├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── workflows │ └── release.yml ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── VERSION ├── common └── ipk │ ├── common │ ├── env │ ├── env-openwrt │ ├── postinst │ ├── postinst-multi │ ├── postinst-openwrt │ ├── postrm │ ├── preinst │ ├── prerm │ └── prerm-openwrt ├── etc ├── init.d │ ├── common │ ├── entware-end │ ├── entware-start │ ├── openwrt-end │ └── openwrt-start ├── ndm │ └── netfilter.d │ │ └── 100-tpws.sh └── tpws │ ├── auto.list │ ├── exclude.list │ ├── tpws.conf │ └── user.list └── keys ├── README └── public.key /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: "[BUG] " 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Опишите проблему** 11 | Подробно опишите что делали и что не работает. 12 | 13 | **Модель маршрутизатора** 14 | Укажите полную модель роутера и прошивку 15 | 16 | **Провайдер** 17 | Укажите вашего провайдера и тип подключения (ppp/ethernet/...) 18 | 19 | **Выполните команды и приложите их вывод** 20 | `opkg info tpws-keenetic` 21 | ``` 22 | <ВСТАВИТЬ СЮДА> 23 | ``` 24 | 25 | `/opt/etc/init.d/S51tpws restart` 26 | ``` 27 | <ВСТАВИТЬ СЮДА> 28 | ``` 29 | 30 | `cat /opt/etc/tpws/tpws.conf` 31 | ``` 32 | <ВСТАВИТЬ СЮДА> 33 | ``` 34 | 35 | `ps | grep tpws` 36 | ``` 37 | <ВСТАВИТЬ СЮДА> 38 | ``` 39 | 40 | `iptables-save | grep 999` 41 | ``` 42 | <ВСТАВИТЬ СЮДА> 43 | ``` 44 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: "[Feature request] " 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Подробно опишите проблему** 11 | ... 12 | 13 | **Какое решение вы предлагаете?** 14 | ... 15 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: Build and publish release 2 | 3 | on: 4 | workflow_dispatch: 5 | branches: 6 | - master 7 | # push: 8 | # branches: 9 | # - 'master' 10 | # pull_request: 11 | # branches: 12 | # - 'master' 13 | 14 | permissions: 15 | contents: write 16 | pages: write 17 | id-token: write 18 | 19 | concurrency: 20 | group: "pages" 21 | cancel-in-progress: false 22 | 23 | jobs: 24 | build_release: 25 | runs-on: ubuntu-latest 26 | 27 | steps: 28 | - name: Checkout repository 29 | uses: actions/checkout@v4 30 | 31 | - name: Bump version file 32 | uses: francktrouillez/auto-bump-version-file@v1 33 | with: 34 | file: 'VERSION' 35 | 36 | - name: Read version 37 | id: version 38 | uses: juliangruber/read-file-action@v1 39 | with: 40 | path: ./VERSION 41 | trim: true 42 | 43 | - name: Build packages 44 | run: make packages 45 | 46 | - name: Commit and push version file 47 | run: | 48 | git config --local user.email "github-actions[bot]@users.noreply.github.com" 49 | git config --local user.name "github-actions[bot]" 50 | git add VERSION 51 | git commit -m "Version ${{ steps.version.outputs.content }}" 52 | git tag -a v${{ steps.version.outputs.content }} -m "Version ${{ steps.version.outputs.content }}" 53 | git push origin v${{ steps.version.outputs.content }} 54 | git push 55 | 56 | - name: Create Release 57 | id: create_release 58 | uses: actions/create-release@v1.1.4 59 | env: 60 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 61 | with: 62 | tag_name: v${{ steps.version.outputs.content }} 63 | release_name: Release v${{ steps.version.outputs.content }} 64 | draft: false 65 | prerelease: false 66 | 67 | - name: Upload Release mips 68 | uses: actions/upload-release-asset@v1 69 | env: 70 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 71 | with: 72 | upload_url: ${{ steps.create_release.outputs.upload_url }} 73 | asset_path: ./out/tpws-keenetic_${{ steps.version.outputs.content }}_mips-3.4.ipk 74 | asset_name: tpws-keenetic_${{ steps.version.outputs.content }}_mips-3.4.ipk 75 | asset_content_type: application/octet-stream 76 | 77 | - name: Upload Release mipsel 78 | uses: actions/upload-release-asset@v1 79 | env: 80 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 81 | with: 82 | upload_url: ${{ steps.create_release.outputs.upload_url }} 83 | asset_path: ./out/tpws-keenetic_${{ steps.version.outputs.content }}_mipsel-3.4.ipk 84 | asset_name: tpws-keenetic_${{ steps.version.outputs.content }}_mipsel-3.4.ipk 85 | asset_content_type: application/octet-stream 86 | 87 | - name: Upload Release aarch64 88 | uses: actions/upload-release-asset@v1 89 | env: 90 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 91 | with: 92 | upload_url: ${{ steps.create_release.outputs.upload_url }} 93 | asset_path: ./out/tpws-keenetic_${{ steps.version.outputs.content }}_aarch64-3.10.ipk 94 | asset_name: tpws-keenetic_${{ steps.version.outputs.content }}_aarch64-3.10.ipk 95 | asset_content_type: application/octet-stream 96 | 97 | - name: Upload Release multiarch 98 | uses: actions/upload-release-asset@v1 99 | env: 100 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 101 | with: 102 | upload_url: ${{ steps.create_release.outputs.upload_url }} 103 | asset_path: ./out/tpws-keenetic_${{ steps.version.outputs.content }}_all_entware.ipk 104 | asset_name: tpws-keenetic_${{ steps.version.outputs.content }}_all_entware.ipk 105 | asset_content_type: application/octet-stream 106 | 107 | - name: Upload Release openwrt 108 | uses: actions/upload-release-asset@v1 109 | env: 110 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 111 | with: 112 | upload_url: ${{ steps.create_release.outputs.upload_url }} 113 | asset_path: ./out/tpws-keenetic_${{ steps.version.outputs.content }}_all_openwrt.ipk 114 | asset_name: tpws-keenetic_${{ steps.version.outputs.content }}_all_openwrt.ipk 115 | asset_content_type: application/octet-stream 116 | 117 | - name: Build repository 118 | run: make repository 119 | 120 | - name: Sign openwrt repository 121 | env: 122 | OPENWRT_PUBLIC_KEY: ${{ secrets.OPENWRT_PUBLIC_KEY }} 123 | OPENWRT_SECRET_KEY: ${{ secrets.OPENWRT_SECRET_KEY }} 124 | run: | 125 | git clone https://git.openwrt.org/project/usign.git 126 | cd usign/ 127 | cmake . 