update 03-30 20:27

2025-01-07 07:06:58 +08:00 · 2022-03-30 20:27:19 +08:00 · 2022-03-30 20:27:19 +08:00 · 94d6bf81df
commit 94d6bf81df
parent c18dfaf51e
11 changed files with 150 additions and 128 deletions
--- a/luci-app-ipsec-server/Makefile
+++ b/luci-app-ipsec-server/Makefile
@ -5,11 +5,19 @@

 include $(TOPDIR)/rules.mk

+PKG_NAME:=luci-app-ipsec-server
+PKG_VERSION:=20211223
+PKG_RELEASE:=2
+
+PKG_MAINTAINER:=Lienol <lawlienol@gmail.com>
+
 LUCI_TITLE:=LuCI support for IPSec VPN Server
 LUCI_DEPENDS:=+kmod-tun +luci-lib-jsonc +strongswan +strongswan-minimal +strongswan-mod-kernel-libipsec +strongswan-mod-openssl +strongswan-mod-xauth-generic +xl2tpd
 LUCI_PKGARCH:=all
-PKG_VERSION:=20211223
-PKG_RELEASE:=1
+
+define Package/$(PKG_NAME)/conffiles
+/etc/config/luci-app-ipsec-server
+endef

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/luci-app-ipsec-server/luasrc/controller/ipsec-server.lua
+++ b/luci-app-ipsec-server/luasrc/controller/ipsec-server.lua
@ -2,23 +2,23 @@
 module("luci.controller.ipsec-server", package.seeall)

 function index()
-    if not nixio.fs.access("/etc/config/luci-app-ipsec-server") then
-        return
-    end
+	if not nixio.fs.access("/etc/config/luci-app-ipsec-server") then
+		return
+	end

-    entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false
-    entry({"admin", "vpn", "ipsec-server"}, alias("admin", "vpn", "ipsec-server", "settings"), _("IPSec VPN Server"), 49).dependent = false
-    entry({"admin", "vpn", "ipsec-server", "settings"}, cbi("ipsec-server/settings"), _("General Settings"), 10).leaf = true
-    entry({"admin", "vpn", "ipsec-server", "users"}, cbi("ipsec-server/users"), _("Users Manager"), 20).leaf = true
-    entry({"admin", "vpn", "ipsec-server", "l2tp_user"}, cbi("ipsec-server/l2tp_user")).leaf = true
-    entry({"admin", "vpn", "ipsec-server", "online"}, cbi("ipsec-server/online"), _("L2TP Online Users"), 30).leaf = true
-    entry({"admin", "vpn", "ipsec-server", "status"}, call("act_status")).leaf = true
+	entry({"admin", "vpn"}, firstchild(), "VPN", 45).dependent = false
+	entry({"admin", "vpn", "ipsec-server"}, alias("admin", "vpn", "ipsec-server", "settings"), _("IPSec VPN Server"), 49).dependent = false
+	entry({"admin", "vpn", "ipsec-server", "settings"}, cbi("ipsec-server/settings"), _("General Settings"), 10).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "users"}, cbi("ipsec-server/users"), _("Users Manager"), 20).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "l2tp_user"}, cbi("ipsec-server/l2tp_user")).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "online"}, cbi("ipsec-server/online"), _("L2TP Online Users"), 30).leaf = true
+	entry({"admin", "vpn", "ipsec-server", "status"}, call("act_status")).leaf = true
 end

 function act_status()
-    local e = {}
-    e["ipsec_status"] = luci.sys.call("/usr/bin/pgrep ipsec >/dev/null") == 0
-    e["l2tp_status"] = luci.sys.call("top -bn1 | grep -v grep | grep '/var/etc/xl2tpd' >/dev/null") == 0
-    luci.http.prepare_content("application/json")
-    luci.http.write_json(e)
+	local e = {}
+	e["ipsec_status"] = luci.sys.call("/usr/bin/pgrep ipsec >/dev/null") == 0
+	e["l2tp_status"] = luci.sys.call("top -bn1 | grep -v grep | grep '/var/etc/xl2tpd' >/dev/null") == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
 end
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/l2tp_user.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/l2tp_user.lua
@ -5,31 +5,31 @@ m = Map("luci-app-ipsec-server", "L2TP/IPSec PSK " .. translate("Users Manager")
 m.redirect = d.build_url("admin", "vpn", "ipsec-server", "users")

