├── .gitignore ├── Install ├── common │ ├── user-ipset-isp.list │ ├── user-ipset-vpn.list │ ├── update-ipset.sh │ ├── ipset4static.conf │ ├── ipset-vpn1-route.sh │ ├── ipset-isp-route.sh │ ├── ipset-isp-netfilter.sh │ ├── ipset-vpn1-netfilter.sh │ └── func.sh ├── double_vpn │ ├── user-ipset-vpn1.list │ ├── user-ipset-vpn2.list │ ├── ipset-vpn2-route.sh │ ├── ipset-vpn2-netfilter.sh │ └── ipset-table.sh ├── one_vpn │ └── ipset-table.sh └── install_func.sh ├── update.sh ├── README.md ├── install.sh └── uninstall.sh /.gitignore: -------------------------------------------------------------------------------- 1 | lists/ 2 | scripts/ -------------------------------------------------------------------------------- /Install/common/user-ipset-isp.list: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Install/common/user-ipset-vpn.list: -------------------------------------------------------------------------------- 1 | myipnet.ru 2 | -------------------------------------------------------------------------------- /Install/double_vpn/user-ipset-vpn1.list: -------------------------------------------------------------------------------- 1 | whoer.net 2 | -------------------------------------------------------------------------------- /Install/double_vpn/user-ipset-vpn2.list: -------------------------------------------------------------------------------- 1 | ipcheck.me 2 | -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ABSOLUTE_FILENAME=`readlink -f "$0"` && HOME_FOLDER=`dirname "$ABSOLUTE_FILENAME"` 4 | SYSTEM_FOLDER=`echo $HOME_FOLDER | awk -F/opt '{print $1}'` && SYSTEM_FOLDER=$SYSTEM_FOLDER/opt 5 | cd $HOME_FOLDER 6 | $SYSTEM_FOLDER/bin/git restore *.sh Install/* 7 | $SYSTEM_FOLDER/bin/git status 8 | $SYSTEM_FOLDER/bin/git pull 9 | chmod +x *.sh 10 | sh ./install.sh -u -------------------------------------------------------------------------------- /Install/common/update-ipset.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #SCRIPT VARIABE 4 | HOMEPATH=HOMEFOLDERINPUT 5 | 6 | source $HOMEPATH/scripts/func.sh 7 | 8 | #GET INFO ABOUT SCRIPT 9 | get_info_func $1 10 | 11 | #INIT FILES 12 | WORK_FILES="$IPSET_LIST $MD5_SUM" 13 | INIT=$1 14 | 15 | init_files_func $WORK_FILES 16 | 17 | ipset_func | diff_funk $IPSET_LIST - 18 | 19 | #RESTART DNS 20 | restart_dns_func 21 | -------------------------------------------------------------------------------- /Install/common/ipset4static.conf: -------------------------------------------------------------------------------- 1 | TTL=3600 2 | MODE=MODEINPUT 3 | CONF=CONFINPUT 4 | ISP_NAME=ISPINPUT 5 | #ISP_GW=$(ip route | grep -m 1 -E "via.*$ISP_NAME" | awk '{print $3}') 6 | ISP_SUBNET=$(ip a show $ISP_NAME | grep "inet " | awk '{print $2}') 7 | VPN1_NAME=VPN1INPUT 8 | VPN1_SUBNET=$(ip a show $VPN1_NAME | grep "inet " | awk '{print $2}') 9 | if [ "$CONF" == 2 ]; then 10 | VPN2_NAME=VPN2INPUT 11 | VPN2_SUBNET=$(ip a show $VPN2_NAME | grep "inet " | awk '{print $2}') 12 | fi -------------------------------------------------------------------------------- /Install/common/ipset-vpn1-route.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$1" == "hook" ] || exit 0 7 | [ "$system_name" == "$VPN1_NAME" ] || exit 0 8 | [ ! -z "$(ipset --quiet list ipset_vpn1)" ] || exit 0 9 | [ "${connected}-${link}-${up}" == "yes-up-up" ] || exit 0 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then 13 | if [ -n "$(ip route list table 1011)" ]; then 14 | ip route flush table 1011 15 | fi 16 | exit 0 17 | fi 18 | 19 | if [ -z "$(ip route list table 1011)" ]; then 20 | ip route add default dev $VPN1_NAME table 1011 21 | fi -------------------------------------------------------------------------------- /Install/double_vpn/ipset-vpn2-route.