK="Checking if response is not blank"
DNS_POISONING_CHECK="Сomparing response from unencrypted DNS and DoH (DNS poisoning)"
TELEGRAM_CHANNEL="Telegram channel"
TELEGRAM_CHAT="Telegram chat"
}
set_language_ru() {
DEVICE_MODEL="Модель"
OPENWRT_VERSION="Версия"
CURRENT_DATE="Дата"
INSTALLED="установлен"
NOT_INSTALLED="не установлен"
RUNNING="запущен"
NOT_RUNNING="не запущен"
ENABLED="включен"
DISABLED="выключен"
EXISTS="существует"
DOESNT_EXIST="не существует"
UNSUPPORTED_OPENWRT="Вы используете OpenWrt $UNSUPPORTED_OPENWRT_VERSION. Этот скрипт проверки её не поддерживает."
RAM_WARNING="У вашего роутера менее $MIN_RAM МБ ОЗУ. Рекомендуется использовать только vpn_domains set."
CURL_INSTALLED="$CURL_PACKAGE $INSTALLED"
CURL_NOT_INSTALLED="$CURL_PACKAGE $NOT_INSTALLED. Установите его: opkg install $CURL_PACKAGE"
DNSMASQ_FULL_INSTALLED="$DNSMASQ_FULL_PACKAGE $INSTALLED"
DNSMASQ_FULL_NOT_INSTALLED="$DNSMASQ_FULL_PACKAGE $NOT_INSTALLED"
DNSMASQ_FULL_DETAILS="Если вы не используете vpn_domains set, это нормально\nПроверьте версию: opkg list-installed | grep $DNSMASQ_FULL_PACKAGE\nТребуемая версия >= $DNSMASQ_FULL_REQUIRED_VERSION. Для OpenWrt 22.03 следуйте инструкции: https://t.me/itdoginfo/12"
OPENWRT_21_DETAILS="\nВы используете OpenWrt $UNSUPPORTED_OPENWRT_VERSION. Этот скрипт её не поддерживает.\nИнструкция для OpenWrt $UNSUPPORTED_OPENWRT_VERSION: https://t.me/itdoginfo/8"
XRAY_CORE_PACKAGE_DETECTED="Обнаружен пакет $XRAY_CORE_PACKAGE"
LUCI_APP_XRAY_PACKAGE_DETECTED="Обнаружен пакет $LUCI_APP_XRAY_PACKAGE, который не совместим. Удалите его: opkg remove $LUCI_APP_XRAY_PACKAGE --force-removal-of-dependent-packages"
DNSMASQ_SERVICE_RUNNING="Сервис $DNSMASQ_PACKAGE $RUNNING"
DNSMASQ_SERVICE_NOT_RUNNING="Сервис $DNSMASQ_PACKAGE $NOT_RUNNING. Проверьте конфигурацию: /etc/config/dhcp"
INTERNET_IS_AVAILABLE="Интернет доступен"
INTERNET_IS_NOT_AVAILABLE="Интернет недоступен"
INTERNET_DETAILS="Проверьте подключение к интернету. Если оно в порядке, проверьте дату на роутере. Подробности: https://cli.co/2EaW4rO\nДополнительно выполните: curl -Is https://community.antifilter.download/"
IPV6_DETECTED="Обнаружен IPv6. Этот скрипт не поддерживает работу с IPv6"
WIREGUARD_TOOLS_INSTALLED="$WIREGUARD_TOOLS_PACKAGE $INSTALLED"
WIREGUARD_ROUTING_DOESNT_WORK="Туннель к $WIREGUARD_PROTOCOL серверу работает, но маршрутизация в интернет не работает. Проверьте конфигурацию сервера. Подробности: https://cli.co/RSCvOxI"
WIREGUARD_TUNNEL_NOT_WORKING="Плохие новости: туннель $WIREGUARD_PROTOCOL не работает. Проверьте конфигурацию $WIREGUARD_PROTOCOL. Подробности: https://cli.co/hGUUXDs\nЕсли вы не используете $WIREGUARD_PROTOCOL, а, например, $OPENVPN_PROTOCOL, то это нормально"
WIREGUARD_ROUTE_ALLOWED_IPS_ENABLED="$WIREGUARD_PROTOCOL route_allowed_ips $ENABLED. Весь трафик идет в туннель. Подробнее: https://cli.co/SaxBzH7"
WIREGUARD_ROUTE_ALLOWED_IPS_DISABLED="$WIREGUARD_PROTOCOL route_allowed_ips $DISABLED"
WIREGUARD_ROUTING_TABLE_EXISTS="Таблица маршрутизации $WIREGUARD_PROTOCOL $EXISTS"
WIREGUARD_ROUTING_TABLE_DOESNT_EXIST="Таблица маршрутизации $WIREGUARD_PROTOCOL $DOESNT_EXIST. Подробности: https://cli.co/Atxr6U3"
OPENVPN_INSTALLED="$OPENVPN_PACKAGE $INSTALLED"
OPENVPN_ROUTING_DOESNT_WORK="Туннель к $OPENVPN_PROTOCOL серверу работает, но маршрутизация в интернет не работает. Проверьте конфигурацию сервера."
OPENVPN_TUNNEL_NOT_WORKING="Плохие новости: туннель $OPENVPN_PROTOCOL не работает. Проверьте конфигурацию $OPENVPN_PROTOCOL."
OPENVPN_REDIRECT_GATEWAY_ENABLED="$OPENVPN_PROTOCOL redirect-gateway $ENABLED. Весь трафик идет в туннель. Подробнее: https://cli.co/vzTNq_3"
OPENVPN_REDIRECT_GATEWAY_DISABLED="$OPENVPN_PROTOCOL redirect-gateway $DISABLED"
OPENVPN_ROUTING_TABLE_EXISTS="Таблица маршрутизации $OPENVPN_PROTOCOL $EXISTS"
OPENVPN_ROUTING_TABLE_DOESNT_EXIST="Таблица маршрутизации $OPENVPN_PROTOCOL $DOESNT_EXIST. Подробности: https://cli.co/Atxr6U3"
SINGBOX_INSTALLED="$SINGBOX_PACKAGE $INSTALLED"
SINGBOX_ROUTING_TABLE_EXISTS="Таблица маршрутизации $SINGBOX_PACKAGE $EXISTS"
SINGBOX_ROUTING_TABLE_DOESNT_EXIST="Таблица маршрутизации $SINGBOX_PACKAGE $DOESNT_EXIST. Попробуйте: service network restart. Подробности: https://cli.co/n7xAbc1"
SINGBOX_UCI_CONFIG_OK="UCI конфигурация для $SINGBOX_PACKAGE успешно проверена"
SINGBOX_UCI_CONFIG_ERROR="Ошибка валидации UCI конфигурации для $SINGBOX_PACKAGE"
SINGBOX_CONFIG_OK="Конфигурация $SINGBOX_PACKAGE успешно проверена"
SINGBOX_CONFIG_ERROR="Ошибка валидации конфигурации $SINGBOX_PACKAGE"
SINGBOX_WORKING_TEMPLATE="$SINGBOX_PACKAGE работает. VPN IP: %s"
SINGBOX_ROUTING_DOESNT_WORK="$SINGBOX_PACKAGE: Ваш трафик не идёт через VPN. Проверьте конфигурацию: https://cli.co/Badmn3K"
TUN2SOCKS_INSTALLED="$TUN2SOCKS_PACKAGE $INSTALLED"
TUN2SOCKS_ROUTING_TABLE_EXISTS="Таблица маршрутизации $TUN2SOCKS_PROTOCOL $EXISTS"
TUN2SOCKS_ROUTING_TABLE_DOESNT_EXIST="Таблица маршрутизации $TUN2SOCKS_PROTOCOL $DOESNT_EXIST. Подробности: https://cli.co/n7xAbc1"
TUN2SOCKS_WORKING_TEMPLATE="$TUN2SOCKS_PACKAGE работает. VPN IP: %s"
TUN2SOCKS_ROUTING_DOESNT_WORK="$TUN2SOCKS_PACKAGE: Ваш трафик не идёт через VPN. Проверьте конфигурацию: https://cli.co/VNZISEM"
VPN_DOMAINS_SET_EXISTS="vpn_domains set $EXISTS"
VPN_DOMAINS_SET_DOESNT_EXIST="vpn_domains set $DOESNT_EXIST"
IPS_IN_VPN_DOMAINS_SET_OK="IP-адреса успешно добавлены в vpn_domains set"
IPS_IN_VPN_DOMAINS_SET_ERROR="IP-адреса не добавлены в vpn_domains set"
VPN_DOMAINS_DETAILS="Если вы не используете vpn_domains, все в порядке.\nНо если вы хотите использовать его, проверьте конфигурацию и выполните: service getdomains start"