128 | make 129 | cd .. 130 | 131 | echo -e "$OPENWRT_SECRET_KEY" >> ./out/secret.key 132 | echo -e "$OPENWRT_PUBLIC_KEY" >> ./out/_pages/openwrt/tpws-keenetic.pub 133 | ./usign/usign -S -m ./out/_pages/openwrt/Packages -s ./out/secret.key -c "tpws-keenetic OpenWRT repository" 134 | 135 | - name: Setup Pages 136 | uses: actions/configure-pages@v5 137 | 138 | - name: Upload artifact 139 | uses: actions/upload-pages-artifact@v3 140 | with: 141 | path: ./out/_pages 142 | 143 | - name: Deploy to GitHub Pages 144 | id: deployment 145 | uses: actions/deploy-pages@v4 146 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea/ 2 | /out/ 3 | /keys/secret.key 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Nikolay Vasilchuk 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL := /bin/bash 2 | VERSION := $(shell cat VERSION) 3 | ROOT_DIR := /opt 4 | 5 | .DEFAULT_GOAL := packages 6 | 7 | _clean: 8 | rm -rf out/$(BUILD_DIR) 9 | mkdir -p out/$(BUILD_DIR)/control 10 | mkdir -p out/$(BUILD_DIR)/data 11 | 12 | _download_bins: TARGET_URL=$(shell curl -s 'https://api.github.com/repos/bol-van/zapret/releases/latest' | grep 'browser_download_url' | grep 'embedded.tar.gz' | cut -d '"' -f 4) 13 | _download_bins: 14 | rm -f out/zapret.tar.gz 15 | rm -rf out/zapret 16 | mkdir -p out/zapret 17 | curl -sSL $(TARGET_URL) -o out/zapret.tar.gz 18 | tar -C out/zapret -xzf "out/zapret.tar.gz" 19 | cd out/zapret/*/; mv binaries/ ../; cd .. 20 | 21 | _conffiles: 22 | echo "$(ROOT_DIR)/etc/tpws/tpws.conf" > out/$(BUILD_DIR)/control/conffiles 23 | echo "$(ROOT_DIR)/etc/tpws/user.list" >> out/$(BUILD_DIR)/control/conffiles 24 | echo "$(ROOT_DIR)/etc/tpws/auto.list" >> out/$(BUILD_DIR)/control/conffiles 25 | echo "$(ROOT_DIR)/etc/tpws/exclude.list" >> out/$(BUILD_DIR)/control/conffiles 26 | 27 | _control: 28 | echo "Package: tpws-keenetic" > out/$(BUILD_DIR)/control/control 29 | echo "Version: $(VERSION)" >> out/$(BUILD_DIR)/control/control 30 | 31 | @if [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 32 | echo "Depends: iptables, iptables-mod-extra, ip6tables, ip6tables-extra" >> out/$(BUILD_DIR)/control/control; \ 33 | else \ 34 | echo "Depends: iptables, busybox" >> out/$(BUILD_DIR)/control/control; \ 35 | fi 36 | 37 | echo "Conflicts: nfqws-keenetic" >> out/$(BUILD_DIR)/control/control 38 | echo "License: MIT" >> out/$(BUILD_DIR)/control/control 39 | echo "Section: net" >> out/$(BUILD_DIR)/control/control 40 | echo "URL: https://github.com/Anonym-tsk/tpws-keenetic" >> out/$(BUILD_DIR)/control/control 41 | echo "Architecture: $(ARCH)" >> out/$(BUILD_DIR)/control/control 42 | echo "Description: TPWS service" >> out/$(BUILD_DIR)/control/control 43 | echo "" >> out/$(BUILD_DIR)/control/control 44 | 45 | _scripts: 46 | cp common/ipk/common out/$(BUILD_DIR)/control/common 47 | cp common/ipk/preinst out/$(BUILD_DIR)/control/preinst 48 | cp common/ipk/postrm out/$(BUILD_DIR)/control/postrm 49 | 50 | @if [[ "$(BUILD_DIR)" == "all" ]]; then \ 51 | cp common/ipk/postinst-multi out/$(BUILD_DIR)/control/postinst; \ 52 | elif [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 53 | cp common/ipk/postinst-openwrt out/$(BUILD_DIR)/control/postinst; \ 54 | else \ 55 | cp common/ipk/postinst out/$(BUILD_DIR)/control/postinst; \ 56 | fi 57 | 58 | @if [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 59 | cp common/ipk/prerm-openwrt out/$(BUILD_DIR)/control/prerm; \ 60 | cp common/ipk/env-openwrt out/$(BUILD_DIR)/control/env; \ 61 | else \ 62 | cp common/ipk/prerm out/$(BUILD_DIR)/control/prerm; \ 63 | cp common/ipk/env out/$(BUILD_DIR)/control/env; \ 64 | fi 65 | 66 | _binary: 67 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/usr/bin 68 | cp out/zapret/binaries/$(BIN)/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/usr/bin/tpws 69 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/usr/bin/tpws 70 | 71 | _binary-multi: 72 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/usr/bin 73 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary 74 | 75 | cp out/zapret/binaries/mips32r1-lsb/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-mipsel 76 | cp out/zapret/binaries/mips32r1-msb/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-mips 77 | cp out/zapret/binaries/aarch64/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-aarch64 78 | cp out/zapret/binaries/arm/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-armv7 79 | cp out/zapret/binaries/x86/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-x86 80 | cp out/zapret/binaries/x86_64/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-x86_64 81 | 82 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-mipsel 83 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-mips 84 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-aarch64 85 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-armv7 86 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-x86 87 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/tmp/tpws_binary/tpws-x86_64 88 | 89 | _startup: 90 | @if [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 91 | cat etc/init.d/openwrt-start etc/init.d/common etc/init.d/openwrt-end > out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/init.d/tpws-keenetic; \ 92 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/init.d/tpws-keenetic; \ 93 | else \ 94 | cat etc/init.d/entware-start etc/init.d/common etc/init.d/entware-end > out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/init.d/S51tpws; \ 95 | chmod +x out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/init.d/S51tpws; \ 96 | fi 97 | 98 | _ipk: 99 | make _clean 100 | 101 | # control.tar.gz 102 | make _conffiles 103 | make _control 104 | make _scripts 105 | cd out/$(BUILD_DIR)/control; tar czvf ../control.tar.gz .; cd ../../.. 