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$1" == "hook" ] || exit 0 7 | [ "$system_name" == "$VPN2_NAME" ] || exit 0 8 | [ ! -z "$(ipset --quiet list ipset_vpn2)" ] || exit 0 9 | [ "${connected}-${link}-${up}" == "yes-up-up" ] || exit 0 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then 13 | if [ -n "$(ip route list table 1012)" ]; then 14 | ip route flush table 1012 15 | fi 16 | exit 0 17 | fi 18 | 19 | if [ -z "$(ip route list table 1012)" ]; then 20 | ip route add default dev $VPN2_NAME table 1012 21 | fi -------------------------------------------------------------------------------- /Install/common/ipset-isp-route.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$1" == "hook" ] || exit 0 7 | [ "$system_name" == "$ISP_NAME" ] || exit 0 8 | [ ! -z "$(ipset --quiet list ipset_isp1)" ] || exit 0 9 | [ "${connected}-${link}-${up}" == "yes-up-up" ] || exit 0 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then 13 | if [ -n "$(ip route list table 1010)" ]; then 14 | ip route flush table 1010 15 | fi 16 | exit 0 17 | fi 18 | 19 | if [ -z "$(ip route list table 1010)" ]; then 20 | if [ -z "$ISP_GW" ]; then 21 | ip route add default dev $ISP_NAME table 1010 22 | else 23 | ip route add default via $ISP_GW table 1010 24 | fi 25 | fi -------------------------------------------------------------------------------- /Install/common/ipset-isp-netfilter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$type" == "ip6tables" ] && exit 7 | [ "$table" != "mangle" ] && exit 8 | [ -z "$(ip link list | grep $ISP_NAME)" ] && exit 9 | [ -z "$(ipset --quiet list ipset_isp1)" ] && exit 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then CON="! -z" && ACT=D; else CON="-z" && ACT=A; fi 13 | 14 | if [ $CON "$(iptables-save | grep ipset_isp1)" ]; then 15 | iptables -w -t mangle -$ACT PREROUTING ! -s $ISP_SUBNET -m conntrack --ctstate NEW -m set --match-set ipset_isp1 dst -j CONNMARK --set-mark 1010 16 | iptables -w -t mangle -$ACT PREROUTING ! -s $ISP_SUBNET -m set --match-set ipset_isp1 dst -j CONNMARK --restore-mark 17 | fi -------------------------------------------------------------------------------- /Install/common/ipset-vpn1-netfilter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$type" == "ip6tables" ] && exit 7 | [ "$table" != "mangle" ] && exit 8 | [ -z "$(ip link list | grep $VPN1_NAME)" ] && exit 9 | [ -z "$(ipset --quiet list ipset_vpn1)" ] && exit 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then CON="! -z" && ACT=D; else CON="-z" && ACT=A; fi 13 | 14 | if [ $CON "$(iptables-save | grep ipset_vpn1)" ]; then 15 | iptables -w -t mangle -$ACT PREROUTING ! -s $VPN1_SUBNET -m conntrack --ctstate NEW -m set --match-set ipset_vpn1 dst -j CONNMARK --set-mark 1011 16 | iptables -w -t mangle -$ACT PREROUTING ! -s $VPN1_SUBNET -m set --match-set ipset_vpn1 dst -j CONNMARK --restore-mark 17 | fi -------------------------------------------------------------------------------- /Install/double_vpn/ipset-vpn2-netfilter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 4 | 5 | if [ "$1" != "-start" ] && [ "$1" != "-stop" ]; then 6 | [ "$type" == "ip6tables" ] && exit 7 | [ "$table" != "mangle" ] && exit 8 | [ -z "$(ip link list | grep $VPN2_NAME)" ] && exit 9 | [ -z "$(ipset --quiet list ipset_vpn2)" ] && exit 10 | fi 11 | 12 | if [ "$1" == "-stop" ]; then CON="! -z" && ACT=D; else CON="-z" && ACT=A; fi 13 | 14 | if [ $CON "$(iptables-save | grep ipset_vpn2)" ]; then 15 | iptables -w -t mangle -$ACT PREROUTING ! -s $VPN2_SUBNET -m conntrack --ctstate NEW -m set --match-set ipset_vpn2 dst -j CONNMARK --set-mark 1012 16 | iptables -w -t mangle -$ACT PREROUTING ! -s $VPN2_SUBNET -m set --match-set ipset_vpn2 dst -j CONNMARK --restore-mark 17 | fi -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # IPset4Static 2 | Здесь выложены файлы для работы ipset + iptables. Позволяет направлять в впн по доменному имени любой сайт 3 | 4 | Есть возможность настройки с одним впн, так и с двумя (один основной, второй резервный + пользовательское перенаправление в определенный) 5 | 6 | Совместим с Bird4Static (с версии Bird4Static 3.9 и выше) и является его аддоном, но IPset4Static может работать и отдельно. 