VPN_DOMAINS_DETAILS_2="Если вы не используете vpn_domains, все в порядке.\nНо если вы хотите использовать, проверьте конфигурацию: https://cli.co/AwUGeM6"
VPN_IP_SET_EXISTS="vpn_ip set $EXISTS"
VPN_IP_SET_DOESNT_EXIST="vpn_ip set $DOESNT_EXIST"
IPS_IN_VPN_IP_SET_OK="IP-адреса успешно добавлены в set vpn_ip"
IPS_IN_VPN_IP_SET_ERROR="IP-адреса не добавлены в set vpn_ip"
VPN_SUBNET_SET_EXISTS="vpn_subnet set $EXISTS"
VPN_SUBNET_SET_DOESNT_EXIST="vpn_subnet set $DOESNT_EXIST"
IPS_IN_VPN_SUBNET_SET_OK="IP-адреса успешно добавлены в set vpn_subnet"
IPS_IN_VPN_SUBNET_SET_ERROR="IP-адреса не добавлены в set vpn_subnet"
VPN_COMMUNITY_SET_EXISTS="vpn_community set $EXISTS"
VPN_COMMUNITY_SET_DOESNT_EXIST="vpn_community set $DOESNT_EXIST"
IPS_IN_VPN_COMMUNITY_SET_OK="IP-адреса успешно добавлены в set vpn_community"
IPS_IN_VPN_COMMUNITY_SET_ERROR="IP-адреса не добавлены в set vpn_community"
GETDOMAINS_SCRIPT_EXISTS="Скрипт $GETDOMAINS_SCRIPT_FILENAME $EXISTS"
GETDOMAINS_SCRIPT_DOESNT_EXIST="Скрипт $GETDOMAINS_SCRIPT_FILENAME $DOESNT_EXIST"
GETDOMAINS_SCRIPT_CRONTAB_OK="Скрипт $GETDOMAINS_SCRIPT_FILENAME успешно добавлен в crontab"
GETDOMAINS_SCRIPT_CRONTAB_ERROR="Скрипт $GETDOMAINS_SCRIPT_FILENAME не был добавлен в crontab. Проверьте: crontab -l"
DNSCRYPT_INSTALLED="$DNSCRYPT_PACKAGE $INSTALLED"
DNSCRYPT_SERVICE_RUNNING="Сервис $DNSCRYPT_PACKAGE $RUNNING"
DNSCRYPT_SERVICE_NOT_RUNNING="Сервис $DNSCRYPT_PACKAGE $NOT_RUNNING. Проверьте конфигурацию: https://cli.co/wN-tc_S"
DNSMASQ_CONFIG_FOR_DNSCRYPT_OK="Конфигурация $DNSMASQ_PACKAGE для $DNSCRYPT_PACKAGE в порядке"
DNSMASQ_CONFIG_FOR_DNSCRYPT_ERROR="Конфигурация $DNSMASQ_PACKAGE для $DNSCRYPT_PACKAGE не в порядке. Проверьте конфигурацию: https://cli.co/rooc0uz"
STUBBY_INSTALLED="$STUBBY_PACKAGE $INSTALLED"
STUBBY_SERVICE_RUNNING="Сервис $STUBBY_PACKAGE $RUNNING"
STUBBY_SERVICE_NOT_RUNNING="Сервис $STUBBY_PACKAGE $NOT_RUNNING. Проверьте конфигурацию: https://cli.co/HbDBT2V"
DNSMASQ_CONFIG_FOR_STUBBY_OK="Конфигурация $DNSMASQ_PACKAGE для $STUBBY_PACKAGE в порядке"
DNSMASQ_CONFIG_FOR_STUBBY_ERROR="Конфигурация $DNSMASQ_PACKAGE для $STUBBY_PACKAGE не в порядке. Проверьте конфигурацию: https://cli.co/HbDBT2V"
DUMP_CREATION="Создание дампа без приватных переменных"
DUMP_DETAILS="Дамп находится здесь: $DUMP_PATH\nДля загрузки на Linux/Mac используйте: scp root@IP_ROUTER:$DUMP_PATH .\nДля Windows используйте WinSCP/PSCP или WSL"
DNS_CHECK="Проверка DNS серверов"
IS_DNS_TRAFFIC_BLOCKED="Проверяем блокировку DNS трафика (Порт 53/udp доступен)"
IS_DOH_AVAILABLE="Проверяем доступность DoH"
RESPONSE_NOT_CONTAINS_127_0_0_8="Проверяем, что ответ на запрос не содержит адреса из 127.0.0.8"
ONE_IP_FOR_TWO_DOMAINS="Проверяем IP для двух разных доменов"
IPS_ARE_THE_SAME="IP совпадают"
IPS_ARE_DIFFERENT="IP различаются"
RESPONSE_IS_NOT_BLANK="Проверяем, что ответ не пустой"
DNS_POISONING_CHECK="Сравниваем ответ от незащищенного DNS и DoH (Подмена DNS)"
TELEGRAM_CHANNEL="Telegram канал"
TELEGRAM_CHAT="Telegram чат"
}
checkpoint_true() { checkpoint_true() {
printf "\033[32;1m[\342\234\223] $1\033[0m\n" printf "$COLOR_BOLD_GREEN[\342\234\223] $1$COLOR_RESET\n"
} }
checkpoint_false() { checkpoint_false() {
printf "\033[31;1m[x] $1\033[0m\n" printf "$COLOR_BOLD_RED[x] $1$COLOR_RESET\n"
} }
output_21() { output_21() {
if [ "$VERSION_ID" -eq 21 ]; then if [ "$VERSION_ID" -eq 21 ]; then
echo "You are using OpenWrt 21.02. This check does not support it" echo "$UNSUPPORTED_OPENWRT"
fi fi
} }
update_vpn_ip() {
local template="$1"
local ip="$2"
echo "$(printf "$template" "$ip")"
}
while [ $# -gt 0 ]; do
case "$1" in
--lang)
LANGUAGE="$2"
shift 2
;;
dump | dns)
COMMAND="$1"
shift 1
;;
*)
printf "$COLOR_BOLD_RED[ERROR]$COLOR_RESET Unknown option: %s\n" "$1"
exit 1
;;
esac
done
case $LANGUAGE in
ru)
set_language_ru
;;
en)
set_language_en
;;
*)
printf "$COLOR_BOLD_RED[ERROR]$COLOR_RESET Unsupported language '$LANGUAGE'. Supported languages: $SUPPORTED_LANGUAGES %s\n" "$1"
exit 1
;;
esac
# System Details # System Details
MODEL=$(cat /tmp/sysinfo/model) MODEL=$(cat /tmp/sysinfo/model)
source /etc/os-release source /etc/os-release
printf "\033[34;1mModel: $MODEL\033[0m\n" printf "$COLOR_BOLD_BLUE$DEVICE_MODEL: $MODEL$COLOR_RESET\n"
printf "\033[34;1mVersion: $OPENWRT_RELEASE\033[0m\n" printf "$COLOR_BOLD_BLUE$OPENWRT_VERSION: $OPENWRT_RELEASE$COLOR_RESET\n"
printf "\033[34;1mDate: $(date)\033[0m\n" printf "$COLOR_BOLD_BLUE$CURRENT_DATE: $(date)$COLOR_RESET\n"
VERSION_ID=$(echo $VERSION | awk -F. '{print $1}') VERSION_ID=$(echo $VERSION | awk -F. '{print $1}')
RAM=$(free -m | grep Mem: | awk '{print $2}') RAM=$(free -m | grep Mem: | awk '{print $2}')
if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]] if [[ "$VERSION_ID" -ge 22 && "$RAM" -lt 150000 ]]; then
then echo "$RAM_WARNING"
echo "Your router has less than 256MB of RAM. I recommend using only the vpn_domains list"
fi fi
# Check packages # Check packages
CURL=$(opkg list-installed | grep -c curl) CURL=$(opkg list-installed | grep -c curl)
if [ $CURL -eq 2 ]; then if [ $CURL -eq 2 ]; then
checkpoint_true "Curl package" checkpoint_true "$CURL_INSTALLED"
else else
checkpoint_false "Curl package" checkpoint_false "$CURL_NOT_INSTALLED"
echo "Install: opkg install curl"
fi fi
DNSMASQ=$(opkg list-installed | grep dnsmasq-full | awk -F "-" '{print $3}' | tr -d '.' ) DNSMASQ=$(opkg list-installed | grep dnsmasq-full | awk -F "-" '{print $3}' | tr -d '.')