106 | 107 | # data.tar.gz 108 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/var/log 109 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/var/run 110 | mkdir -p out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/init.d 111 | 112 | 113 | cp -r etc/tpws out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/tpws 114 | make _startup 115 | 116 | @if [[ "$(BUILD_DIR)" != "openwrt" ]]; then \ 117 | cp -r etc/ndm out/$(BUILD_DIR)/data$(ROOT_DIR)/etc/ndm; \ 118 | fi 119 | 120 | @if [[ "$(BUILD_DIR)" == "all" ]] || [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 121 | make _binary-multi; \ 122 | else \ 123 | make _binary; \ 124 | fi 125 | 126 | cd out/$(BUILD_DIR)/data; tar czvf ../data.tar.gz .; cd ../../.. 127 | 128 | # ipk 129 | echo 2.0 > out/$(BUILD_DIR)/debian-binary 130 | cd out/$(BUILD_DIR); \ 131 | tar czvf ../$(FILENAME) control.tar.gz data.tar.gz debian-binary; \ 132 | cd ../.. 133 | 134 | mipsel: _download_bins 135 | @make \ 136 | BUILD_DIR=mipsel \ 137 | ARCH=mipsel-3.4 \ 138 | FILENAME=tpws-keenetic_$(VERSION)_mipsel-3.4.ipk \ 139 | BIN=mips32r1-lsb \ 140 | _ipk 141 | 142 | mips: _download_bins 143 | @make \ 144 | BUILD_DIR=mips \ 145 | ARCH=mips-3.4 \ 146 | FILENAME=tpws-keenetic_$(VERSION)_mips-3.4.ipk \ 147 | BIN=mips32r1-msb \ 148 | _ipk 149 | 150 | aarch64: _download_bins 151 | @make \ 152 | BUILD_DIR=aarch64 \ 153 | ARCH=aarch64-3.10 \ 154 | FILENAME=tpws-keenetic_$(VERSION)_aarch64-3.10.ipk \ 155 | BIN=aarch64 \ 156 | _ipk 157 | 158 | multi: _download_bins 159 | @make \ 160 | BUILD_DIR=all \ 161 | ARCH=all \ 162 | FILENAME=tpws-keenetic_$(VERSION)_all_entware.ipk \ 163 | _ipk 164 | 165 | openwrt: _download_bins 166 | @make \ 167 | BUILD_DIR=openwrt \ 168 | ARCH=all \ 169 | FILENAME=tpws-keenetic_$(VERSION)_all_openwrt.ipk \ 170 | ROOT_DIR= \ 171 | _ipk 172 | 173 | packages: mipsel mips aarch64 multi openwrt 174 | 175 | _repo-clean: 176 | rm -rf out/_pages/$(BUILD_DIR) 177 | mkdir -p out/_pages/$(BUILD_DIR) 178 | 179 | _repo-html: 180 | echo 'tpws-keenetic opkg repository' > out/_pages/$(BUILD_DIR)/index.html 181 | echo '

Index of /$(BUILD_DIR)/

' >> out/_pages/$(BUILD_DIR)/index.html 182 | echo '
' >> out/_pages/$(BUILD_DIR)/index.html
183 | 	echo '../' >> out/_pages/$(BUILD_DIR)/index.html
184 | 	echo 'Packages' >> out/_pages/$(BUILD_DIR)/index.html
185 | 	echo 'Packages.gz' >> out/_pages/$(BUILD_DIR)/index.html
186 | 
187 | 	@if [[ "$(BUILD_DIR)" == "openwrt" ]]; then \
188 |   		echo 'Packages.sig' >> out/_pages/$(BUILD_DIR)/index.html; \
189 |   		echo 'tpws-keenetic.pub' >> out/_pages/$(BUILD_DIR)/index.html; \
190 |   	fi
191 | 
192 | 	echo '$(FILENAME)' >> out/_pages/$(BUILD_DIR)/index.html
193 | 	echo '
' >> out/_pages/$(BUILD_DIR)/index.html 194 | echo '
' >> out/_pages/$(BUILD_DIR)/index.html 195 | 196 | _repo-index: 197 | echo 'tpws-keenetic opkg repository' > out/_pages/index.html 198 | echo '

Index of /

' >> out/_pages/index.html 199 | echo '
' >> out/_pages/index.html
200 | 	echo 'all/' >> out/_pages/index.html
201 | 	echo 'aarch64/' >> out/_pages/index.html
202 | 	echo 'mips/' >> out/_pages/index.html
203 | 	echo 'mipsel/' >> out/_pages/index.html
204 | 	echo 'openwrt/' >> out/_pages/index.html
205 | 	echo '
' >> out/_pages/index.html 206 | echo '
' >> out/_pages/index.html 207 | 208 | _repository: 209 | make _repo-clean 210 | 211 | cp "out/$(FILENAME)" "out/_pages/$(BUILD_DIR)/" 212 | 213 | echo "Package: tpws-keenetic" > out/_pages/$(BUILD_DIR)/Packages 214 | echo "Version: $(VERSION)" >> out/_pages/$(BUILD_DIR)/Packages 215 | 216 | @if [[ "$(BUILD_DIR)" == "openwrt" ]]; then \ 217 | echo "Depends: iptables, iptables-mod-extra, iptables-mod-nfqueue, iptables-mod-filter, iptables-mod-ipopt, iptables-mod-conntrack-extra, ip6tables, ip6tables-mod-nat, ip6tables-extra" >> out/_pages/$(BUILD_DIR)/Packages; \ 218 | else \ 219 | echo "Depends: iptables, busybox" >> out/_pages/$(BUILD_DIR)/Packages; \ 220 | fi 221 | 222 | echo "Conflicts: nfqws-keenetic" >> out/_pages/$(BUILD_DIR)/Packages 223 | echo "Section: net" >> out/_pages/$(BUILD_DIR)/Packages 224 | echo "Architecture: $(ARCH)" >> out/_pages/$(BUILD_DIR)/Packages 225 | echo "Filename: $(FILENAME)" >> out/_pages/$(BUILD_DIR)/Packages 226 | echo "Size: $(shell wc -c out/$(FILENAME) | awk '{print $$1}')" >> out/_pages/$(BUILD_DIR)/Packages 227 | echo "SHA256sum: $(shell sha256sum out/$(FILENAME) | awk '{print $$1}')" >> out/_pages/$(BUILD_DIR)/Packages 228 | echo "Description: TPWS service" >> out/_pages/$(BUILD_DIR)/Packages 229 | echo "" >> out/_pages/$(BUILD_DIR)/Packages 230 | 231 | gzip -k out/_pages/$(BUILD_DIR)/Packages 232 | 233 | @make _repo-html 234 | 235 | repo-mipsel: 236 | @make \ 237 | BUILD_DIR=mipsel \ 238 | ARCH=mipsel-3.4 \ 239 | FILENAME=tpws-keenetic_$(VERSION)_mipsel-3.4.ipk \ 240 | _repository 241 | 242 | repo-mips: 243 | @make \ 244 | BUILD_DIR=mips \ 245 | ARCH=mips-3.4 \ 246 | FILENAME=tpws-keenetic_$(VERSION)_mips-3.4.ipk \ 247 | _repository 248 | 249 | repo-aarch64: 250 | @make \ 251 | BUILD_DIR=aarch64 \ 252 | ARCH=aarch64-3.10 \ 253 | FILENAME=tpws-keenetic_$(VERSION)_aarch64-3.10.ipk \ 254 | _repository 255 | 256 | repo-multi: 257 | @make \ 258 | BUILD_DIR=all \ 259 | ARCH=all \ 260 | FILENAME=tpws-keenetic_$(VERSION)_all_entware.ipk \ 261 | _repository 262 | 263 | repo-openwrt: 264 | @make \ 265 | BUILD_DIR=openwrt \ 266 | ARCH=all \ 267 | FILENAME=tpws-keenetic_$(VERSION)_all_openwrt.ipk \ 268 | _repository 269 | 270 | repository: repo-mipsel repo-mips repo-aarch64 repo-multi repo-openwrt _repo-index 271 | 272 | clean: 273 | rm -rf out/mipsel 274 | rm -rf out/mips 275 | rm -rf out/aarch64 276 | rm -rf out/all 277 | rm -rf out/openwrt 278 | rm -rf out/zapret 279 | rm -rf out/zapret.tar.gz 280 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # tpws-keenetic 2 | 3 | [![GitHub Release](https://img.shields.io/github/release/Anonym-tsk/tpws-keenetic?style=flat&color=green)](https://github.com/Anonym-tsk/tpws-keenetic/releases) 4 | [![GitHub Stars](https://img.shields.io/github/stars/Anonym-tsk/tpws-keenetic?style=flat)](https://github.com/Anonym-tsk/tpws-keenetic/stargazers) 5 | [![License](https://img.shields.io/github/license/Anonym-tsk/tpws-keenetic.svg?style=flat&color=orange)](LICENSE) 6 | [![CloudTips](https://img.shields.io/badge/donate-CloudTips-598bd7.svg?style=flat)](https://pay.cloudtips.ru/p/054d0666) 7 | [![YooMoney](https://img.shields.io/badge/donate-YooMoney-8037fd.svg?style=flat)](https://yoomoney.ru/to/410019180291197) 8 | [![Join Telegram group](https://img.shields.io/badge/Telegram_group-Join-blue.svg?style=social&logo=telegram)](https://t.me/nfqws) 9 | 10 | Пакеты для установки `tpws` на маршрутизаторы. 11 | 12 | > [!CAUTION] 13 | > ### Проект больше не поддерживается, используйте [nfqws-keenetic](https://github.com/Anonym-tsk/nfqws-keenetic) 14 | 15 | --- 16 | 17 | > [!IMPORTANT] 18 | > Данный материал подготовлен в научно-технических целях. 19 | > Использование предоставленных материалов в целях отличных от ознакомления может являться нарушением действующего законодательства. 20 | > Автор не несет ответственности за неправомерное использование данного материала. 21 | 22 | > [!WARNING] 23 | > **Вы пользуетесь этой инструкцией на свой страх и риск!** 24 | > 25 | > Автор не несёт ответственности за порчу оборудования и программного обеспечения, проблемы с доступом и потенцией. 26 | > Подразумевается, что вы понимаете, что вы делаете. 27 | 28 | Изначально написано для роутеров Keenetic/Netcraze с установленным entware. 29 | Однако, работоспособность также была проверена на прошивках Padavan и OpenWRT (читайте ниже). 30 | 31 | Списки проверенного оборудования собираем в [отдельной теме](https://github.com/Anonym-tsk/tpws-keenetic/discussions/6). 32 | 33 | Поделиться опытом можно в разделе [Discussions](https://github.com/Anonym-tsk/tpws-keenetic/discussions) или в [чате](https://t.me/nfqws). 34 | 35 | Если вы не уверены, что вам нужен именно tpws, лучше сначала попробуйте [nfqws](https://github.com/Anonym-tsk/nfqws-keenetic). 36 | 37 | ### Что это? 38 | 39 | `tpws` - утилита для модификации TCP пакетов на уровне потока, работает как TCP transparent proxy. 40 | 41 | **`tpws` не работает с UDP и не обрабатывает QUIC.** 42 | 43 | Почитать подробнее можно на [странице авторов](https://github.com/bol-van/zapret) (ищите по ключевому слову `tpws`). 44 | 45 | ### Подготовка Keenetic/Netcraze 46 | 47 | - Прочитайте инструкцию полностью, прежде, чем начать что-то делать! 48 | 49 | - Рекомендуется игнорировать предложенные провайдером адреса DNS-серверов. Для этого в интерфейсе роутера отметьте пункты ["игнорировать DNS от провайдера"](https://help.keenetic.com/hc/ru/articles/360008609399) в настройках IPv4 и IPv6. 50 | 51 | - Вместе с этим рекомендуется [настроить использование DoT/DoH](https://help.keenetic.com/hc/ru/articles/360007687159). 52 | 53 | - Установить entware на маршрутизатор по инструкции [на встроенную память роутера](https://help.keenetic.com/hc/ru/articles/360021888880) или [на USB-накопитель](https://help.keenetic.com/hc/ru/articles/360021214160). 54 | 55 | - Через web-интерфейс Keenetic/Netcraze установить пакеты **Протокол IPv6** (**Network functions > IPv6**) и **Модули ядра подсистемы Netfilter** (**OPKG > Kernel modules for Netfilter** - не путать с "Netflow"). Обратите внимание, что второй компонент отобразится в списке пакетов только после того, как вы отметите к установке первый. 56 | 57 | - В разделе "Интернет-фильтры" отключить все сторонние фильтры (NextDNS, SkyDNS, Яндекс DNS и другие). 58 | 59 | - Все дальнейшие команды выполняются не в cli роутера, а **в среде entware**. Подключиться в неё можно несколькими способами: 60 | - Через telnet: в терминале выполнить `telnet 192.168.1.1`, а потом `exec sh`. 61 | - Или же подключиться напрямую через SSH (логин - `root`, пароль по умолчанию - `keenetic`, порт - 222 или 22). Для этого в терминале написать `ssh 192.168.1.1 -l root -p 222`. 62 | 63 | --- 64 | 65 | ### Установка на Keenetic/Netcraze и другие системы с Entware 66 | 67 | 1. Установите необходимые зависимости 68 | ``` 69 | opkg update 70 | opkg install ca-certificates wget-ssl 71 | opkg remove wget-nossl 72 | ``` 73 | 74 | 2. Установите opkg-репозиторий в систему 75 | ``` 76 | mkdir -p /opt/etc/opkg 77 | echo "src/gz tpws-keenetic https://anonym-tsk.github.io/tpws-keenetic/all" > /opt/etc/opkg/tpws-keenetic.conf 78 | ``` 79 | Репозиторий универсальный, поддерживаемые архитектуры: `mipsel`, `mips`, `aarch64`, `armv7`, `x86`, `x86_64`. 80 | 81 |
82 | Или можете выбрать репозиторий под конкретную архитектуру 83 | 84 | - `mips-3.4` Keenetic Giga SE (KN-2410), Ultra SE (KN-2510), DSL (KN-2010), Launcher DSL (KN-2012), Duo (KN-2110), Skipper DSL (KN-2112), Hopper DSL (KN-3610); Zyxel Keenetic DSL, LTE, VOX 85 | ``` 86 | mkdir -p /opt/etc/opkg 87 | echo "src/gz tpws-keenetic https://anonym-tsk.github.io/tpws-keenetic/mips" > /opt/etc/opkg/tpws-keenetic.conf 88 | ``` 89 | 90 | - `mipsel-3.4` Keenetic 4G (KN-1212), Omni (KN-1410), Extra (KN-1710/1711/1713), Giga (KN-1010/1011), Ultra (KN-1810), Viva (KN-1910/1912/1913), Hero 4G (KN-2310/2311), Giant (KN-2610), Skipper 4G (KN-2910), Hopper (KN-3810); Zyxel Keenetic II / III, Extra, Extra II, Giga II / III, Omni, Omni II, Viva, Ultra, Ultra II 91 | ``` 92 | mkdir -p /opt/etc/opkg 93 | echo "src/gz tpws-keenetic https://anonym-tsk.github.io/tpws-keenetic/mipsel" > /opt/etc/opkg/tpws-keenetic.conf 94 | ``` 95 | 96 | - `aarch64-3.10` Keenetic Peak (KN-2710), Ultra (KN-1811), Hopper (KN-3811), Hopper SE (KN-3812), Giga (KN-1012) 97 | ``` 98 | mkdir -p /opt/etc/opkg 99 | echo "src/gz tpws-keenetic https://anonym-tsk.github.io/tpws-keenetic/aarch64" > /opt/etc/opkg/tpws-keenetic.conf 100 | ``` 101 |