7 | 8 | Предназначено для роутеров Keenetic с установленным на них entware, а так же для любой системы с opkg пакетами, и у которых система расположена в каталоге */opt/ 9 | 10 | **Требует установленного и настроенного AdguardHome или dnsmasq, перед началом установки** 11 | 12 | Так что перед установкой нужно один из них настроить, какой выбрать и как настроить описано [здесь](https://github.com/DennoN-RUS/IPset4Static/wiki/Перед-установкой) 13 | 14 | ## Установка сервиса IPset4Static 15 | 1) Зайти по ssh в среду entware: `ssh root@192.168.1.1` 16 | 17 | 2) Выполнить: 18 | ```bash 19 | opkg install git git-http 20 | git clone https://github.com/DennoN-RUS/IPset4Static.git 21 | chmod +x ./IPset4Static/*.sh 22 | ./IPset4Static/install.sh 23 | ``` 24 | Далее выбирать нужные параметры. 25 | 26 | Более подробная инструкция установки и описание [тут](https://github.com/DennoN-RUS/IPset4Static/wiki/Установка) 27 | 28 | --- 29 | Веб-интерфейс: [web4static](https://github.com/spatiumstas/web4static) 30 | 31 | Канал в телеграме: [тут](https://t.me/bird4static) 32 | 33 | Чат в телеграме: [тут](https://t.me/bird4static_chat) 34 | 35 | Поддержать проект можно через [yoomoney](https://yoomoney.ru/to/41001872039390) и [cloudtips](https://pay.cloudtips.ru/p/76ea7dde) 36 | -------------------------------------------------------------------------------- /Install/one_vpn/ipset-table.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin 4 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 5 | 6 | start(){ 7 | #VPN1 8 | if [ -z "$(ipset list | grep ipset_vpn1)" ]; then ipset create ipset_vpn1 hash:ip timeout $TTL; fi 9 | if [ -z "$(ip rule | awk '/^30011/')" ]; then ip rule add fwmark 1011 table 1011 priority 30011; fi 10 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh -start 11 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/011-ipset-vpn1-netfilter.sh -start 12 | #ISP 13 | if [ -z "$(ipset list | grep ipset_isp1)" ]; then ipset create ipset_isp1 hash:ip timeout $TTL; fi 14 | if [ -z "$(ip rule | awk '/^30010/')" ]; then ip rule add fwmark 1010 table 1010 priority 30010; fi 15 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh -start 16 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh -start 17 | } 18 | 19 | stop(){ 20 | #VPN1 21 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/011-ipset-vpn1-netfilter.sh -stop 22 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh -stop 23 | if [ -n "$(ip rule | awk '/^30011/')" ]; then ip rule del table 1011; fi 24 | if [ -n "$(ipset list | grep ipset_vpn1)" ]; then ipset destroy ipset_vpn1; fi 25 | #ISP 26 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh -stop 27 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh -stop 28 | if [ -n "$(ip rule | awk '/^30010/')" ]; then ip rule del table 1010; fi 29 | if [ -n "$(ipset list | grep ipset_isp1)" ]; then ipset destroy ipset_isp1; fi 30 | } 31 | 32 | case "$1" in 33 | start) 34 | start 35 | ;; 36 | stop | kill) 37 | stop 38 | ;; 39 | restart) 40 | stop 41 | sleep 2 42 | start 43 | ;; 44 | *) 45 | echo "Usage: $0 {start|stop|kill|restart}" 46 | ;; 47 | esac 48 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | VERSION_NEW="v1.1.1" 4 | 5 | # Getting the path to run the script 6 | ABSOLUTE_FILENAME=`readlink -f "$0"` 7 | HOME_FOLDER=`dirname "$ABSOLUTE_FILENAME"` && HOME_FOLDER_SED=$(echo $HOME_FOLDER | sed 's/\//\\\//g') 8 | LISTS=$HOME_FOLDER/lists 9 | SCRIPTS=$HOME_FOLDER/scripts && SCRIPTS_SED=$(echo $SCRIPTS | sed 's/\//\\\//g') 10 | SYSTEM_FOLDER=`echo $HOME_FOLDER | awk -F/opt '{print $1}'` 11 | SYSTEM_FOLDER=$SYSTEM_FOLDER/opt && SYSTEM_FOLDER_SED=$(echo $SYSTEM_FOLDER | sed 's/\//\\\//g') 12 | echo -e "HomeFolder is $HOME_FOLDER \nSystemFolder is $SYSTEM_FOLDER" 13 | 14 | source $HOME_FOLDER/Install/install_func.sh 15 | 16 | while true; do 17 | echo -e "\nBegin install? y/n" 18 | read yn 19 | case $yn in 20 | [Yy]* ) 21 | 22 | if [ $(echo $ABSOLUTE_FILENAME | grep -c Bird4Static) -eq 1 ]; then Bird4Static=1; else Bird4Static=0; fi 23 | 24 | # Select dns 25 | select_dns_mode 26 | 27 | # Installing packages 28 | install_packages_func 29 | 30 | # Create start folders 31 | create_folder_func 32 | 33 | # Stop service if exist 34 | stop_func 35 | 36 | # Try get old config 37 | if [ "$1" == "-u" ]; then UPDATE=1 && get_old_config_func; fi 38 | 39 | # try get bird4static config 40 | if [ "$Bird4Static" == "1" ]; then try_get_bird4static_config_func; fi 41 | 42 | # Select number vpn 43 | select_number_vpn_func 44 | 45 | # Filling script folders and custom sheets 46 | fill_folder_and_sed_func 47 | 48 | # Copying the ipset4static configuration file 49 | copy_ipset4static_config_func 50 | 51 | # Reading vpn and provider interfaces, replacing in scripts and bird configuration 52 | show_interfaces_func 53 | config_isp_func 54 | config_vpn1_func 55 | if [ "$VCONF" == "2" ]; then config_vpn2_func; fi 56 | 57 | # Organizing scripts into folders 58 | ln_scripts_func 59 | 60 | # Change dns settings to ipset file 61 | change_dns_config 62 | 63 | # Starting Services 64 | run_func 65 | 66 | exit 0 67 | ;; 68 | [Nn]* ) exit 0;; 69 | * ) echo "Please answer yes or no.";; 70 | esac 71 | done -------------------------------------------------------------------------------- /Install/double_vpn/ipset-table.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | PATH=/opt/bin:/opt/sbin:/sbin:/bin:/usr/sbin:/usr/bin 4 | . SYSTEMFOLDERINPUT/etc/ipset4static.conf 5 | 6 | start(){ 7 | #VPN2 8 | if [ -z "$(ipset list | grep ipset_vpn2)" ]; then ipset create ipset_vpn2 hash:ip timeout $TTL; fi 9 | if [ -z "$(ip rule | awk '/^30012/')" ]; then ip rule add fwmark 1012 table 1012 priority 30012; fi 10 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/010-ipset-vpn2-route.sh -start 11 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/010-ipset-vpn2-netfilter.sh -start 12 | #VPN1 13 | if [ -z "$(ipset list | grep ipset_vpn1)" ]; then ipset create ipset_vpn1 hash:ip timeout $TTL; fi 14 | if [ -z "$(ip rule | awk '/^30011/')" ]; then ip rule add fwmark 1011 table 1011 priority 30011; fi 15 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh -start 16 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/011-ipset-vpn1-netfilter.sh -start 17 | #ISP 18 | if [ -z "$(ipset list | grep ipset_isp1)" ]; then ipset create ipset_isp1 hash:ip timeout $TTL; fi 19 | if [ -z "$(ip rule | awk '/^30010/')" ]; then ip rule add fwmark 1010 table 1010 priority 30010; fi 20 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh -start 21 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh -start 22 | } 23 | 24 | stop(){ 25 | #VPN2 26 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/010-ipset-vpn2-netfilter.sh -stop 27 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/010-ipset-vpn2-route.sh -stop 28 | if [ -n "$(ip rule | awk '/^30012/')" ]; then ip rule del table 1012; fi 29 | if [ -n "$(ipset list | grep ipset_vpn2)" ]; then ipset destroy ipset_vpn2; fi 30 | #VPN1 31 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/011-ipset-vpn1-netfilter.sh -stop 32 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh -stop 33 | if [ -n "$(ip rule | awk '/^30011/')" ]; then ip rule del table 1011; fi 34 | if [ -n "$(ipset list | grep ipset_vpn1)" ]; then ipset destroy ipset_vpn1; fi 35 | #ISP 36 | sh SYSTEMFOLDERINPUT/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh -stop 37 | sh SYSTEMFOLDERINPUT/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh -stop 38 | if [ -n "$(ip rule | awk '/^30010/')" ]; then ip rule del table 1010; fi 39 | if [ -n "$(ipset list | grep ipset_isp1)" ]; then ipset destroy ipset_isp1; fi 40 | } 41 | 42 | case "$1" in 43 | start) 44 | start 45 | ;; 46 | stop | kill) 47 | stop 48 | ;; 49 | restart) 50 | stop 51 | sleep 2 52 | start 53 | ;; 54 | *) 55 | echo "Usage: $0 {start|stop|kill|restart}" 