if [ $DNSMASQ -ge 287 ]; then if [ $DNSMASQ -ge 287 ]; then
checkpoint_true "Dnsmasq-full package" checkpoint_true "$DNSMASQ_FULL_INSTALLED"
else else
checkpoint_false "Dnsmasq-full package" checkpoint_false "$DNSMASQ_FULL_NOT_INSTALLED"
echo "If you don't use vpn_domains set, it's OK" printf "$DNSMASQ_FULL_DETAILS\n"
echo "Check version: opkg list-installed | grep dnsmasq-full" if [ "$VERSION_ID" -eq 21 ]; then
echo "Required version >= 2.87. For openwrt 22.03 follow manual: https://t.me/itdoginfo/12" printf "$OPENWRT_21_DETAILS\n"
if [ "$VERSION_ID" -eq 21 ]; then fi
echo "You are using OpenWrt 21.02. This check does not support it"
echo "Manual for openwrt 21.02: https://t.me/itdoginfo/8"
fi
fi fi
# Chek xray package # Chek xray package
if opkg list-installed | grep -q xray-core; then if opkg list-installed | grep -q xray-core; then
checkpoint_false "Xray-core package detected" checkpoint_false "$XRAY_CORE_PACKAGE_DETECTED"
fi fi
if opkg list-installed | grep -q luci-app-xray; then if opkg list-installed | grep -q luci-app-xray; then
checkpoint_false "luci-app-xray package detected. Not compatible. For delete: opkg remove luci-app-xray --force-removal-of-dependent-packages" checkpoint_false "$LUCI_APP_XRAY_PACKAGE_DETECTED"
fi fi
# Check dnsmasq # Check dnsmasq
DNSMASQ_RUN=$(service dnsmasq status | grep -c 'running') DNSMASQ_RUN=$(service dnsmasq status | grep -c 'running')
if [ $DNSMASQ_RUN -eq 1 ]; then if [ $DNSMASQ_RUN -eq 1 ]; then
checkpoint_true "Dnsmasq service" checkpoint_true "$DNSMASQ_SERVICE_RUNNING"
else else
checkpoint_false "Dnsmasq service" checkpoint_false "$DNSMASQ_SERVICE_NOT_RUNNING"
echo "Check config /etc/config/dhcp" output_21
output_21
fi fi
# Check internet connection # Check internet connection
if curl -Is https://community.antifilter.download/ | grep -q 200; then if curl -Is https://community.antifilter.download/ | grep -q 200; then
checkpoint_true "Check Internet" checkpoint_true "$INTERNET_IS_AVAILABLE"
else else
checkpoint_false "Check Internet" checkpoint_false "$INTERNET_IS_NOT_AVAILABLE"
if [ $CURL -lt 2 ]; then if [ $CURL -lt 2 ]; then
echo "Install curl: opkg install curl" echo "$CURL_NOT_INSTALLED"
else else
echo "Check internet connection. If ok, check date on router. Details: https://cli.co/2EaW4rO" printf "$INTERNET_DETAILS\n"
echo "For more info run: curl -Is https://community.antifilter.download/" fi
fi
fi fi
# Check IPv6 # Check IPv6
if curl -6 -s https://ifconfig.io | egrep -q "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?"; then if curl -6 -s https://ifconfig.io | egrep -q "(::)?[0-9a-fA-F]{1,4}(::?[0-9a-fA-F]{1,4}){1,7}(::)?"; then
checkpoint_false "IPv6 detected. This script does not currently work with IPv6" checkpoint_false "$IPV6_DETECTED"
fi fi
# Tunnels # Tunnels
WIREGUARD=$(opkg list-installed | grep -c wireguard-tools ) WIREGUARD=$(opkg list-installed | grep -c wireguard-tools)
if [ $WIREGUARD -eq 1 ]; then if [ $WIREGUARD -eq 1 ]; then
checkpoint_true "Wireguard-tools package" checkpoint_true "$WIREGUARD_TOOLS_INSTALLED"
WG=true WG=true
fi fi
if [ "$WG" == true ]; then if [ "$WG" == true ]; then
WG_PING=$(ping -c 1 -q -I wg0 itdog.info | grep -c "1 packets received") WG_PING=$(ping -c 1 -q -I wg0 itdog.info | grep -c "1 packets received")
if [ $WG_PING -eq 1 ]; then if [ $WG_PING -eq 1 ]; then
checkpoint_true "Wireguard" checkpoint_true "$WIREGUARD_PROTOCOL"
else
checkpoint_false "$WIREGUARD_PROTOCOL"
WG_TRACE=$(traceroute -i wg0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $WG_TRACE -eq 1 ]; then
echo "$WIREGUARD_ROUTING_DOESNT_WORK"
else else
checkpoint_false "Wireguard" printf "$WIREGUARD_TUNNEL_NOT_WORKING\n"
WG_TRACE=$(traceroute -i wg0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $WG_TRACE -eq 1 ]; then
echo "Tunnel to wg server is work, but routing to internet doesn't work. Check server configuration. Details: https://cli.co/RSCvOxI"
else
echo "Bad news: WG tunnel isn't work, check your WG configuration. Details: https://cli.co/hGUUXDs"
echo "If you don't use WG, but OpenVPN for example, it's OK"
fi
fi fi
fi
# Check WG route_allowed_ips # Check WG route_allowed_ips
if uci show network | grep -q ".route_allowed_ips='1'"; then if uci show network | grep -q ".route_allowed_ips='1'"; then
checkpoint_false "Wireguard route_allowed_ips" checkpoint_false "$WIREGUARD_ROUTE_ALLOWED_IPS_ENABLED"
echo "All traffic goes into the tunnel. Read more at: https://cli.co/SaxBzH7" else
else checkpoint_true "$WIREGUARD_ROUTE_ALLOWED_IPS_DISABLED"
checkpoint_true "Wireguard route_allowed_ips" fi
fi
# Check route table # Check route table
ROUTE_TABLE=$(ip route show table vpn | grep -c "default dev wg0" ) ROUTE_TABLE=$(ip route show table vpn | grep -c "default dev wg0")
if [ $ROUTE_TABLE -eq 1 ]; then if [ $ROUTE_TABLE -eq 1 ]; then
checkpoint_true "Route table WG" checkpoint_true "$WIREGUARD_ROUTING_TABLE_EXISTS"
else else
checkpoint_false "Route table WG" checkpoint_false "$WIREGUARD_ROUTING_TABLE_DOESNT_EXIST"
echo "Details: https://cli.co/Atxr6U3" fi
fi
fi fi
if opkg list-installed | grep -q openvpn; then if opkg list-installed | grep -q openvpn; then
checkpoint_true "OpenVPN package" checkpoint_true "$OPENVPN_INSTALLED"
OVPN=true OVPN=true
fi fi
# Check OpenVPN # Check OpenVPN
if [ "$OVPN" == true ]; then if [ "$OVPN" == true ]; then
if ping -c 1 -q -I tun0 itdog.info | grep -q "1 packets received"; then if ping -c 1 -q -I tun0 itdog.info | grep -q "1 packets received"; then
checkpoint_true "OpenVPN" checkpoint_true "$OPENVPN_PROTOCOL"
else
checkpoint_false "$OPENVPN_PROTOCOL"
if traceroute -i tun0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
echo "$OPENVPN_ROUTING_DOESNT_WORK"
else else
checkpoint_false "OpenVPN" echo "$OPENVPN_TUNNEL_NOT_WORKING"
if traceroute -i tun0 itdog.info -m 1 | grep ms | awk '{print $2}' | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
echo "Tunnel to OpenVPN server is work, but routing to internet doesn't work. Check server configuration."
else
echo "Bad news: OpenVPN tunnel isn't work, check your OpenVPN configuration."