 if sys.call("command -v xl2tpd > /dev/null") == 0 then
-    s = m:section(NamedSection, arg[1], "l2tp_users", "")
-    s.addremove = false
-    s.anonymous = true
+	s = m:section(NamedSection, arg[1], "l2tp_users", "")
+	s.addremove = false
+	s.anonymous = true

-    o = s:option(Flag, "enabled", translate("Enabled"))
-    o.default = 1
-    o.rmempty = false
+	o = s:option(Flag, "enabled", translate("Enabled"))
+	o.default = 1
+	o.rmempty = false

-    o = s:option(Value, "username", translate("Username"))
-    o.placeholder = translate("Username")
-    o.rmempty = false
+	o = s:option(Value, "username", translate("Username"))
+	o.placeholder = translate("Username")
+	o.rmempty = false

-    o = s:option(Value, "password", translate("Password"))
-    o.placeholder = translate("Password")
-    o.rmempty = false
+	o = s:option(Value, "password", translate("Password"))
+	o.placeholder = translate("Password")
+	o.rmempty = false

-    o = s:option(Value, "ipaddress", translate("IP address"))
-    o.placeholder = translate("Automatically")
-    o.datatype = "ip4addr"
-    o.rmempty = true
+	o = s:option(Value, "ipaddress", translate("IP address"))
+	o.placeholder = translate("Automatically")
+	o.datatype = "ip4addr"
+	o.rmempty = true

-    o = s:option(DynamicList, "routes", translate("Static Routes"))
-    o.placeholder = "192.168.10.0/24"
-    o.datatype = "ipmask4"
-    o.rmempty = true
+	o = s:option(DynamicList, "routes", translate("Static Routes"))
+	o.placeholder = "192.168.10.0/24"
+	o.datatype = "ipmask4"
+	o.rmempty = true
 end

 return m
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/online.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/online.lua
@ -5,29 +5,29 @@ local jsonc = require "luci.jsonc"
 local sessions = {}
 local session_path = "/var/etc/xl2tpd/session"
 if fs.access(session_path) then
-    for filename in fs.dir(session_path) do
-        local session_file = session_path .. "/" .. filename
-        local file = io.open(session_file, "r")
-        local t = jsonc.parse(file:read("*a"))
-        if t then
-            t.session_file = session_file
-            sessions[#sessions + 1] = t
-        end
-        file:close()
-    end
+	for filename in fs.dir(session_path) do
+		local session_file = session_path .. "/" .. filename
+		local file = io.open(session_file, "r")
+		local t = jsonc.parse(file:read("*a"))
+		if t then
+			t.session_file = session_file
+			sessions[#sessions + 1] = t
+		end
+		file:close()
+	end
 end

 local blacklist = {}
 local firewall_user_path = "/etc/firewall.user"
 if fs.access(firewall_user_path) then
-    for line in io.lines(firewall_user_path) do
-        local m = line:match('xl2tpd%-blacklist%-([^\n]+)')
-        if m then
-            local t = {}
-            t.ip = m
-            blacklist[#blacklist + 1] = t
-        end
-    end
+	for line in io.lines(firewall_user_path) do
+		local m = line:match('xl2tpd%-blacklist%-([^\n]+)')
+		if m then
+			local t = {}
+			t.ip = m
+			blacklist[#blacklist + 1] = t
+		end
+	end
 end

 f = SimpleForm("processes")
@ -43,25 +43,25 @@ t:option(DummyValue, "login_time", translate("Login Time"))