56 | ;; 57 | esac 58 | -------------------------------------------------------------------------------- /uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ABSOLUTE_FILENAME=`readlink -f "$0"` 4 | HOME_FOLDER=`dirname "$ABSOLUTE_FILENAME"` && HOME_FOLDER_SED=$(echo $HOME_FOLDER | sed 's/\//\\\//g') 5 | LISTS=$HOME_FOLDER/lists 6 | SCRIPTS=$HOME_FOLDER/scripts 7 | SYSTEM_FOLDER=`echo $HOME_FOLDER | awk -F/opt '{print $1}'` 8 | SYSTEM_FOLDER=$SYSTEM_FOLDER/opt && SYSTEM_FOLDER_SED=$(echo $SYSTEM_FOLDER | sed 's/\//\\\//g') 9 | 10 | SCRIPTS=$HOME_FOLDER/scripts 11 | 12 | while true; do 13 | echo "Begin uninstall? y/n" 14 | read yn 15 | case $yn in 16 | [Yy]* ) 17 | 18 | if [ $(echo $ABSOLUTE_FILENAME | grep -c Bird4Static) -eq 1 ]; then Bird4Static=1; else Bird4Static=0; fi 19 | 20 | # Stop Services 21 | $SYSTEM_FOLDER/etc/init.d/S03ipset-table stop 22 | 23 | # Remove packages 24 | # ipset 25 | answer=0; echo "Do you want remove 'ipset'? 0 - no 1 - yes (default: no)"; read answer 26 | if [ "$answer" = "1" ]; then $SYSTEM_FOLDER/bin/opkg remove ipset; fi 27 | # iptables 28 | answer=0; echo "Do you want remove 'iptables'? 0 - no 1 - yes (default: no)"; read answer 29 | if [ "$answer" = "1" ]; then $SYSTEM_FOLDER/bin/opkg remove iptables; fi 30 | # diff and patch 31 | answer=0; echo "Do you want remove 'diffutils' and 'patch'? 0 - no 1 - yes (default: no)"; read answer 32 | if [ "$answer" = "1" ]; then $SYSTEM_FOLDER/bin/opkg remove diffutils patch; fi 33 | 34 | # Remove DNS Settings 35 | if [ -f "$SYSTEM_FOLDER/etc/dnsmasq.conf" ]; then 36 | if [ $(cat $SYSTEM_FOLDER/etc/dnsmasq.conf | grep "conf-file=$SYSTEM_FOLDER/etc/ipset4static_list.conf" -c ) -eq 1 ]; then 37 | sed -i '/conf-file='$SYSTEM_FOLDER_SED'\/etc\/ipset4static_list.conf/d' $SYSTEM_FOLDER/etc/dnsmasq.conf 38 | $SYSTEM_FOLDER/etc/init.d/S56dnsmasq restart 39 | fi 40 | fi 41 | if [ -f "$SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml" ]; then 42 | if [ $(cat $SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml | grep "ipset_file: $SYSTEM_FOLDER/etc/ipset4static_list.conf" -c ) -eq 1 ]; then 43 | sed -i 's/ipset_file.*/ipset_file: ""/' $SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml 44 | $SYSTEM_FOLDER/etc/init.d/S99adguardhome restart 45 | fi 46 | fi 47 | 48 | # Remove start folders 49 | rm -r $SCRIPTS 50 | 51 | # Remove scripts into folders 52 | rm -f $SYSTEM_FOLDER/etc/init.d/S03ipset-table 53 | rm -f $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh 54 | rm -f $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh 55 | rm -f $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/010-ipset-vpn2-route.sh 56 | rm -f $SYSTEM_FOLDER/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh 57 | rm -f $SYSTEM_FOLDER/etc/ndm/netfilter.d/012-ipset-vpn1-netfilter.sh 58 | rm -f $SYSTEM_FOLDER/etc/ndm/netfilter.d/010-ipset-vpn2-netfilter.sh 59 | 60 | # Remove ipset conf 61 | rm -f $SYSTEM_FOLDER/etc/ipset4static.conf 62 | rm -f $SYSTEM_FOLDER/etc/ipset4static_list.conf 63 | if [ "$Bird4Static" == "1" ]; then 64 | cd $HOME_FOLDER && cd .. 65 | rm -f lists/user-ipset*.list 66 | rm -f scripts/update-ipset.sh 67 | fi 68 | 69 | exit 0 70 | ;; 71 | [Nn]* ) exit 0;; 72 | * ) echo "Please answer yes or no.";; 73 | esac 74 | done 75 | -------------------------------------------------------------------------------- /Install/common/func.sh: -------------------------------------------------------------------------------- 1 | #SCRIPT VARIABLE 2 | SYSTEM_FOLDER=SYSTEMFOLDERINPUT 3 | IPSET_CONF=$SYSTEM_FOLDER/etc/ipset4static.conf 4 | IPSET_LIST=$SYSTEM_FOLDER/etc/ipset4static_list.conf 5 | ISPTXT=$HOMEPATH/lists/user-ipset-isp.list 6 | VPNTXT=$HOMEPATH/lists/user-ipset-vpn.list 7 | VPN1TXT=$HOMEPATH/lists/user-ipset-vpn1.list 8 | VPN2TXT=$HOMEPATH/lists/user-ipset-vpn2.list 9 | MD5_SUM=$HOMEPATH/scripts/sum.md5 10 | 11 | #INFO VARIABLE 12 | source $IPSET_CONF 13 | VERSION=VERSIONINPUT 14 | 