102 | 103 | 3. Установите пакет 104 | ``` 105 | opkg update 106 | opkg install tpws-keenetic 107 | ``` 108 | 109 | ##### Обновление 110 | 111 | ``` 112 | opkg update 113 | opkg upgrade tpws-keenetic 114 | ``` 115 | 116 | ##### Удаление 117 | 118 | ``` 119 | opkg remove tpws-keenetic 120 | ``` 121 | 122 | ##### Информация об установленной версии 123 | 124 | ``` 125 | opkg info tpws-keenetic 126 | ``` 127 | 128 | --- 129 | 130 | ### Установка на OpenWRT (до версии 24.10 включительно, пакетный менеджер `opkg`) 131 | 132 | 1. Установите необходимые зависимости 133 | ``` 134 | opkg update 135 | opkg install ca-certificates wget-ssl 136 | opkg remove wget-nossl 137 | ``` 138 | 139 | 2. Установите публичный ключ репозитория 140 | ``` 141 | wget -O "/tmp/tpws-keenetic.pub" "https://anonym-tsk.github.io/tpws-keenetic/openwrt/tpws-keenetic.pub" 142 | opkg-key add /tmp/tpws-keenetic.pub 143 | ``` 144 | 145 | 3. Установите opkg-репозиторий в систему 146 | ``` 147 | echo "src/gz tpws-keenetic https://anonym-tsk.github.io/tpws-keenetic/openwrt" > /etc/opkg/tpws-keenetic.conf 148 | ``` 149 | Репозиторий универсальный, поддерживаемые архитектуры: `mipsel`, `mips`, `aarch64`, `armv7`, `x86`, `x86_64`. 150 | Для добавления поддержки новых устройств, [создайте Feature Request](https://github.com/Anonym-tsk/tpws-keenetic/issues/new?template=feature_request.md&title=%5BFeature+request%5D+) 151 | 152 | 4. Установите пакет 153 | ``` 154 | opkg update 155 | opkg install tpws-keenetic 156 | ``` 157 | 158 | > [!NOTE] 159 | > NB: Все пути файлов, описанные в этой инструкции, начинающиеся с `/opt`, на OpenWRT будут начинаться с корня `/`. 160 | > Например конфиг расположен в `/etc/tpws/tpws.conf` 161 | > 162 | > Для запуска/остановки используйте команду `service tpws-keenetic {start|stop|restart|reload|status}` 163 | 164 | --- 165 | 166 | ### Настройки 167 | 168 | Файл настроек расположен по пути `/opt/etc/tpws/tpws.conf`. Для редактирования можно воспользоваться встроенным редактором `vi` или установить `nano`. 169 | 170 | ``` 171 | # Интерфейс локальной сети. Обычно `br0`, на OpenWRT - `br-lan` 172 | # Заполняется автоматически при установке 173 | # Можно ввести несколько интерфейсов, например LOCAL_INTERFACE="br0 nwg0" 174 | LOCAL_INTERFACE="..." 175 | 176 | # Стратегия обработки трафика 177 | TPWS_ARGS="..." 178 | 179 | Режим работы (auto, list, all) 180 | TPWS_EXTRA_ARGS="..." 181 | 182 | # Обрабатывать ли IPv6 соединения 183 | IPV6_ENABLED=0|1 184 | 185 | # Обрабатывать ли HTTP 186 | HTTP_ENABLED=0|1 187 | 188 | # Логирование в Syslog (0 - silent, 1 - default, 2 - debug) 189 | LOG_LEVEL=0|1|2 190 | ``` 191 | 192 | --- 193 | 194 | ### Полезное 195 | 196 | 1. Конфиг-файл `/opt/etc/tpws/tpws.conf` 197 | 2. Скрипт запуска/остановки `/opt/etc/init.d/S51tpws {start|stop|restart|reload|status}` 198 | 3. Вручную добавить домены в список можно в файле `/opt/etc/tpws/user.list` (один домен на строке, поддомены учитываются автоматически) 199 | 4. Автоматически добавленные домены `/opt/etc/tpws/auto.list` 200 | 5. Лог автоматически добавленных доменов `/opt/var/log/tpws.log` 201 | 6. Домены-исключения `/opt/etc/tpws/exclude.list` (один домен на строке, поддомены учитываются автоматически) 202 | 7. Проверить, что нужные правила добавлены в таблицу маршрутизации `iptables-save | grep "to-ports 999$"` 203 | > Вы должны увидеть похожие строки 204 | > ``` 205 | > -A PREROUTING -i br0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 999 206 | > ``` 207 | 208 | ### Если ничего не работает... 209 | 210 | 1. Если ваше устройство поддерживает аппаратное ускорение (flow offloading, hardware nat, hardware acceleration), то iptables могут не работать. 211 | При включенном offloading пакет не проходит по обычному пути netfilter. 212 | Необходимо или его отключить, или выборочно им управлять. 213 | 2. На Keenetic/Netcraze можно попробовать выключить или наоборот включить [сетевой ускоритель](https://help.keenetic.com/hc/ru/articles/214470905) 214 | 3. Возможно, стоит выключить службу классификации трафика IntelliQOS. 215 | 4. Можно попробовать отключить IPv6 на сетевом интерфейсе провайдера через веб-интерфейс маршрутизатора. 216 | 5. Можно попробовать запретить весь UDP трафик на 443 порт для отключения QUIC: 217 | ``` 218 | iptables -I FORWARD -i br0 -p udp --dport 443 -j DROP 219 | ``` 220 | 221 | --- 222 | 223 | Нравится проект? Поддержи автора [здесь](https://yoomoney.ru/to/410019180291197) или [тут](https://pay.cloudtips.ru/p/054d0666). Купи ему немного :beers: или :coffee:! 