fi
fi fi
fi
# Check OpenVPN redirect-gateway # Check OpenVPN redirect-gateway
if grep -q redirect-gateway /etc/openvpn/*; then if grep -q redirect-gateway /etc/openvpn/*; then
checkpoint_false "OpenVPN redirect-gateway" checkpoint_false "$OPENVPN_REDIRECT_GATEWAY_ENABLED"
echo "All traffic goes into the tunnel. Read more at: https://cli.co/vzTNq_3" else
else checkpoint_true "$OPENVPN_REDIRECT_GATEWAY_DISABLED"
checkpoint_true "OpenVPN redirect-gateway" fi
fi
# Check route table # Check route table
if ip route show table vpn | grep -q "default dev tun0"; then if ip route show table vpn | grep -q "default dev tun0"; then
checkpoint_true "Route table OpenVPN" checkpoint_true "$OPENVPN_ROUTING_TABLE_EXISTS"
else else
checkpoint_false "Route table OpenVPN" checkpoint_false "$OPENVPN_ROUTING_TABLE_DOESNT_EXIST"
echo "Details: https://cli.co/Atxr6U3" fi
fi
fi fi
if opkg list-installed | grep -q sing-box; then if opkg list-installed | grep -q sing-box; then
checkpoint_true "Sing-box package" checkpoint_true "$SINGBOX_INSTALLED"
# Check route table # Check route table
if ip route show table vpn | grep -q "default dev tun0"; then if ip route show table vpn | grep -q "default dev tun0"; then
checkpoint_true "Route table Sing-box" checkpoint_true "$SINGBOX_ROUTING_TABLE_EXISTS"
else else
checkpoint_false "Route table Sing-box. Try service network restart. Details: https://cli.co/n7xAbc1" checkpoint_false "$SINGBOX_ROUTING_TABLE_DOESNT_EXIST"
fi fi
# Sing-box uci validation # Sing-box uci validation
if uci show sing-box 2>&1 | grep -q "Parse error"; then if uci show sing-box 2>&1 | grep -q "Parse error"; then
checkpoint_false "Sing-box UCI config. Check /etc/config/sing-box" checkpoint_false "$SINGBOX_UCI_CONFIG_ERROR"
else else
checkpoint_true "Sing-box UCI config" checkpoint_true "$SINGBOX_UCI_CONFIG_OK"
fi fi
singbox_check_cmd="sing-box -c /etc/sing-box/config.json check"
if $singbox_check_cmd >/dev/null 2>&1; then
checkpoint_true "$SINGBOX_CONFIG_OK"
# Check traffic # Check traffic
IP_EXTERNAL=$(curl -s ifconfig.me) IP_EXTERNAL=$(curl -s ifconfig.me)
@@ -192,33 +461,41 @@ if opkg list-installed | grep -q sing-box; then
IP_VPN=$(curl --interface tun0 -s ifconfig.me) IP_VPN=$(curl --interface tun0 -s ifconfig.me)
SINGBOX_WORKING=$(update_vpn_ip "$SINGBOX_WORKING_TEMPLATE" "$IP_VPN")
if [ "$IP_EXTERNAL" != $IP_VPN ]; then if [ "$IP_EXTERNAL" != $IP_VPN ]; then
checkpoint_true "Sing-box. VPN IP: $IP_VPN" checkpoint_true "$SINGBOX_WORKING"
else else
checkpoint_false "Sing-box. Check config: https://cli.co/Badmn3K" checkpoint_false "$SINGBOX_ROUTING_DOESNT_WORK"
fi fi
else
checkpoint_false "$SINGBOX_CONFIG_ERROR:"
$singbox_check_cmd
fi
fi fi
if which tun2socks | grep -q tun2socks; then if which tun2socks | grep -q tun2socks; then
checkpoint_true "tun2socks package" checkpoint_true "$TUN2SOCKS_INSTALLED"
# Check route table # Check route table
if ip route show table vpn | grep -q "default dev tun0"; then if ip route show table vpn | grep -q "default dev tun0"; then
checkpoint_true "Route table tun2socks" checkpoint_true "$TUN2SOCKS_ROUTING_TABLE_EXISTS"
else else
checkpoint_false "Route table tun2socks. Try service network restart. Details: https://cli.co/n7xAbc1" checkpoint_false "$TUN2SOCKS_ROUTING_TABLE_DOESNT_EXIST"
fi fi
IP_EXTERNAL=$(curl -s ifconfig.me) IP_EXTERNAL=$(curl -s ifconfig.me)
IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}') IFCONFIG=$(nslookup -type=a ifconfig.me | awk '/^Address: / {print $2}')
IP_VPN=$(curl --interface tun0 -s ifconfig.me) IP_VPN=$(curl --interface tun0 -s ifconfig.me)
if [ "$IP_EXTERNAL" != $IP_VPN ]; then TUN2SOCKS_WORKING=$(update_vpn_ip "$TUN2SOCKS_WORKING_TEMPLATE" "$IP_VPN")
checkpoint_true "tun2socks. VPN IP: $IP_VPN"
else if [ "$IP_EXTERNAL" != $IP_VPN ]; then
checkpoint_false "tun2socks. Check config: https://cli.co/VNZISEM" checkpoint_true "$TUN2SOCKS_WORKING"
fi else
checkpoint_false "$TUN2SOCKS_ROUTING_DOESNT_WORK"
fi
fi fi
# Check sets # Check sets
@@ -230,26 +507,24 @@ vpn_domain_rule_id=$(uci show firewall | grep -E '@rule.*vpn_domains' | awk -F '
vpn_domain_rule_string=$(uci show firewall.@rule[$vpn_domain_rule_id] | grep -c "name='mark_domains'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_domains'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") vpn_domain_rule_string=$(uci show firewall.@rule[$vpn_domain_rule_id] | grep -c "name='mark_domains'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_domains'\|set_mark='0x1'\|target='MARK'\|family='ipv4'")
if [ $((vpn_domain_ipset_string + vpn_domain_rule_string)) -eq 10 ]; then if [ $((vpn_domain_ipset_string + vpn_domain_rule_string)) -eq 10 ]; then
checkpoint_true "vpn_domains set" checkpoint_true "$VPN_DOMAINS_SET_EXISTS"
# force resolve for vpn_domains. All list # force resolve for vpn_domains. All list
nslookup terraform.io 127.0.0.1 > /dev/null nslookup terraform.io 127.0.0.1 >/dev/null
nslookup pochta.ru 127.0.0.1 > /dev/null nslookup pochta.ru 127.0.0.1 >/dev/null
nslookup 2gis.ru 127.0.0.1 > /dev/null nslookup 2gis.ru 127.0.0.1 >/dev/null
VPN_DOMAINS_IP=$(nft list ruleset | grep -A 10 vpn_domains | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') VPN_DOMAINS_IP=$(nft list ruleset | grep -A 10 vpn_domains | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $VPN_DOMAINS_IP -ge 1 ]; then if [ $VPN_DOMAINS_IP -ge 1 ]; then
checkpoint_true "IPs in vpn_domains" checkpoint_true "$IPS_IN_VPN_DOMAINS_SET_OK"
else else
checkpoint_false "IPs in vpn_domains" checkpoint_false "$IPS_IN_VPN_DOMAINS_SET_ERROR"
echo "If you don't use vpn_domains, it's OK" printf "$VPN_DOMAINS_DETAILS\n"
echo "But if you want use, check configs. And run `service getdomains start`" output_21
output_21 fi
fi
else else
checkpoint_false "vpn_domains set" checkpoint_false "$VPN_DOMAINS_SET_DOESNT_EXIST"
echo "If you don't use vpn_domains set, it's OK" printf "$VPN_DOMAINS_DETAILS_2\n"
echo "But if you want use, check config: https://cli.co/AwUGeM6"
fi fi
# vpn_ip set # vpn_ip set
@@ -259,18 +534,16 @@ vpn_ip_rule_id=$(uci show firewall | grep -E '@rule.*vpn_ip' | awk -F '[][{}]' '
vpn_ip_rule_string=$(uci show firewall.@rule[$vpn_ip_rule_id] | grep -c "name='mark_ip'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_ip'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") vpn_ip_rule_string=$(uci show firewall.@rule[$vpn_ip_rule_id] | grep -c "name='mark_ip'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_ip'\|set_mark='0x1'\|target='MARK'\|family='ipv4'")
if [ $((vpn_ip_ipset_string + vpn_ip_rule_string)) -eq 11 ]; then if [ $((vpn_ip_ipset_string + vpn_ip_rule_string)) -eq 11 ]; then
checkpoint_true "vpn_ip set" checkpoint_true "$VPN_IP_SET_EXISTS"
VPN_IP_IP=$(nft list ruleset | grep -A 10 vpn_ip | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') VPN_IP_IP=$(nft list ruleset | grep -A 10 vpn_ip | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $VPN_IP_IP -ge 1 ]; then if [ $VPN_IP_IP -ge 1 ]; then
checkpoint_true "IPs in vpn_ip" checkpoint_true "$IPS_IN_VPN_IP_SET_OK"
else else
checkpoint_false "IPs in vpn_ip" checkpoint_false "$IPS_IN_VPN_IP_SET_ERROR"
echo "But if you want use, check configs" output_21
output_21 fi
fi
elif uci show firewall | grep -q "vpn_ip"; then elif uci show firewall | grep -q "vpn_ip"; then
checkpoint_false "vpn_ip set" checkpoint_false "$VPN_IP_SET_DOESNT_EXIST"