 _blacklist = t:option(Button, "_blacklist", translate("Blacklist"))
 function _blacklist.render(e, t, a)
-    e.title = translate("Add to Blacklist")
-    e.inputstyle = "remove"
-    Button.render(e, t, a)
+	e.title = translate("Add to Blacklist")
+	e.inputstyle = "remove"
+	Button.render(e, t, a)
 end
 function _blacklist.write(t, s)
-    local e = t.map:get(s, "remote_ip")
-    luci.util.execi("echo 'iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP ## xl2tpd-blacklist-%s' >> /etc/firewall.user" % {e, e})
-    luci.util.execi("iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
-    luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
-    null, t.tag_error[s] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
-    luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+	local e = t.map:get(s, "remote_ip")
+	luci.util.execi("echo 'iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP ## xl2tpd-blacklist-%s' >> /etc/firewall.user" % {e, e})
+	luci.util.execi("iptables -I INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
+	luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
+	null, t.tag_error[s] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
 end

 _kill = t:option(Button, "_kill", translate("Forced offline"))
 _kill.inputstyle = "remove"
 function _kill.write(t, s)
-    luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
-    null, t.tag_error[t] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
-    luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+	luci.util.execi("rm -f " .. t.map:get(s, "session_file"))
+	null, t.tag_error[t] = luci.sys.process.signal(t.map:get(s, "pid"), 9)
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
 end

 t = f:section(Table, blacklist, translate("Blacklist"))
@ -69,15 +69,15 @@ t:option(DummyValue, "ip", translate("IP address"))

 _blacklist2 = t:option(Button, "_blacklist2", translate("Blacklist"))
 function _blacklist2.render(e, t, a)
-    e.title = translate("Remove from Blacklist")
-    e.inputstyle = "apply"
-    Button.render(e, t, a)
+	e.title = translate("Remove from Blacklist")
+	e.inputstyle = "apply"
+	Button.render(e, t, a)
 end
 function _blacklist2.write(t, s)
-    local e = t.map:get(s, "ip")
-    luci.util.execi("sed -i -e '/## xl2tpd-blacklist-%s/d' /etc/firewall.user" % {e})
-    luci.util.execi("iptables -D INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
-    luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
+	local e = t.map:get(s, "ip")
+	luci.util.execi("sed -i -e '/## xl2tpd-blacklist-%s/d' /etc/firewall.user" % {e})
+	luci.util.execi("iptables -D INPUT -s %s -p udp -m multiport --dports 500,4500,1701 -j DROP" % {e})
+	luci.http.redirect(o.build_url("admin/vpn/ipsec-server/online"))
 end

 return f
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/settings.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/settings.lua
@ -9,16 +9,17 @@ s.anonymous = true
 o = s:option(DummyValue, "ipsec-server_status", translate("Current Condition"))
 o.rawhtml = true
 o.cfgvalue = function(t, n)
-    return '<font class="ipsec-server_status"></font>'
+	return '<font class="ipsec-server_status"></font>'
 end

-enabled = s:option(Flag, "enabled", translate("Enable"), translate("Use a client that supports IPSec Xauth PSK (iOS or Android) to connect to this server."))
+enabled = s:option(Flag, "enabled", translate("Enable"))
+enabled.description = translate("Use a client that supports IPSec Xauth PSK (iOS or Android) to connect to this server.")
 enabled.default = 0
 enabled.rmempty = false

 clientip = s:option(Value, "clientip", translate("VPN Client IP"))
-clientip.datatype = "ip4addr"
 clientip.description = translate("VPN Client reserved started IP addresses with the same subnet mask, such as: 192.168.100.10/24")
+clientip.datatype = "ip4addr"
 clientip.optional = false
 clientip.rmempty = false