224 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 2.0.4 2 | -------------------------------------------------------------------------------- /common/ipk/common: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | CONFDIR="${ROOT_DIR}/etc/tpws" 4 | CONFFILE=$CONFDIR/tpws.conf 5 | LISTLOG="${ROOT_DIR}/var/log/tpws.log" 6 | INIT_SCRIPT="${ROOT_DIR}/etc/init.d/S51tpws" 7 | INIT_SCRIPT_OWRT="${ROOT_DIR}/etc/init.d/tpws-keenetic" 8 | TPWS_BIN="${ROOT_DIR}/usr/bin/tpws" 9 | 10 | stop_func() { 11 | if [ -f "$INIT_SCRIPT" ]; then 12 | $INIT_SCRIPT stop 13 | elif [ -f "$INIT_SCRIPT_OWRT" ]; then 14 | $INIT_SCRIPT_OWRT stop 15 | fi 16 | } 17 | 18 | start_func() { 19 | if [ -f "$INIT_SCRIPT" ]; then 20 | $INIT_SCRIPT start 21 | elif [ -f "$INIT_SCRIPT_OWRT" ]; then 22 | $INIT_SCRIPT_OWRT start 23 | fi 24 | } 25 | 26 | local_interface_func() { 27 | if [ -f "$INIT_SCRIPT_OWRT" ]; then 28 | echo "br-lan" 29 | else 30 | echo "br0" 31 | fi 32 | } 33 | 34 | ipv6_enabled_func() { 35 | # $1 - interface, e.g. br0 36 | enabled=$(ip -f inet6 addr show dev "$1" 2>/dev/null | grep "scope global") 37 | return $([ -z "$enabled" ]) 38 | } 39 | 40 | fast_install_func() { 41 | TPWS_INSTALL_TYPE="install" 42 | if [ -f "${ROOT_DIR}/tmp/tpws_install_type" ]; then 43 | # Set in preinst script 44 | TPWS_INSTALL_TYPE=$(cat "${ROOT_DIR}/tmp/tpws_install_type") 45 | rm -f "${ROOT_DIR}/tmp/tpws_install_type" 46 | fi 47 | 48 | case "$TPWS_INSTALL_TYPE" in 49 | install) 50 | # Interface 51 | DEF_IFACE=$(local_interface_func) 52 | sed -i -E "s#LOCAL_INTERFACE=\".+\"#LOCAL_INTERFACE=\"$DEF_IFACE\"#" $CONFFILE 53 | echo "Detected local interface: $DEF_IFACE" 54 | 55 | # IPv6 56 | IPV6=$(ipv6_enabled_func "$DEF_IFACE" && echo 1 || echo 0) 57 | sed -i -E "s#IPV6_ENABLED=(1|0)#IPV6_ENABLED=$IPV6#" $CONFFILE 58 | echo "Detected IPv6: $IPV6" 59 | 60 | # Config paths 61 | if [ -f "$INIT_SCRIPT_OWRT" ]; then 62 | sed -i -E "s#/opt/#/#g" $CONFFILE 63 | fi 64 | 65 | echo "Current working mode: auto" 66 | echo "You can change settings in the configuration file: $CONFFILE" 67 | 68 | echo "Installation successful" 69 | ;; 70 | *) 71 | # Do nothing 72 | ;; 73 | esac 74 | } 75 | 76 | remove_binary_func() { 77 | rm -f "$TPWS_BIN" 78 | } 79 | 80 | remove_all_files_func() { 81 | rm -f $LISTLOG 82 | echo -e "\nRemove lists and config? y/N" 83 | read yn 84 | case $yn in 85 | [Yy]* ) 86 | rm -rf $CONFDIR 87 | ;; 88 | esac 89 | } 90 | 91 | install_binary_func() { 92 | OPKG_CONF="${ROOT_DIR}/etc/opkg.conf" 93 | OWRT_FEEDS="${ROOT_DIR}/etc/opkg/distfeeds.conf" 94 | 95 | if [ -f "$OPKG_CONF" ]; then 96 | ARCH=$(cat "$OPKG_CONF" | grep -oE 'mips-3|mips_|mipsel-3|mipsel_|aarch64-3|aarch64_|armv7|arm_|i386|i686|x86_64' | head -n 1) 97 | fi 98 | if [ -z "$ARCH" ] && [ -f "$OWRT_FEEDS" ]; then 99 | ARCH=$(cat "$OWRT_FEEDS" | grep -oE 'mips_|mipsel_|aarch64_|arm_|i386|x86_64' | head -n 1) 100 | fi 101 | if [ -n "$ARCH" ]; then 102 | case "$ARCH" in 103 | "mips-3"|"mips_") ARCH="mips" ;; 104 | "mipsel-3"|"mipsel_") ARCH="mipsel" ;; 105 | "aarch64-3"|"aarch64_") ARCH="aarch64" ;; 106 | "armv7"|"arm_") ARCH="armv7" ;; 107 | "i386"|"i686") ARCH="x86" ;; 108 | "x86_64") ARCH="x86_64" ;; 109 | esac 110 | fi 111 | 112 | if [ -z $ARCH ]; then 113 | ARCH=$(uname -m | grep -oE 'mips|mipsel|aarch64|armv7|i386|i686|x86_64') 114 | if [ "$ARCH" == "mips" ]; then 115 | if grep -qE 'system type.*MediaTek' /proc/cpuinfo; then 116 | ARCH="mipsel" 117 | fi 118 | elif [ "$ARCH" == "i386" ] || [ "$ARCH" == "i686" ]; then 119 | ARCH="x86" 120 | fi 121 | fi 122 | 123 | if [ -z $ARCH ]; then 124 | echo "Failed to detect architecture" 125 | exit 1 126 | fi 127 | 128 | echo "Detected arch: $ARCH" 129 | 130 | cp -f "${ROOT_DIR}/tmp/tpws_binary/tpws-$ARCH" "${ROOT_DIR}/usr/bin/tpws" 131 | chmod +x "${ROOT_DIR}/usr/bin/tpws" 132 | rm -rf "${ROOT_DIR}/tmp/tpws_binary" 133 | } 134 | -------------------------------------------------------------------------------- /common/ipk/env: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Entware base root is in /opt 4 | ROOT_DIR=/opt 5 | -------------------------------------------------------------------------------- /common/ipk/env-openwrt: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # OpenWRT base root is in / 4 | ROOT_DIR= 5 | -------------------------------------------------------------------------------- /common/ipk/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | source $(dirname $0)/tpws-keenetic.env 4 | source $(dirname $0)/tpws-keenetic.common 5 | 6 | # Stop service if exist 7 | stop_func 8 | 9 | # Install configuration 10 | fast_install_func 11 | 12 | # Starting Services 13 | start_func 14 | 15 | exit 0 16 | -------------------------------------------------------------------------------- /common/ipk/postinst-multi: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | source $(dirname $0)/tpws-keenetic.env 4 | source $(dirname $0)/tpws-keenetic.common 5 | 6 | # Stop service if exist 7 | stop_func 8 | 9 | # Install binary 10 | install_binary_func 11 | 12 | # Install configuration 13 | fast_install_func 14 | 15 | # Starting Services 16 | start_func 17 | 18 | exit 0 19 | -------------------------------------------------------------------------------- /common/ipk/postinst-openwrt: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ "${IPKG_NO_SCRIPT}" = "1" ] && exit 0 3 | 4 | source $(dirname $0)/tpws-keenetic.env 5 | source $(dirname $0)/tpws-keenetic.common 6 | 7 | # Install binary 8 | install_binary_func 9 | 10 | # Install configuration 11 | fast_install_func 12 | 13 | # Default postinst 14 | [ -f ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0 15 | . ${IPKG_INSTROOT}/lib/functions.sh 16 | default_postinst $0 $@ 17 | -------------------------------------------------------------------------------- /common/ipk/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | source $(dirname $0)/tpws-keenetic.env 4 | source $(dirname $0)/tpws-keenetic.common 5 | 6 | # Remove binary file 7 | remove_binary_func 8 | 9 | case "$1" in 10 | upgrade) 11 | # Do nothing 12 | ;; 13 | *) 14 | # Remove all data 15 | remove_all_files_func 16 | 17 | echo "Unnstallation successful" 18 | ;; 19 | esac 20 | 21 | exit 0 22 | -------------------------------------------------------------------------------- /common/ipk/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | source $(dirname $0)/env 4 | 5 | CONFFILE="${ROOT_DIR}/etc/tpws/tpws.conf" 6 | 7 | # Set `install` or `upgrade` for postinst script 8 | echo "$1" > "${ROOT_DIR}/tmp/tpws_install_type" 9 | 10 | exit 0 11 | -------------------------------------------------------------------------------- /common/ipk/prerm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | source $(dirname $0)/tpws-keenetic.env 4 | source $(dirname $0)/tpws-keenetic.common 5 | 6 | # Stop service if exist 7 | stop_func 8 | 9 | exit 0 10 | -------------------------------------------------------------------------------- /common/ipk/prerm-openwrt: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | [ -f ${IPKG_INSTROOT}/lib/functions.sh ] || exit 0 3 | . ${IPKG_INSTROOT}/lib/functions.sh 4 | default_prerm $0 $@ 5 | -------------------------------------------------------------------------------- /etc/init.d/common: -------------------------------------------------------------------------------- 1 | source "$CONFFILE" 2 | 3 | RULE_HTTP="-t nat -p tcp --dport 80 -j REDIRECT --to-port $BIND_PORT" 4 | RULE_HTTPS="-t nat -p tcp --dport 443 -j REDIRECT --to-port $BIND_PORT" 5 | 6 | is_running() { 7 | PID_RUNNING=$(pgrep -nf "$TPWS_BIN" 2>/dev/null) 8 | 9 | if [ -z "$PID_RUNNING" ]; then 10 | return 1 11 | fi 12 | 13 | if [ ! -f "$PIDFILE" ]; then 14 | return 1 15 | fi 16 | 17 | PID_SAVED=$(cat "$PIDFILE" 2>/dev/null) 18 | 19 | if [ "$PID_RUNNING" -ne "$PID_SAVED" ]; then 20 | return 1 21 | fi 22 | 23 | if ! kill -0 $PID_SAVED; then 24 | return 1 25 | fi 26 | 27 | # 0 = true, 1 = false 28 | return 0 29 | } 30 | 31 | status_service() { 32 | if is_running; then 33 | echo 'Service TPWS is running' 34 | else 35 | echo 'Service TPWS is stopped' 36 | fi 37 | } 38 | 39 | reload_service() { 40 | if ! is_running; then 41 | echo 'Service TPWS is not running' >&2 42 | return 1 43 | fi 44 | 45 | echo 'Reloading TPWS service...' 46 | kill -1 $(cat "$PIDFILE") 47 | } 48 | 49 | _iptables_add_remove() { 50 | CMD=$1 # iptables or ip6tables 51 | ACTION=$2 # -I, -A, -D 52 | shift 2 53 | RULE="$@" 54 | 55 | $CMD -C $RULE 2>/dev/null 56 | exists=$? # 0 = true 57 | 58 | if [ "$ACTION" == "-A" ] || [ "$ACTION" == "-I" ]; then 59 | if [ $exists -ne 0 ]; then 60 | $CMD $ACTION $RULE 61 | fi 62 | elif [ "$ACTION" == "-D" ] && [ $exists -eq 0 ]; then 63 | $CMD $ACTION $RULE 64 | fi 65 | } 66 | 67 | _iptables() { 68 | _iptables_add_remove iptables "$@" 69 | } 70 | 71 | _ip6tables() { 72 | _iptables_add_remove ip6tables "$@" 73 | } 74 | 75 | firewall_start_v4() { 76 | for IFACE in $LOCAL_INTERFACE; do 77 | if [ -n "$HTTP_ENABLED" ] && [ "$HTTP_ENABLED" -eq "1" ]; then 78 | _iptables -A PREROUTING -i $IFACE $RULE_HTTP 79 | fi 80 | _iptables -A PREROUTING -i $IFACE $RULE_HTTPS 81 | done 82 | } 83 | 84 | firewall_stop_v4() { 85 | for IFACE in $LOCAL_INTERFACE; do 86 | if [ -n "$HTTP_ENABLED" ] && [ "$HTTP_ENABLED" -eq "1" ]; then 87 | _iptables -D PREROUTING -i $IFACE $RULE_HTTP 88 | fi 89 | _iptables -D PREROUTING -i $IFACE $RULE_HTTPS 90 | done 91 | } 92 | 93 | firewall_start_v6() { 94 | if [ -n "$IPV6_ENABLED" ] && [ "$IPV6_ENABLED" -ne "1" ]; then 95 | return 96 | fi 97 | 98 | for IFACE in $LOCAL_INTERFACE; do 99 | if [ -n "$HTTP_ENABLED" ] && [ "$HTTP_ENABLED" -eq "1" ]; then 100 | _ip6tables -A PREROUTING -i $IFACE $RULE_HTTP 101 | fi 102 | _ip6tables -A PREROUTING -i $IFACE $RULE_HTTPS 103 | done 104 | } 105 | 106 | firewall_stop_v6() { 107 | if [ -n "$IPV6_ENABLED" ] && [ "$IPV6_ENABLED" -ne "1" ]; then 108 | return 109 | fi 110 | 111 | for IFACE in $LOCAL_INTERFACE; do 112 | if [ -n "$HTTP_ENABLED" ] && [ "$HTTP_ENABLED" -eq "1" ]; then 113 | _ip6tables -D PREROUTING -i $IFACE $RULE_HTTP 114 | fi 115 | _ip6tables -D PREROUTING -i $IFACE $RULE_HTTPS 116 | done 117 | } 118 | 119 | firewall_iptables() { 120 | firewall_start_v4 121 | } 122 | 123 | firewall_ip6tables() { 124 | firewall_start_v6 125 | } 126 | 127 | firewall_stop() { 128 | firewall_stop_v4 129 | firewall_stop_v6 130 | } 131 | -------------------------------------------------------------------------------- /etc/init.d/entware-end: -------------------------------------------------------------------------------- 1 | start() { 2 | if is_running; then 3 | echo 'Service TPWS is already running' >&2 4 | return 1 5 | fi 6 | 7 | BIND_IFACE="" 8 | for IFACE in $LOCAL_INTERFACE; do 9 | BIND_IFACE="$BIND_IFACE --bind-iface4=$IFACE" 10 | if [ "$IPV6_ENABLED" -eq "1" ]; then 11 | BIND_IFACE="$BIND_IFACE --bind-iface6=$IFACE" 12 | fi 13 | echo "Bind to local interface: $IFACE" 14 | done 15 | 16 | $TPWS_BIN --daemon --debug=syslog --debug-level=$LOG_LEVEL $BIND_IFACE --port=$BIND_PORT --pidfile=$PIDFILE $TPWS_ARGS $TPWS_EXTRA_ARGS 17 | 18 | firewall_start_v4 19 | firewall_start_v6 20 | 21 | echo 'Started TPWS service' 22 | } 23 | 24 | stop() { 25 | firewall_stop_v4 26 | firewall_stop_v6 27 | 28 | if ! is_running; then 29 | echo 'Service TPWS is not running' >&2 30 | return 1 31 | fi 32 | 33 | echo 'Stopping TPWS service...' 