echo "Check config: https://cli.co/AwUGeM6"
fi fi
# vpn_subnet set # vpn_subnet set
@@ -280,18 +553,16 @@ vpn_subnet_rule_id=$(uci show firewall | grep -E '@rule.*vpn_subnet' | awk -F '[
vpn_subnet_rule_string=$(uci show firewall.@rule[$vpn_subnet_rule_id] | grep -c "name='mark_subnet'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_subnets'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") vpn_subnet_rule_string=$(uci show firewall.@rule[$vpn_subnet_rule_id] | grep -c "name='mark_subnet'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_subnets'\|set_mark='0x1'\|target='MARK'\|family='ipv4'")
if [ $((vpn_subnet_ipset_string + vpn_subnet_rule_string)) -eq 11 ]; then if [ $((vpn_subnet_ipset_string + vpn_subnet_rule_string)) -eq 11 ]; then
checkpoint_true "vpn_subnet set" checkpoint_true "$VPN_SUBNET_SET_EXISTS"
VPN_IP_SUBNET=$(nft list ruleset | grep -A 10 vpn_subnet | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') VPN_IP_SUBNET=$(nft list ruleset | grep -A 10 vpn_subnet | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $VPN_IP_SUBNET -ge 1 ]; then if [ $VPN_IP_SUBNET -ge 1 ]; then
checkpoint_true "IPs in vpn_subnet" checkpoint_true "$IPS_IN_VPN_SUBNET_SET_OK"
else else
checkpoint_false "IPs in vpn_subnet" checkpoint_false "$IPS_IN_VPN_SUBNET_SET_ERROR"
echo "But if you want use, check configs" output_21
output_21 fi
fi
elif uci show firewall | grep -q "vpn_subnet"; then elif uci show firewall | grep -q "vpn_subnet"; then
checkpoint_false "vpn_subnet set" checkpoint_false "$VPN_SUBNET_SET_DOESNT_EXIST"
echo "Check config: https://cli.co/AwUGeM6"
fi fi
# vpn_community set # vpn_community set
@@ -301,165 +572,151 @@ vpn_community_rule_id=$(uci show firewall | grep -E '@rule.*vpn_community' | awk
vpn_community_rule_string=$(uci show firewall.@rule[$vpn_community_rule_id] | grep -c "name='mark_community'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_community'\|set_mark='0x1'\|target='MARK'\|family='ipv4'") vpn_community_rule_string=$(uci show firewall.@rule[$vpn_community_rule_id] | grep -c "name='mark_community'\|src='lan'\|dest='*'\|proto='all'\|ipset='vpn_community'\|set_mark='0x1'\|target='MARK'\|family='ipv4'")
if [ $((vpn_community_ipset_string + vpn_community_rule_string)) -eq 11 ]; then if [ $((vpn_community_ipset_string + vpn_community_rule_string)) -eq 11 ]; then
checkpoint_true "vpn_community set" checkpoint_true "$VPN_COMMUNITY_SET_EXISTS"
VPN_COMMUNITY_IP=$(nft list ruleset | grep -A 10 vpn_community | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') VPN_COMMUNITY_IP=$(nft list ruleset | grep -A 10 vpn_community | grep -c -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
if [ $VPN_COMMUNITY_IP -ge 1 ]; then if [ $VPN_COMMUNITY_IP -ge 1 ]; then
checkpoint_true "IPs in vpn_community" checkpoint_true "$IPS_IN_VPN_COMMUNITY_SET_OK"
else else
checkpoint_false "IPs in vpn_community" checkpoint_false "$IPS_IN_VPN_COMMUNITY_SET_ERROR"
echo "But if you want use, check configs" output_21
output_21 fi
fi
elif uci show firewall | grep -q "vpn_community"; then elif uci show firewall | grep -q "vpn_community"; then
checkpoint_false "vpn_community set" checkpoint_false "$VPN_COMMUNITY_SET_DOESNT_EXIST"
echo "Check config: https://cli.co/AwUGeM6"
fi fi
# getdomains script # getdomains script
if [ -s "$GETDOMAINS" ]; then if [ -s "$GETDOMAINS_SCRIPT_PATH" ]; then
checkpoint_true "Script getdomains" checkpoint_true "$GETDOMAINS_SCRIPT_EXISTS"
if crontab -l | grep -q $GETDOMAINS; then if crontab -l | grep -q $GETDOMAINS_SCRIPT_PATH; then
checkpoint_true "Script getdomains in crontab" checkpoint_true "$GETDOMAINS_SCRIPT_CRONTAB_OK"
else else
checkpoint_false "Script getdomains in crontab" checkpoint_false "$GETDOMAINS_SCRIPT_CRONTAB_ERROR"
echo "Script is not enabled in crontab. Check: crontab -l" fi
fi
else else
checkpoint_false "Script getdomains" checkpoint_false "$GETDOMAINS_SCRIPT_DOESNT_EXIST"
echo "Script don't exists in $GETDOMAINS. If you don't use getdomains, it's OK"
fi fi
# DNS # DNS
# DNSCrypt # DNSCrypt
if opkg list-installed | grep -q dnscrypt-proxy2; then if opkg list-installed | grep -q dnscrypt-proxy2; then
checkpoint_true "Dnscrypt-proxy2 package" checkpoint_true "$DNSCRYPT_INSTALLED"
if service dnscrypt-proxy status | grep -q 'running'; then if service dnscrypt-proxy status | grep -q 'running'; then
checkpoint_true "DNSCrypt service" checkpoint_true "$DNSCRYPT_SERVICE_RUNNING"
else else
checkpoint_false "DNSCrypt service" checkpoint_false "$DNSCRYPT_SERVICE_NOT_RUNNING"
echo "Check config: https://cli.co/wN-tc_S" output_21
output_21 fi
fi
DNSMASQ_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.53#53\|noresolv='1'") DNSMASQ_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.53#53\|noresolv='1'")
if [ $DNSMASQ_STRING -eq 2 ]; then if [ $DNSMASQ_STRING -eq 2 ]; then
checkpoint_true "Dnsmasq config for DNSCrypt" checkpoint_true "$DNSMASQ_CONFIG_FOR_DNSCRYPT_OK"
else else
checkpoint_false "Dnsmasq config for DNSCrypt" checkpoint_false "$DNSMASQ_CONFIG_FOR_DNSCRYPT_ERROR"
echo "Check config: https://cli.co/rooc0uz" fi
fi
fi fi
# Stubby # Stubby
if opkg list-installed | grep -q stubby; then if opkg list-installed | grep -q stubby; then
checkpoint_true "Stubby package" checkpoint_true "$STUBBY_INSTALLED"
if service stubby status | grep -q 'running'; then if service stubby status | grep -q 'running'; then
checkpoint_true "Stubby service" checkpoint_true "$STUBBY_SERVICE_RUNNING"
else else
checkpoint_false "Stubby service" checkpoint_false "$STUBBY_SERVICE_NOT_RUNNING"
echo "Check config: https://cli.co/HbDBT2V" output_21
output_21 fi
fi
STUBBY_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.1#5453\|noresolv='1'") STUBBY_STRING=$(uci show dhcp.@dnsmasq[0] | grep -c "127.0.0.1#5453\|noresolv='1'")
if [ $STUBBY_STRING -eq 2 ]; then if [ $STUBBY_STRING -eq 2 ]; then
checkpoint_true "Dnsmasq config for Stubby" checkpoint_true "$DNSMASQ_CONFIG_FOR_STUBBY_OK"
else else
checkpoint_false "Dnsmasq config for Stubby" checkpoint_false "$DNSMASQ_CONFIG_FOR_STUBBY_ERROR"
echo "Check config: https://cli.co/HbDBT2V" fi
fi
fi fi
# Create dump case $COMMAND in
if [[ "$1" == dump ]]; then dump)
printf "\033[36;1mCreate dump without private variables\033[0m\n" # Create dump
date > $DUMP printf "\n$COLOR_BOLD_CYAN$DUMP_CREATION$COLOR_RESET\n"
$HIVPN start >> $DUMP 2>&1 date >$DUMP_PATH
$GETDOMAINS start >> $DUMP 2>&1 $HIVPN start >>$DUMP_PATH 2>&1
uci show firewall >> $DUMP $GETDOMAINS_SCRIPT_PATH start >>$DUMP_PATH 2>&1
uci show network | sed -r 's/(.*private_key=|.*preshared_key=|.*public_key=|.*endpoint_host=|.*wan.ipaddr=|.*wan.netmask=|.*wan.gateway=|.*wan.dns|.*.macaddr=).*/\1REMOVED/' >> $DUMP uci show firewall >>$DUMP_PATH
uci show network | sed -r 's/(.*private_key=|.*preshared_key=|.*public_key=|.*endpoint_host=|.*wan.ipaddr=|.*wan.netmask=|.*wan.gateway=|.*wan.dns|.*.macaddr=).*/\1REMOVED/' >>$DUMP_PATH
echo "Dump is here: $DUMP" printf "$DUMP_DETAILS\n"
echo "For download Linux/Mac use:" ;;
echo "scp root@IP_ROUTER:$DUMP ." dns)
echo "For Windows use PSCP or WSL" # Check DNS
fi printf "\n$COLOR_BOLD_CYAN$DNS_CHECK$COLOR_RESET\n"
# Check DNS
if [[ "$1" == dns ]]; then
printf "\033[36;1mCheck DNS servers\033[0m\n"
DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4" DNS_SERVERS="1.1.1.1 8.8.8.8 8.8.4.4"
DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com" DOH_DNS_SERVERS="cloudflare-dns.com 1.1.1.1 mozilla.cloudflare-dns.com security.cloudflare-dns.com"
DOMAINS="instagram.com facebook.com" DOMAINS="instagram.com facebook.com"
echo "1. Block DNS traffic (Port 53/udp is available)" echo "1. $IS_DNS_TRAFFIC_BLOCKED"
for i in $DNS_SERVERS; for i in $DNS_SERVERS; do
do if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then
if nslookup -type=a -timeout=2 -retry=1 itdog.info $i | grep -q "timed out"; then checkpoint_false "$i"
checkpoint_false "$i" else
else checkpoint_true "$i"
checkpoint_true "$i" fi
fi
done done
echo "2. DoH available" echo "2. $IS_DOH_AVAILABLE"
for i in $DOH_DNS_SERVERS; for i in $DOH_DNS_SERVERS; do
do if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
if curl --connect-timeout 5 -s -H "accept: application/dns-json" "https://$i/dns-query?name=itdog.info&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then checkpoint_true "$i"
checkpoint_true "$i" else
else checkpoint_false "$i"
checkpoint_false "$i" fi
fi
done done
echo "3. The response not contains an address from 127.0.0.0/8" echo "3. $RESPONSE_NOT_CONTAINS_127_0_0_8"
for i in $DOMAINS; for i in $DOMAINS; do
do if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then
if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '127\.[0-9]{1,3}\.'; then checkpoint_false "$i"
checkpoint_false "$i" else
else checkpoint_true "$i"
checkpoint_true "$i" fi
fi
done done
echo "4. One IP for two different domains" echo "4. $ONE_IP_FOR_TWO_DOMAINS"
FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}') FIRSTIP=$(nslookup -type=a instagram.com | awk '/^Address: / {print $2}')
SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}') SECONDIP=$(nslookup -type=a facebook.com | awk '/^Address: / {print $2}')
if [ "$FIRSTIP" = "$SECONDIP" ] ; then if [ "$FIRSTIP" = "$SECONDIP" ]; then
checkpoint_false "IP addresses are the same" checkpoint_false "$IPS_ARE_THE_SAME"
else else
checkpoint_true "Different IP addresses" checkpoint_true "$IPS_ARE_DIFFERENT"
fi fi
echo "5. The response is not blank" echo "5. $RESPONSE_IS_NOT_BLANK"
for i in $DOMAINS; for i in $DOMAINS; do
do if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then
if nslookup -type=a -timeout=2 -retry=1 $i | awk '/^Address: / {print $2}' | grep -q -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'; then checkpoint_true "$i"
checkpoint_true "$i" else
else checkpoint_false "$i"
checkpoint_false "$i" fi
fi
done done
echo "6. Сomparing response from unencrypted DNS and DoH (DNS poisoning)" echo "6. $DNS_POISONING_CHECK"
DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}') DOHIP=$(curl -s -H "accept: application/dns-json" "https://1.1.1.1/dns-query?name=facebook.com&type=A" | awk -F"data\":\"" '/data":"/{print $2}' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}') OPENIP=$(nslookup -type=a -timeout=2 facebook.com 1.1.1.1 | awk '/^Address: / {print $2}')
if [ "$DOHIP" = "$OPENIP" ]; then if [ "$DOHIP" = "$OPENIP" ]; then
checkpoint_true "IPs match" checkpoint_true "$IPS_ARE_THE_SAME"
else else
checkpoint_false "IPs not match" checkpoint_false "$IPS_ARE_DIFFERENT"
fi fi
fi ;;
*) ;;
esac
# Info # Info
echo -e "\nTelegram channel: https://t.me/itdoginfo" echo -e "\n$TELEGRAM_CHANNEL: https://t.me/itdoginfo"
echo "Telegram chat: https://t.me/itdogchat" echo "$TELEGRAM_CHAT: https://t.me/itdogchat"

338
getdomains-install.sh
View File

@@ -28,6 +28,8 @@ sleep 10
ip route add table vpn default dev tun0 ip route add table vpn default dev tun0
EOF EOF
fi fi
cp /etc/hotplug.d/iface/30-vpnroute /etc/hotplug.d/net/30-vpnroute
} }
add_mark() { add_mark() {
@@ -53,7 +55,8 @@ add_tunnel() {
echo "4) tun2socks" echo "4) tun2socks"
echo "5) wgForYoutube" echo "5) wgForYoutube"
echo "6) Amnezia WireGuard" echo "6) Amnezia WireGuard"
echo "7) Skip this step" echo "7) Amnezia WireGuard For Youtube"
echo "8) Skip this step"
while true; do while true; do
read -r -p '' TUNNEL read -r -p '' TUNNEL
@@ -90,6 +93,11 @@ add_tunnel() {
;; ;;
7) 7)
TUNNEL=awgForYoutube
break
;;
8)
echo "Skip" echo "Skip"
TUNNEL=0 TUNNEL=0
break break
@@ -227,97 +235,17 @@ EOF
fi fi
if [ "$TUNNEL" == 'wgForYoutube' ]; then if [ "$TUNNEL" == 'wgForYoutube' ]; then
add_internal_wg add_internal_wg Wireguard
fi
if [ "$TUNNEL" == 'awgForYoutube' ]; then
add_internal_wg AmneziaWG
fi fi
if [ "$TUNNEL" == 'awg' ]; then if [ "$TUNNEL" == 'awg' ]; then
printf "\033[32;1mConfigure Amnezia WireGuard\033[0m\n" printf "\033[32;1mConfigure Amnezia WireGuard\033[0m\n"
# Получение pkgarch с наибольшим приоритетом install_awg_packages
PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
AWG_DIR="/tmp/amneziawg"
mkdir -p "$AWG_DIR"
if opkg list-installed | grep -q amneziawg-tools; then
echo "amneziawg-tools already installed"
else
AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
curl -L -o "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q kmod-amneziawg; then
echo "kmod-amneziawg already installed"
else
KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q luci-app-amneziawg; then
echo "luci-app-amneziawg already installed"
else
LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
fi
rm -rf "$AWG_DIR"
route_vpn route_vpn
@@ -395,7 +323,19 @@ dnsmasqfull() {
opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/ opkg remove dnsmasq && opkg install dnsmasq-full --cache /tmp/
[ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp [ -f /etc/config/dhcp-opkg ] && cp /etc/config/dhcp /etc/config/dhcp-old && mv /etc/config/dhcp-opkg /etc/config/dhcp
fi fi
}
s
dnsmasqconfdir() {
if [ $VERSION_ID -ge 24 ]; then
if uci get dhcp.@dnsmasq[0].confdir | grep -q /tmp/dnsmasq.d; then
printf "\033[32;1mconfdir already set\033[0m\n"
else
printf "\033[32;1mSetting confdir\033[0m\n"
uci set dhcp.@dnsmasq[0].confdir='/tmp/dnsmasq.d'
uci commit dhcp
fi
fi
} }
remove_forwarding() { remove_forwarding() {
@@ -636,19 +576,21 @@ add_dns_resolver() {
} }
add_packages() { add_packages() {
if opkg list-installed | grep -q "curl -"; then for package in curl nano; do
printf "\033[32;1mCurl already installed\033[0m\n" if opkg list-installed | grep -q "^$package "; then
else printf "\033[32;1m$package already installed\033[0m\n"
printf "\033[32;1mInstall curl\033[0m\n" else
opkg install curl printf "\033[32;1mInstalling $package...\033[0m\n"
fi opkg install "$package"
if opkg list-installed | grep -q nano; then if "$package" --version >/dev/null 2>&1; then
printf "\033[32;1mNano already installed\033[0m\n" printf "\033[32;1m$package was successfully installed and available\033[0m\n"
else else
printf "\033[32;1mInstall nano\033[0m\n" printf "\033[31;1mError: failed to install $package\033[0m\n"
opkg install nano exit 1
fi fi
fi
done
} }
add_getdomains() { add_getdomains() {
@@ -746,12 +688,29 @@ EOF
} }
add_internal_wg() { add_internal_wg() {
printf "\033[32;1mConfigure WireGuard\033[0m\n" PROTOCOL_NAME=$1
if opkg list-installed | grep -q wireguard-tools; then printf "\033[32;1mConfigure ${PROTOCOL_NAME}\033[0m\n"
echo "Wireguard already installed" if [ "$PROTOCOL_NAME" = 'Wireguard' ]; then
else INTERFACE_NAME="wg1"
echo "Installed wg..." CONFIG_NAME="wireguard_wg1"
opkg install wireguard-tools PROTO="wireguard"
ZONE_NAME="wg_internal"
if opkg list-installed | grep -q wireguard-tools; then
echo "Wireguard already installed"
else
echo "Installed wg..."