15 | #GET INFO 16 | get_info_func() { 17 | if [[ "$1" == "-v" ]]; then 18 | echo "VERSION=$VERSION" 19 | echo "TTL=$TTL" 20 | echo "CONF=$CONF" 21 | if [ $CONF == "1" ]; then 22 | echo -e " Use one vpn\n ISP=$ISP_NAME with SUBNET=$ISP_SUBNET" 23 | echo -e " VPN=$VPN1_NAME with SUBNET=$VPN1_SUBNET" 24 | else 25 | echo -e " Use double vpn\n ISP=$ISP_NAME with SUBNET=$ISP_SUBNET" 26 | echo -e " VPN1=$VPN1_NAME with SUBNET=$VPN1_SUBNET" 27 | echo -e " VPN2=$VPN2_NAME with SUBNET=$VPN2_SUBNET" 28 | fi 29 | echo "MODE=$MODE" 30 | exit 31 | elif [[ "$1" == "-d" ]]; then DEBUG=1; fi 32 | } 33 | 34 | #INIT FILES FUNCTION 35 | init_files_func() { 36 | if [[ "$DEBUG" == 1 ]]; then echo -e "\n########### $(date) STEP_2: add init files ###########\n" >&2; fi 37 | for file in $@; do if [ ! -f $file ]; then touch $file; fi; done 38 | if [[ "$INIT" == "-i" ]]; then exit; fi 39 | } 40 | 41 | vpn_variable_generate() { 42 | ISP_COMMON=$(cat $ISPTXT | tr -d '\r' | sed '/^#/d') 43 | VPN_COMMON=$(cat $VPNTXT | tr -d '\r' | sed '/^#/d') 44 | if [ "$CONF" == "2" ]; then 45 | VPN_VPN1=$(cat $VPN1TXT | tr -d '\r' | sed '/^#/d') 46 | VPN_VPN2=$(cat $VPN2TXT | tr -d '\r' | sed '/^#/d') 47 | fi 48 | } 49 | 50 | adguard_config_generate(){ 51 | if [ -n "$ISP_COMMON" ]; then echo -e "$(echo $ISP_COMMON | sed 's/ /,/g')/ipset_isp1"; fi 52 | if [ "$CONF" == "1" ]; then 53 | if [ -n "$VPN_COMMON" ]; then echo -e "$(echo $VPN_COMMON | sed 's/ /,/g')/ipset_vpn1"; fi 54 | elif [ "$CONF" == "2" ]; then 55 | if [ -n "$VPN_COMMON" ]; then echo -e "$(echo $VPN_COMMON | sed 's/ /,/g')/ipset_vpn1,ipset_vpn2"; fi 56 | if [ -n "$VPN_VPN1" ]; then echo -e "$(echo $VPN_VPN1 | sed 's/ /,/g')/ipset_vpn1"; fi 57 | if [ -n "$VPN_VPN2" ]; then echo -e "$(echo $VPN_VPN2 | sed 's/ /,/g')/ipset_vpn2"; fi 58 | fi 59 | } 60 | 61 | dnsmasq_config_generate(){ 62 | if [ -n "$TTL" ]; then echo -e "max-ttl=$TTL"; fi 63 | if [ -n "$ISP_COMMON" ]; then for domain in $ISP_COMMON; do echo "ipset=/$domain/ipset_isp1"; done; fi 64 | if [ "$CONF" == "1" ]; then 65 | if [ -n "$VPN_COMMON" ]; then for domain in $VPN_COMMON; do echo "ipset=/$domain/ipset_vpn1"; done; fi 66 | elif [ "$CONF" == "2" ]; then 67 | if [ -n "$VPN_COMMON" ]; then for domain in $VPN_COMMON; do echo "ipset=/$domain/ipset_vpn1,ipset_vpn2"; done; fi 68 | if [ -n "$VPN_VPN1" ]; then for domain in $VPN_VPN1; do echo "ipset=/$domain/ipset_vpn1"; done; fi 69 | if [ -n "$VPN_VPN2" ]; then for domain in $VPN_VPN2; do echo "ipset=/$domain/ipset_vpn2"; done; fi 70 | fi 71 | } 72 | 73 | adguard_change_ttl(){ 74 | cache=$(grep "cache_ttl_max: $TTL$" $SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml) 75 | if [ -z "$cache" ]; then sed -i 's/cache_ttl_max:.*/cache_ttl_max: '$TTL'/' $SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml; fi 76 | } 77 | 78 | ipset_func() { 79 | vpn_variable_generate 80 | if [ "$MODE" == "adguardhome" ]; then 81 | adguard_config_generate 82 | adguard_change_ttl 83 | elif [ "$MODE" == "dnsmasq" ]; then 84 | dnsmasq_config_generate 85 | fi 86 | } 87 | 88 | #DIFF FUNCTION 89 | diff_funk() { 90 | if [ "$DEBUG" == "1" ]; then 91 | patch_file=/tmp/patch_$(echo $1 | awk -F/ '{print $NF}') 92 | echo -e "\n########### $(date) STEP_3: diff $(echo $1 | awk -F/ '{print $NF}' ) ###########\n" >&2 93 | diff -u $1 $2 > $patch_file 94 | cat $patch_file && patch $1 $patch_file 95 | rm $patch_file 96 | else 97 | diff -u $1 $2 | patch $1 - 98 | fi 99 | } 100 | 101 | #RESTART DNS FUNCTION 102 | restart_dns_func() { 103 | if [ "$DEBUG" == "1" ]; then echo -e "\n########### $(date) STEP_5: restart dns ###########\n" >&2; fi 104 | if [ "$(cat $MD5_SUM)" != "$(md5sum $IPSET_LIST $IPSET_CONF)" ]; then 105 | echo "Flush Ipset" 106 | $SYSTEM_FOLDER/etc/init.d/S03ipset-table restart 107 | md5sum $IPSET_LIST $IPSET_CONF > $MD5_SUM 108 | echo "Restarting DNS" 109 | if [ "$MODE" == "adguardhome" ]; then 110 | $SYSTEM_FOLDER/etc/init.d/S99adguardhome restart 111 | sleep 5 && $SYSTEM_FOLDER/etc/init.d/S99adguardhome check 112 | elif [ "$MODE" == "dnsmasq" ]; then 113 | $SYSTEM_FOLDER/etc/init.d/S56dnsmasq restart 114 | sleep 5 && $SYSTEM_FOLDER/etc/init.d/S56dnsmasq check 115 | fi 116 | fi 117 | } -------------------------------------------------------------------------------- /Install/install_func.sh: -------------------------------------------------------------------------------- 1 | # Select dns 2 | select_dns_mode(){ 3 | echo -e "\nChecking adguardhome or dnsmasq...