@ -26,35 +27,38 @@ secret = s:option(Value, "secret", translate("Secret Pre-Shared Key"))
 secret.password = true

 if sys.call("command -v xl2tpd > /dev/null") == 0 then
-    o = s:option(DummyValue, "l2tp_status", "L2TP " .. translate("Current Condition"))
-    o.rawhtml = true
-    o.cfgvalue = function(t, n)
-        return '<font class="l2tp_status"></font>'
-    end
+	o = s:option(DummyValue, "l2tp_status", "L2TP " .. translate("Current Condition"))
+	o.rawhtml = true
+	o.cfgvalue = function(t, n)
+		return '<font class="l2tp_status"></font>'
+	end

-    o = s:option(Flag, "l2tp_enable", "L2TP " .. translate("Enable"), translate("Use a client that supports L2TP over IPSec PSK to connect to this server."))
-    o.default = 0
-    o.rmempty = false
+	o = s:option(Flag, "l2tp_enable", "L2TP " .. translate("Enable"))
+	o.description = translate("Use a client that supports L2TP over IPSec PSK to connect to this server.")
+	o.default = 0
+	o.rmempty = false

-    o = s:option(Value, "l2tp_localip", "L2TP " .. translate("Server IP"), translate("VPN Server IP address, such as: 192.168.101.1"))
-    o.datatype = "ip4addr"
-    o.rmempty = true
-    o.default = "192.168.101.1"
-    o.placeholder = o.default
+	o = s:option(Value, "l2tp_localip", "L2TP " .. translate("Server IP"))
+	o.description = translate("VPN Server IP address, such as: 192.168.101.1")
+	o.datatype = "ip4addr"
+	o.rmempty = true
+	o.default = "192.168.101.1"
+	o.placeholder = o.default

-    o = s:option(Value, "l2tp_remoteip", "L2TP " .. translate("Client IP"), translate("VPN Client IP address range, such as: 192.168.101.10-20"))
-    o.rmempty = true
-    o.default = "192.168.101.10-20"
-    o.placeholder = o.default
+	o = s:option(Value, "l2tp_remoteip", "L2TP " .. translate("Client IP"))
+	o.description = translate("VPN Client IP address range, such as: 192.168.101.10-20")
+	o.rmempty = true
+	o.default = "192.168.101.10-20"
+	o.placeholder = o.default

-    if sys.call("ls -L /usr/lib/ipsec/libipsec* 2>/dev/null >/dev/null") == 0 then 
-        o = s:option(DummyValue, "_o", " ")
-        o.rawhtml = true
-        o.cfgvalue = function(t, n)
-            return string.format('<a style="color: red">%s</a>', translate("L2TP/IPSec is not compatible with kernel-libipsec, which will disable this module."))
-        end
-        o:depends("l2tp_enable", true)
-    end
+	if sys.call("ls -L /usr/lib/ipsec/libipsec* 2>/dev/null >/dev/null") == 0 then 
+		o = s:option(DummyValue, "_o", " ")
+		o.rawhtml = true
+		o.cfgvalue = function(t, n)
+			return string.format('<a style="color: red">%s</a>', translate("L2TP/IPSec is not compatible with kernel-libipsec, which will disable this module."))
+		end
+		o:depends("l2tp_enable", true)
+	end
 end

 return m
--- a/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/users.lua
+++ b/luci-app-ipsec-server/luasrc/model/cbi/ipsec-server/users.lua
@ -22,33 +22,33 @@ o.placeholder = translate("Password")
 o.rmempty = false