opkg install wireguard-tools
fi
fi
if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
INTERFACE_NAME="awg1"
CONFIG_NAME="amneziawg_awg1"
PROTO="amneziawg"
ZONE_NAME="awg_internal"
install_awg_packages
fi fi
read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT read -r -p "Enter the private key (from [Interface]):"$'\n' WG_PRIVATE_KEY_INT
@@ -775,24 +734,49 @@ add_internal_wg() {
echo $WG_ENDPOINT_PORT_INT echo $WG_ENDPOINT_PORT_INT
fi fi
uci set network.wg1=interface if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
uci set network.wg1.proto='wireguard' read -r -p "Enter Jc value (from [Interface]):"$'\n' AWG_JC
uci set network.wg1.private_key=$WG_PRIVATE_KEY_INT read -r -p "Enter Jmin value (from [Interface]):"$'\n' AWG_JMIN
uci set network.wg1.listen_port='51820' read -r -p "Enter Jmax value (from [Interface]):"$'\n' AWG_JMAX
uci set network.wg1.addresses=$WG_IP read -r -p "Enter S1 value (from [Interface]):"$'\n' AWG_S1
read -r -p "Enter S2 value (from [Interface]):"$'\n' AWG_S2
if ! uci show network | grep -q wireguard_wg1; then read -r -p "Enter H1 value (from [Interface]):"$'\n' AWG_H1
uci add network wireguard_wg1 read -r -p "Enter H2 value (from [Interface]):"$'\n' AWG_H2
read -r -p "Enter H3 value (from [Interface]):"$'\n' AWG_H3
read -r -p "Enter H4 value (from [Interface]):"$'\n' AWG_H4
fi fi
uci set network.@wireguard_wg1[0]=wireguard_wg1
uci set network.@wireguard_wg1[0].name='wg1_client' uci set network.${INTERFACE_NAME}=interface
uci set network.@wireguard_wg1[0].public_key=$WG_PUBLIC_KEY_INT uci set network.${INTERFACE_NAME}.proto=$PROTO
uci set network.@wireguard_wg1[0].preshared_key=$WG_PRESHARED_KEY_INT uci set network.${INTERFACE_NAME}.private_key=$WG_PRIVATE_KEY_INT
uci set network.@wireguard_wg1[0].route_allowed_ips='0' uci set network.${INTERFACE_NAME}.listen_port='51821'
uci set network.@wireguard_wg1[0].persistent_keepalive='25' uci set network.${INTERFACE_NAME}.addresses=$WG_IP
uci set network.@wireguard_wg1[0].endpoint_host=$WG_ENDPOINT_INT
uci set network.@wireguard_wg1[0].allowed_ips='0.0.0.0/0' if [ "$PROTOCOL_NAME" = 'AmneziaWG' ]; then
uci set network.@wireguard_wg1[0].endpoint_port=$WG_ENDPOINT_PORT_INT uci set network.${INTERFACE_NAME}.awg_jc=$AWG_JC
uci set network.${INTERFACE_NAME}.awg_jmin=$AWG_JMIN
uci set network.${INTERFACE_NAME}.awg_jmax=$AWG_JMAX
uci set network.${INTERFACE_NAME}.awg_s1=$AWG_S1
uci set network.${INTERFACE_NAME}.awg_s2=$AWG_S2
uci set network.${INTERFACE_NAME}.awg_h1=$AWG_H1
uci set network.${INTERFACE_NAME}.awg_h2=$AWG_H2
uci set network.${INTERFACE_NAME}.awg_h3=$AWG_H3
uci set network.${INTERFACE_NAME}.awg_h4=$AWG_H4
fi
if ! uci show network | grep -q ${CONFIG_NAME}; then
uci add network ${CONFIG_NAME}
fi
uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME
uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
uci set network.@${CONFIG_NAME}[0].public_key=$WG_PUBLIC_KEY_INT
uci set network.@${CONFIG_NAME}[0].preshared_key=$WG_PRESHARED_KEY_INT
uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0'
uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
uci set network.@${CONFIG_NAME}[0].endpoint_host=$WG_ENDPOINT_INT
uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
uci set network.@${CONFIG_NAME}[0].endpoint_port=$WG_ENDPOINT_PORT_INT
uci commit network uci commit network
grep -q "110 vpninternal" /etc/iproute2/rt_tables || echo '110 vpninternal' >> /etc/iproute2/rt_tables grep -q "110 vpninternal" /etc/iproute2/rt_tables || echo '110 vpninternal' >> /etc/iproute2/rt_tables
@@ -811,17 +795,17 @@ add_internal_wg() {
printf "\033[32;1mAdd route\033[0m\n" printf "\033[32;1mAdd route\033[0m\n"
uci set network.vpn_route_internal=route uci set network.vpn_route_internal=route
uci set network.vpn_route_internal.name='vpninternal' uci set network.vpn_route_internal.name='vpninternal'
uci set network.vpn_route_internal.interface='wg1' uci set network.vpn_route_internal.interface=$INTERFACE_NAME
uci set network.vpn_route_internal.table='vpninternal' uci set network.vpn_route_internal.table='vpninternal'
uci set network.vpn_route_internal.target='0.0.0.0/0' uci set network.vpn_route_internal.target='0.0.0.0/0'
uci commit network uci commit network
fi fi
if ! uci show firewall | grep -q "@zone.*name='wg_internal'"; then if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
printf "\033[32;1mZone Create\033[0m\n" printf "\033[32;1mZone Create\033[0m\n"
uci add firewall zone uci add firewall zone
uci set firewall.@zone[-1].name="wg_internal" uci set firewall.@zone[-1].name=$ZONE_NAME
uci set firewall.@zone[-1].network='wg1' uci set firewall.@zone[-1].network=$INTERFACE_NAME
uci set firewall.@zone[-1].forward='REJECT' uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT' uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT' uci set firewall.@zone[-1].input='REJECT'
@@ -831,12 +815,12 @@ add_internal_wg() {
uci commit firewall uci commit firewall
fi fi
if ! uci show firewall | grep -q "@forwarding.*name='wg_internal'"; then if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
printf "\033[32;1mConfigured forwarding\033[0m\n" printf "\033[32;1mConfigured forwarding\033[0m\n"
uci add firewall forwarding uci add firewall forwarding
uci set firewall.@forwarding[-1]=forwarding uci set firewall.@forwarding[-1]=forwarding
uci set firewall.@forwarding[-1].name="wg_internal-lan" uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
uci set firewall.@forwarding[-1].dest="wg_internal" uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].family='ipv4' uci set firewall.@forwarding[-1].family='ipv4'
uci commit firewall uci commit firewall
@@ -892,6 +876,94 @@ add_internal_wg() {
exit 0 exit 0
} }
install_awg_packages() {
# Получение pkgarch с наибольшим приоритетом
PKGARCH=$(opkg print-architecture | awk 'BEGIN {max=0} {if ($3 > max) {max = $3; arch = $2}} END {print arch}')
TARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 1)
SUBTARGET=$(ubus call system board | jsonfilter -e '@.release.target' | cut -d '/' -f 2)
VERSION=$(ubus call system board | jsonfilter -e '@.release.version')
PKGPOSTFIX="_v${VERSION}_${PKGARCH}_${TARGET}_${SUBTARGET}.ipk"
BASE_URL="https://github.com/Slava-Shchipunov/awg-openwrt/releases/download/"
AWG_DIR="/tmp/amneziawg"
mkdir -p "$AWG_DIR"
if opkg list-installed | grep -q amneziawg-tools; then
echo "amneziawg-tools already installed"
else
AMNEZIAWG_TOOLS_FILENAME="amneziawg-tools${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${AMNEZIAWG_TOOLS_FILENAME}"
curl -L -o "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error downloading amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$AMNEZIAWG_TOOLS_FILENAME"