34 | kill -15 $(cat "$PIDFILE") && rm -f "$PIDFILE" 35 | } 36 | 37 | case "$1" in 38 | start) 39 | start 40 | ;; 41 | stop) 42 | stop 43 | ;; 44 | status) 45 | status_service 46 | ;; 47 | restart) 48 | stop 49 | start 50 | ;; 51 | reload) 52 | reload_service 53 | ;; 54 | firewall_iptables) 55 | firewall_iptables 56 | ;; 57 | firewall_ip6tables) 58 | firewall_ip6tables 59 | ;; 60 | *) 61 | echo "Usage: $0 {start|stop|restart|reload|status}" 62 | esac 63 | -------------------------------------------------------------------------------- /etc/init.d/entware-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Entware startup script 3 | 4 | TPWS_BIN="/opt/usr/bin/tpws" 5 | CONFFILE="/opt/etc/tpws/tpws.conf" 6 | PIDFILE="/opt/var/run/tpws.pid" 7 | -------------------------------------------------------------------------------- /etc/init.d/openwrt-end: -------------------------------------------------------------------------------- 1 | extra_command() { 2 | local cmd="$1" 3 | local help="$2" 4 | 5 | local extra="$(printf "%-16s%s" "${cmd}" "${help}")" 6 | ALL_HELP="${ALL_HELP}\t${extra}\n" 7 | ALL_COMMANDS="${ALL_COMMANDS} ${cmd}" 8 | } 9 | 10 | extra_command "firewall_iptables" "Load IPv4 firewall rules" 11 | extra_command "firewall_ip6tables" "Load IPv6 firewall rules" 12 | extra_command "firewall_stop" "Unload firewall rules" 13 | 14 | start_service() { 15 | BIND_IFACE="" 16 | for IFACE in $LOCAL_INTERFACE; do 17 | BIND_IFACE="$BIND_IFACE --bind-iface4=$IFACE" 18 | if [ "$IPV6_ENABLED" -eq "1" ]; then 19 | BIND_IFACE="$BIND_IFACE --bind-iface6=$IFACE" 20 | fi 21 | done 22 | 23 | procd_open_instance 24 | procd_set_param command $TPWS_BIN --user=nobody --debug=syslog --debug-level=$LOG_LEVEL $BIND_IFACE --port=$BIND_PORT $TPWS_ARGS $TPWS_EXTRA_ARGS 25 | procd_set_param pidfile $PIDFILE 26 | procd_set_param stdout 1 27 | procd_set_param stderr 1 28 | procd_close_instance 29 | 30 | firewall_start_v4 31 | firewall_start_v6 32 | 33 | echo 'Started TPWS service' 34 | } 35 | 36 | stop_service() { 37 | echo 'Stopping TPWS service...' 38 | firewall_stop_v4 39 | firewall_stop_v6 40 | } 41 | -------------------------------------------------------------------------------- /etc/init.d/openwrt-start: -------------------------------------------------------------------------------- 1 | #!/bin/sh /etc/rc.common 2 | # Openwrt procd script: https://openwrt.org/docs/guide-developer/procd-init-script-example 3 | 4 | USE_PROCD=1 5 | 6 | START=51 7 | STOP=19 8 | 9 | TPWS_BIN="/usr/bin/tpws" 10 | CONFFILE="/etc/tpws/tpws.conf" 11 | PIDFILE="/var/run/tpws.pid" 12 | -------------------------------------------------------------------------------- /etc/ndm/netfilter.d/100-tpws.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PIDFILE="/opt/var/run/tpws.pid" 4 | if [ ! -f "$PIDFILE" ] || ! kill -0 $(cat "$PIDFILE"); then 5 | exit 6 | fi 7 | [ "$table" != "nat" ] && exit 8 | 9 | . /opt/etc/tpws/tpws.conf 10 | 11 | # $type is `iptables` or `ip6tables` 12 | /opt/etc/init.d/S51tpws firewall_"$type" 13 | -------------------------------------------------------------------------------- /etc/tpws/auto.list: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Anonym-tsk/tpws-keenetic/ad2a53e60d00063ee7daf82db10883fdcf420e64/etc/tpws/auto.list -------------------------------------------------------------------------------- /etc/tpws/exclude.list: -------------------------------------------------------------------------------- 1 | keenetic.ru 2 | keenetic.com 3 | keenetic.pro 4 | keenetic.link 5 | keenetic.name 6 | omni.ru 7 | dns.google 8 | gosuslugi.ru 9 | gov.ru 10 | nalog.ru 11 | spb.ru 12 | mos.ru 13 | ya.ru 14 | yandex.ru 15 | vk.ru 16 | vk.com 17 | ok.ru 18 | mycdn.me 19 | odkl.ru 20 | r-ulybka.ru 21 | openwrt.org 22 | -------------------------------------------------------------------------------- /etc/tpws/tpws.conf: -------------------------------------------------------------------------------- 1 | # Local network interface, e.g. br0 2 | # You can specify multiple interfaces separated by space, e.g. LOCAL_INTERFACE="br0 nwg0" 3 | LOCAL_INTERFACE="br0" 4 | 5 | # All arguments here: https://github.com/bol-van/zapret (search for `tpws` on the page) 6 | TPWS_ARGS="--bind-wait-ip=10 --disorder --tlsrec=sni --split-http-req=method --split-pos=2" 7 | 8 | # auto - automatically detects blocked resources and adds them to the auto.list 9 | TPWS_EXTRA_ARGS="--hostlist=/opt/etc/tpws/user.list --hostlist-auto=/opt/etc/tpws/auto.list --hostlist-auto-debug=/opt/var/log/tpws.log --hostlist-exclude=/opt/etc/tpws/exclude.list" 10 | 11 | # list - applies rules only to domains in the user.list 12 | #TPWS_EXTRA_ARGS="--hostlist=/opt/etc/tpws/user.list" 13 | 14 | # all - applies rules to all traffic except domains from exclude.list 15 | #TPWS_EXTRA_ARGS="--hostlist-exclude=/opt/etc/tpws/exclude.list" 16 | 17 | # IPv6 support 18 | IPV6_ENABLED=1 19 | 20 | # HTTP support 21 | HTTP_ENABLED=0 22 | 23 | # Syslog logging level (0 - silent, 1 - default, 2 - debug) 24 | LOG_LEVEL=0 25 | 26 | BIND_PORT=999 27 | -------------------------------------------------------------------------------- /etc/tpws/user.list: -------------------------------------------------------------------------------- 1 | youtube.com 2 | youtu.be 3 | googleapis.com 4 | googlevideo.com 5 | i.ytimg.com 6 | i9.ytimg.com 7 | yt3.ggpht.com 8 | yt3.googleusercontent.com 9 | yt4.ggpht.com 10 | yt4.googleusercontent.com 11 | gvt1.com 12 | gstatic.com 13 | youtubei.googleapis.com 14 | youtube-ui.l.google.com 15 | ytimg.l.google.com 16 | ytstatic.l.google.com 17 | -------------------------------------------------------------------------------- /keys/README: -------------------------------------------------------------------------------- 1 | # Подпись Packages.sig для OpenWRT репозитория 2 | 3 | # собираем usign 4 | git clone https://git.openwrt.org/project/usign.git 5 | cd usign/ 6 | cmake . 7 | make 8 | 9 | # генерируем ключи 10 | ./usign -G -s secret.key -p public.key -c "tpws-keenetic OpenWRT repository" 11 | 12 | # подписываем пакет 13 | ./usign -S -m out/_pages/openwrt/Packages -s secret.key -c "tpws-keenetic OpenWRT repository" 14 | -------------------------------------------------------------------------------- /keys/public.key: -------------------------------------------------------------------------------- 1 | untrusted comment: tpws-keenetic OpenWRT repository 2 | RWSd9B+rdbtPiYFQsioe7c5RgvjWhQihKCEZ6DW0HQQEdg6n2up+YUlt 3 | --------------------------------------------------------------------------------