\n" 4 | temp_mode=0 5 | if [ -f "$SYSTEM_FOLDER/etc/init.d/S99adguardhome" ]; then 6 | if [ $($SYSTEM_FOLDER/etc/init.d/S99adguardhome check | grep -c alive) -eq 1 ]; then temp_mode=1; fi 7 | fi 8 | if [ -f "$SYSTEM_FOLDER/etc/init.d/S56dnsmasq" ]; then 9 | if [ $($SYSTEM_FOLDER/etc/init.d/S56dnsmasq check | grep -c alive) -eq 1 ]; then temp_mode=$(( temp_mode +=2 )); fi 10 | fi 11 | if [ "$temp_mode" == "3" ]; then 12 | echo -e "\nSelect mode: \n 1 - Use adguardhome (default) \n 2 - Use dnsmasq" 13 | read temp_mode; 14 | if [ "$temp_mode" != "2" ]; then temp_mode=1; fi 15 | fi 16 | if [ "$temp_mode" == "1" ]; then 17 | MODE="adguardhome" 18 | echo -e "\nYou use adguardhome mode\n" 19 | elif [ "$temp_mode" == "2" ]; then 20 | MODE="dnsmasq" 21 | echo -e "\nYou use dnsmasq mode\n" 22 | else 23 | echo -e "\nadguardhome or dnsmasq is not running!\nPlease install and configure one of it first!!!\n" 24 | exit 0 25 | fi 26 | } 27 | 28 | # Install packages 29 | install_packages_func(){ 30 | # Update busybox 31 | $SYSTEM_FOLDER/bin/opkg update 32 | $SYSTEM_FOLDER/bin/opkg upgrade busybox 33 | # Installing packages 34 | $SYSTEM_FOLDER/bin/opkg install ipset iptables diffutils patch 35 | } 36 | 37 | # Create start folders 38 | create_folder_func(){ 39 | mkdir -p $SCRIPTS 40 | mkdir -p $LISTS 41 | } 42 | 43 | # Stop service if exist 44 | stop_func(){ 45 | # Stop table service 46 | if [ -f "$SYSTEM_FOLDER/etc/init.d/S03ipset-table" ]; then 47 | echo "Stop ipset-table" 48 | $SYSTEM_FOLDER/etc/init.d/S03ipset-table stop 49 | fi 50 | } 51 | 52 | # Try get old config 53 | get_old_config_func(){ 54 | echo -e "\n Try to load old config" 55 | if [ -f "$SYSTEM_FOLDER/etc/ipset4static.conf" ]; then 56 | source $SYSTEM_FOLDER/etc/ipset4static.conf 57 | if [ -n "$CONF" ]; then VCONF="$CONF" && echo -e "\nCONF=$VCONF\n"; fi 58 | if [ -n "$TTL" ]; then VTTL="$TTL" && echo -e "\nTTL=$TTL\n"; fi 59 | if [ -n "$ISP_NAME" ]; then VISP_NAME="$ISP_NAME" && echo -e "ISP_NAME=$VISP_NAME\n"; fi 60 | if [ -n "$ISP_GW" ]; then VISP_GW="$ISP_GW"; fi 61 | if [ -n "$VPN1_NAME" ]; then VVPN1_NAME="$VPN1_NAME" && echo -e "VPN1_NAME=$VVPN1_NAME\n"; fi 62 | if [ -n "$VPN2_NAME" ]; then VVPN2_NAME="$VPN2_NAME" && echo -e "VPN2_NAME=$VVPN2_NAME\n"; fi 63 | fi 64 | } 65 | 66 | try_get_bird4static_config_func(){ 67 | echo -e "\nFound bird4static. Do you want use his config? y/n" 68 | read ANSWER 69 | if [ "$ANSWER" == "y" ]; then 70 | cd $HOME_FOLDER && cd .. 71 | if [ -f "scripts/func.sh" ]; then 72 | source scripts/func.sh 73 | if [ -n "$VISP" ]; then VISP_NAME="$VISP" && echo -e "ISP_NAME=$VISP_NAME"; fi 74 | if [ -n "$VVPN1" ]; then VVPN1_NAME="$VVPN1" && echo -e "VPN1_NAME=$VVPN1_NAME"; fi 75 | if [ -n "$VVPN2" ]; then VVPN2_NAME="$VVPN2" && echo -e "VPN2_NAME=$VVPN2_NAME"; fi 76 | fi 77 | fi 78 | } 79 | 80 | # Select number vpn 81 | select_number_vpn_func(){ 82 | if [ -z "$VCONF" ]; then 83 | echo -e "\nDo you want to use double vpn configuration? 