 if sys.call("command -v xl2tpd > /dev/null") == 0 then
-    s = m:section(TypedSection, "l2tp_users", "L2TP/IPSec PSK " .. translate("Users Manager"))
-    s.description = translate("Use a client that supports L2TP over IPSec PSK to connect to this server.")
-    s.addremove = true
-    s.anonymous = true
-    s.template = "cbi/tblsection"
-    s.extedit = d.build_url("admin", "vpn", "ipsec-server", "l2tp_user", "%s")
-    function s.create(e, t)
-        t = TypedSection.create(e, t)
-        luci.http.redirect(e.extedit:format(t))
+	s = m:section(TypedSection, "l2tp_users", "L2TP/IPSec PSK " .. translate("Users Manager"))
+	s.description = translate("Use a client that supports L2TP over IPSec PSK to connect to this server.")
+	s.addremove = true
+	s.anonymous = true
+	s.template = "cbi/tblsection"
+	s.extedit = d.build_url("admin", "vpn", "ipsec-server", "l2tp_user", "%s")
+	function s.create(e, t)
+		t = TypedSection.create(e, t)
+		luci.http.redirect(e.extedit:format(t))
    end

-    o = s:option(Flag, "enabled", translate("Enabled"))
-    o.default = 1
-    o.rmempty = false
+	o = s:option(Flag, "enabled", translate("Enabled"))
+	o.default = 1
+	o.rmempty = false

-    o = s:option(Value, "username", translate("Username"))
-    o.placeholder = translate("Username")
-    o.rmempty = false
+	o = s:option(Value, "username", translate("Username"))
+	o.placeholder = translate("Username")
+	o.rmempty = false

-    o = s:option(Value, "password", translate("Password"))
-    o.placeholder = translate("Password")
-    o.rmempty = false
+	o = s:option(Value, "password", translate("Password"))
+	o.placeholder = translate("Password")
+	o.rmempty = false

-    o = s:option(Value, "ipaddress", translate("IP address"))
-    o.placeholder = translate("Automatically")
-    o.datatype = "ip4addr"
-    o.rmempty = true
+	o = s:option(Value, "ipaddress", translate("IP address"))
+	o.placeholder = translate("Automatically")
+	o.datatype = "ip4addr"
+	o.rmempty = true
 end

 return m
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.51
-PKG_RELEASE:=7
+PKG_VERSION:=4.52
+PKG_RELEASE:=1

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -1440,6 +1440,7 @@ stop() {
 	rm -rf ${TMP_PATH}
 	rm -rf /tmp/lock/${CONFIG}_script.lock
 	echolog "清空并关闭相关程序和缓存完成。"
+	/etc/init.d/sysctl restart
 	exit 0
 }

--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -408,6 +408,7 @@ load_acl() {
 					}
 				fi
 				udp_node_remark=$(config_n_get $udp_node remarks)
+				udp_flag=1
 			}
 			
 			for i in $(echo -e ${rule_list}); do
@ -626,6 +627,7 @@ load_acl() {
 			fi

 			echolog "${msg}"
+			udp_flag=1
 		}
 	fi
 	$ipt_m -A PSW $(comment "默认") -p udp -j RETURN
@ -1132,6 +1134,10 @@ add_firewall_rule() {

 	# dns_hijack "force"

+	[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
+		sysctl -w net.bridge.bridge-nf-call-iptables=0 2>/dev/null
+		[ "$PROXY_IPV6" == "1" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=0 2>/dev/null
+	}
 	echolog "防火墙规则加载完成！"
 }

--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@ -5,8 +5,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=1.1
-PKG_RELEASE:=4
+PKG_VERSION:=1.2
+PKG_RELEASE:=1

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@ -680,6 +680,8 @@ start() {
 			run_global
 			source $APP_PATH/iptables.sh start
 			source $APP_PATH/helper_dnsmasq.sh logic_restart
+			sysctl -w net.bridge.bridge-nf-call-iptables=0 2>/dev/null
+			[ "$PROXY_IPV6" == "1" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=0 2>/dev/null
 		fi
 	}
 	start_crontab
@ -700,6 +702,7 @@ stop() {
 	rm -rf ${TMP_PATH}
 	rm -rf /tmp/lock/${CONFIG}_script.lock
 	echolog "清空并关闭相关程序和缓存完成。"
+	/etc/init.d/sysctl restart
 	exit 0
 }