if [ $? -eq 0 ]; then
echo "amneziawg-tools file downloaded successfully"
else
echo "Error installing amneziawg-tools. Please, install amneziawg-tools manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q kmod-amneziawg; then
echo "kmod-amneziawg already installed"
else
KMOD_AMNEZIAWG_FILENAME="kmod-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${KMOD_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error downloading kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$KMOD_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "kmod-amneziawg file downloaded successfully"
else
echo "Error installing kmod-amneziawg. Please, install kmod-amneziawg manually and run the script again"
exit 1
fi
fi
if opkg list-installed | grep -q luci-app-amneziawg; then
echo "luci-app-amneziawg already installed"
else
LUCI_APP_AMNEZIAWG_FILENAME="luci-app-amneziawg${PKGPOSTFIX}"
DOWNLOAD_URL="${BASE_URL}v${VERSION}/${LUCI_APP_AMNEZIAWG_FILENAME}"
curl -L -o "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME" "$DOWNLOAD_URL"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error downloading luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
opkg install "$AWG_DIR/$LUCI_APP_AMNEZIAWG_FILENAME"
if [ $? -eq 0 ]; then
echo "luci-app-amneziawg file downloaded successfully"
else
echo "Error installing luci-app-amneziawg. Please, install luci-app-amneziawg manually and run the script again"
exit 1
fi
fi
rm -rf "$AWG_DIR"
}
# System Details # System Details
MODEL=$(cat /tmp/sysinfo/model) MODEL=$(cat /tmp/sysinfo/model)
source /etc/os-release source /etc/os-release
@@ -900,8 +972,8 @@ printf "\033[34;1mVersion: $OPENWRT_RELEASE\033[0m\n"
VERSION_ID=$(echo $VERSION | awk -F. '{print $1}') VERSION_ID=$(echo $VERSION | awk -F. '{print $1}')
if [ "$VERSION_ID" -ne 23 ]; then if [ "$VERSION_ID" -ne 23 ] && [ "$VERSION_ID" -ne 24 ]; then
printf "\033[31;1mScript only support OpenWrt 23.05\033[0m\n" printf "\033[31;1mScript only support OpenWrt 23.05 and 24.10\033[0m\n"
echo "For OpenWrt 21.02 and 22.03 you can:" echo "For OpenWrt 21.02 and 22.03 you can:"
echo "1) Use ansible https://github.com/itdoginfo/domain-routing-openwrt" echo "1) Use ansible https://github.com/itdoginfo/domain-routing-openwrt"
echo "2) Configure manually. Old manual: https://itdog.info/tochechnaya-marshrutizaciya-na-routere-s-openwrt-wireguard-i-dnscrypt/" echo "2) Configure manually. Old manual: https://itdog.info/tochechnaya-marshrutizaciya-na-routere-s-openwrt-wireguard-i-dnscrypt/"
@@ -926,6 +998,8 @@ add_set
dnsmasqfull dnsmasqfull
dnsmasqconfdir
add_dns_resolver add_dns_resolver
add_getdomains add_getdomains

78
getdomains-uninstall.sh Executable file
View File

@@ -0,0 +1,78 @@
#!/bin/ash
echo "Выпиливаем скрипты"
/etc/init.d/getdomains disable
rm -rf /etc/init.d/getdomains
rm -f /etc/hotplug.d/iface/30-vpnroute /etc/hotplug.d/net/30-vpnroute
echo "Выпиливаем из crontab"
sed -i '/getdomains start/d' /etc/crontabs/root
echo "Выпиливаем домены"
rm -f /tmp/dnsmasq.d/domains.lst
echo "Чистим firewall, раз раз 🍴"
ipset_id=$(uci show firewall | grep -E '@ipset.*name=.vpn_domains.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$ipset_id" ]; then
while uci -q delete firewall.@ipset[$ipset_id]; do :; done
fi
rule_id=$(uci show firewall | grep -E '@rule.*name=.mark_domains.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$rule_id" ]; then
while uci -q delete firewall.@rule[$rule_id]; do :; done
fi
ipset_id=$(uci show firewall | grep -E '@ipset.*name=.vpn_domains_internal.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$ipset_id" ]; then
while uci -q delete firewall.@ipset[$ipset_id]; do :; done
fi
rule_id=$(uci show firewall | grep -E '@rule.*name=.mark_domains_intenal.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$rule_id" ]; then
while uci -q delete firewall.@rule[$rule_id]; do :; done
fi
ipset_id=$(uci show firewall | grep -E '@ipset.*name=.vpn_subnet.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$ipset_id" ]; then
while uci -q delete firewall.@ipset[$ipset_id]; do :; done
fi
rule_id=$(uci show firewall | grep -E '@rule.*name=.mark_subnet.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$rule_id" ]; then
while uci -q delete firewall.@rule[$rule_id]; do :; done
fi
uci commit firewall
/etc/init.d/firewall restart
echo "Чистим сеть"
sed -i '/99 vpn/d' /etc/iproute2/rt_tables
rule_id=$(uci show network | grep -E '@rule.*name=.mark0x1.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$rule_id" ]; then
while uci -q delete network.@rule[$rule_id]; do :; done
fi
rule_id=$(uci show network | grep -E '@rule.*name=.mark0x2.' | awk -F '[][{}]' '{print $2}' | head -n 1)
if [ ! -z "$rule_id" ]; then
while uci -q delete network.@rule[$rule_id]; do :; done
fi
while uci -q delete network.vpn_route_internal; do :; done
uci commit network
/etc/init.d/network restart
echo "Проверяем Dnsmasq"
if uci show dhcp | grep -q ipset; then
echo "В dnsmasq (/etc/config/dhcp) заданы домены. Нужные из них сохраните, остальные удалите вместе с ipset"
fi
echo "Все туннели, прокси, зоны и forwarding к ним оставляем на месте, они вам не помешают и скорее пригодятся"
echo "Dnscrypt, stubby тоже не трогаем"
echo " ______ _____ _____ _____ ______ _ _ _____ _____"
echo " | ____ | | |_____] | | | \ |____/ | | |_____]"
echo " |_____| |_____| | |_____| |_____/ | \_ |_____| | "

17
tasks/main.yml
View File

@@ -6,6 +6,15 @@
shell: opkg list-installed | grep dnsmasq-full | awk '{print $3}' shell: opkg list-installed | grep dnsmasq-full | awk '{print $3}'
register: dnsmasqfull_version register: dnsmasqfull_version
- name: Check confdir option
shell: uci get dhcp.@dnsmasq[0].confdir
register: dnsmasq_confdir
ignore_errors: true
- name: Get openwrt major release
shell: cat /etc/openwrt_release | grep -Eo [0-9]{2}[.][0-9]{2}[.][0-9]* | cut -d '.' -f 1 | tail -n 1
register: openwrt_major_release
- name: debug - name: debug
debug: debug:
var: ansible_distribution_major_version var: ansible_distribution_major_version
@@ -63,6 +72,14 @@
when: ansible_distribution_major_version >= "23" and list_domains and not dnsmasqfull_version.stdout when: ansible_distribution_major_version >= "23" and list_domains and not dnsmasqfull_version.stdout
ignore_errors: true ignore_errors: true
- name: set confdir for dnsmasq
uci:
command: set
key: dhcp.@dnsmasq[0]
value:
confdir: "/tmp/dnsmasq.d"
when: dnsmasq_confdir.stdout != "/tmp/dnsmasq.d" and openwrt_major_release >= 24
# Getdomains script configure # Getdomains script configure
- name: getdomains script copy - name: getdomains script copy