1 - no (default) 2 - yes" 84 | read VCONF 85 | fi 86 | if [ "$VCONF" != "2" ]; then 87 | VCONF=1 88 | CONFFOLDER="one_vpn" 89 | echo "You are select install for one vpn" 90 | else 91 | CONFFOLDER="double_vpn" 92 | echo "You are select install for double vpn" 93 | fi 94 | } 95 | 96 | # Filling script folders and custom sheetsb 97 | fill_folder_and_sed_func(){ 98 | cp $HOME_FOLDER/Install/common/*.sh $SCRIPTS 99 | cp $HOME_FOLDER/Install/$CONFFOLDER/*.sh $SCRIPTS 100 | chmod +x $SCRIPTS/*.sh 101 | if [ "$UPDATE" != "1" ]; then 102 | cp -i $HOME_FOLDER/Install/common/*.list $LISTS 103 | if [ "$VCONF" == "2" ]; then cp -i $HOME_FOLDER/Install/$CONFFOLDER/*.list $LISTS; fi 104 | fi 105 | sed -i 's/VERSIONINPUT/'$VERSION_NEW'/; s/SYSTEMFOLDERINPUT/'$SYSTEM_FOLDER_SED'/; s/HOMEFOLDERINPUT/'$HOME_FOLDER_SED'/' $SCRIPTS/*.sh 106 | rm -f $SCRIPTS/sum.md5 107 | } 108 | 109 | # Copying the ipset configuration file 110 | copy_ipset4static_config_func(){ 111 | cp $HOME_FOLDER/Install/common/ipset4static.conf $SYSTEM_FOLDER/etc/ipset4static.conf 112 | sed -i 's/MODEINPUT/'$MODE'/; s/CONFINPUT/'$VCONF'/' $SYSTEM_FOLDER/etc/ipset4static.conf 113 | if [ -n "$VTTL" ]; then sed -i 's/TTL=.*/TTL='$VTTL'/' $SYSTEM_FOLDER/etc/ipset4static.conf; fi 114 | } 115 | 116 | # Show interfaces 117 | show_interfaces_func(){ 118 | echo -e "\n----------------------" 119 | ip addr show | awk -F" |/" '{gsub(/^ +/,"")}/inet /{print $(NF), $2}' 120 | } 121 | 122 | # Config ISP 123 | config_isp_func(){ 124 | if [ -z "$VISP_NAME" ]; then 125 | echo -e "Enter the name of the provider interface from the list above (for example ppp0 or eth3)\n Or use lo if you dont want this feature" 126 | read VISP_NAME 127 | fi 128 | echo "Your are select ISP $VISP_NAME" 129 | sed -i 's/ISPINPUT/'$VISP_NAME'/' $SYSTEM_FOLDER/etc/ipset4static.conf 130 | if [ -n "$VISP_GW" ]; then sed -i 's/#ISP_GW=/ISP_GW=/' $SYSTEM_FOLDER/etc/ipset4static.conf; fi 131 | } 132 | 133 | # Config VPN1 134 | config_vpn1_func(){ 135 | if [ -z "$VVPN1_NAME" ]; then 136 | echo "Enter the VPN interface name from the list above (for example ovpn_br0 or nwg0)" 137 | read VVPN1_NAME 138 | fi 139 | echo "Your are select VPN1 $VVPN1_NAME" 140 | sed -i 's/VPN1INPUT/'$VVPN1_NAME'/' $SYSTEM_FOLDER/etc/ipset4static.conf 141 | } 142 | 143 | # Config VPN2 144 | config_vpn2_func(){ 145 | if [ -z "$VVPN2_NAME" ]; then 146 | echo "Enter the Second VPN interface name from the list above (for example ovpn_br0 or nwg0)" 147 | read VVPN2_NAME 148 | fi 149 | echo "Your are select VPN2 $VVPN2_NAME" 150 | sed -i 's/VPN2INPUT/'$VVPN2_NAME'/' $SYSTEM_FOLDER/etc/ipset4static.conf 151 | } 152 | 153 | # Organizing scripts into folders 154 | ln_scripts_func(){ 155 | ln -sf $SCRIPTS/ipset-table.sh $SYSTEM_FOLDER/etc/init.d/S03ipset-table 156 | ln -sf $SCRIPTS/ipset-isp-route.sh $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/012-ipset-isp-route.sh 157 | ln -sf $SCRIPTS/ipset-vpn1-route.sh $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/011-ipset-vpn1-route.sh 158 | ln -sf $SCRIPTS/ipset-isp-netfilter.sh $SYSTEM_FOLDER/etc/ndm/netfilter.d/012-ipset-isp-netfilter.sh 159 | ln -sf $SCRIPTS/ipset-vpn1-netfilter.sh $SYSTEM_FOLDER/etc/ndm/netfilter.d/011-ipset-vpn1-netfilter.sh 160 | if [ "$VCONF" == 2 ]; then 161 | ln -sf $SCRIPTS/ipset-vpn2-route.sh $SYSTEM_FOLDER/etc/ndm/ifstatechanged.d/010-ipset-vpn2-route.sh 162 | ln -sf $SCRIPTS/ipset-vpn2-netfilter.sh $SYSTEM_FOLDER/etc/ndm/netfilter.d/010-ipset-vpn2-netfilter.sh 163 | fi 164 | if [ "$Bird4Static" == "1" ]; then 165 | cd $HOME_FOLDER && cd .. 166 | ln -sf $LISTS/*.list lists/ 167 | ln -sf $SCRIPTS/update-ipset.sh scripts/ 168 | fi 169 | } 170 | 171 | change_dns_config(){ 172 | if [ "$MODE" == "adguardhome" ]; then 173 | sed -i 's/ipset_file.*/ipset_file: '$SYSTEM_FOLDER_SED'\/etc\/ipset4static_list.conf/' $SYSTEM_FOLDER/etc/AdGuardHome/AdGuardHome.yaml 174 | elif [ "$MODE" == "dnsmasq" ]; then 175 | if [ $(cat $SYSTEM_FOLDER/etc/dnsmasq.conf | grep conf-file=$SYSTEM_FOLDER/etc/ipset4static_list.conf -c ) -eq 0 ]; then 176 | echo conf-file=$SYSTEM_FOLDER/etc/ipset4static_list.conf >> $SYSTEM_FOLDER/etc/dnsmasq.conf 177 | fi 178 | fi 179 | 180 | } 181 | 182 | # Starting Services 183 | run_func(){ 184 | $SYSTEM_FOLDER/etc/init.d/S03ipset-table restart 185 | $SCRIPTS/update-ipset.sh -d 186 | } 187 | --------------------------------------------------------------------------------