2.1.0 - add VPN service, fix bugs

ziwork · Mar 4, 2023 · f4d6a69 · f4d6a69
1 parent 27daea1
commit f4d6a69
Show file tree

Hide file tree

Showing 14 changed files with 474 additions and 171 deletions.
diff --git a/100-ipset.sh b/100-ipset.sh
@@ -4,5 +4,5 @@ ipset create unblocksh hash:net -exist
 ipset create unblocktor hash:net -exist
 ipset create unblocktroj hash:net -exist
 ipset create unblockvmess hash:net -exist
-# ipset create unblockvpn hash:net -exist
-exit 0
+ipset create unblockvpn hash:net -exist
+exit 0
diff --git a/100-redirect.sh b/100-redirect.sh
@@ -1,12 +1,24 @@
 #!/bin/sh
+
+# 2023. Keenetic DNS bot /  Проект: bypass_keenetic / Автор: tas_unn
+# GitHub: https://github.com/tas-unn/bypass_keenetic
+# Данный бот предназначен для управления обхода блокировок на роутерах Keenetic
+# Демо-бот: https://t.me/keenetic_dns_bot
+#
+# Файл: 100-redirect.sh, Версия 2.1.0, последнее изменение: 04.03.2023, 18:30
+# Доработал: NetworK (https://github.com/ziwork)
+
 # shellcheck disable=SC2154
 [ "$type" = "ip6tables" ] && exit 0
+[ "$table" != "mangle" ] && exit 0
 ip4t() {
     # shellcheck disable=SC2039
     if ! iptables -C "$@" &>/dev/null; then
         iptables -A "$@"
     fi
 }
+
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep unblocksh)" ]; then
     ipset create unblocksh hash:net -exist
     iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblocksh dst -j REDIRECT --to-port 1082
@@ -16,17 +28,18 @@ if [ -z "$(iptables-save 2>/dev/null | grep unblocksh)" ]; then
     iptables -t nat -A OUTPUT -p tcp -m set --match-set unblocksh dst -j REDIRECT --to-port 1082
 fi
 
-
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep "udp --dport 53 -j DNAT")" ]; then
     iptables -w -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.1
     iptables -w -t nat -I PREROUTING -i sstp0 -p udp --dport 53 -j DNAT --to 192.168.1.1
 fi
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep "tcp --dport 53 -j DNAT")" ]; then
     iptables -w -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.1
     iptables -w -t nat -I PREROUTING -i sstp0 -p tcp --dport 53 -j DNAT --to 192.168.1.1
 fi
 
-
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep unblocktor)" ]; then
     ipset create unblocktor hash:net -exist
     iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblocktor dst -j REDIRECT --to-port 9141
@@ -40,7 +53,7 @@ if [ -z "$(iptables-save 2>/dev/null | grep unblocktor)" ]; then
 
 fi
 
-
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep unblockvmess)" ]; then
     ipset create unblockvmess hash:net -exist
     iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblockvmess dst -j REDIRECT --to-port 10810
@@ -54,28 +67,38 @@ if [ -z "$(iptables-save 2>/dev/null | grep unblockvmess)" ]; then
 
 fi
 
+# shellcheck disable=SC2143
 if [ -z "$(iptables-save 2>/dev/null | grep unblocktroj)" ]; then
     ipset create unblocktroj hash:net -exist
-    iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
-    iptables -I PREROUTING -w -t nat -i br0 -p udp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
-    iptables -t nat -A PREROUTING -i br0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
-    iptables -t nat -A OUTPUT -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
+    iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
+    iptables -I PREROUTING -w -t nat -i br0 -p udp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
+    iptables -t nat -A PREROUTING -i br0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
+    iptables -t nat -A OUTPUT -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
 
-    iptables -I PREROUTING -w -t nat -i sstp0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
-    iptables -I PREROUTING -w -t nat -i sstp0 -p udp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
-    iptables -t nat -A PREROUTING -i sstp0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10829
+    iptables -I PREROUTING -w -t nat -i sstp0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
+    iptables -I PREROUTING -w -t nat -i sstp0 -p udp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
+    iptables -t nat -A PREROUTING -i sstp0 -p tcp -m set --match-set unblocktroj dst -j REDIRECT --to-port 10810
 
 fi
 
+# add block iptables from vpn by ziwork
+# shellcheck disable=SC2143
+if [ -z "$(iptables-save 2>/dev/null | grep unblockvpn)" ]; then
+	ipset create unblockvpn hash:net -exist
+	# С отключением fastnat и ускорителей
+	#iptables -I PREROUTING -w -t mangle -i br0 -p tcp -m set --match-set unblockvpn dst -j MARK --set-mark 0xd1000
+	#iptables -I PREROUTING -w -t mangle -i br0 -p udp -m set --match-set unblockvpn dst -j MARK --set-mark 0xd1000
+	#iptables -t mangle -A OUTPUT -p tcp -m set --match-set unblockvpn dst -j MARK --set-mark 0xd1000
+
+	# Без отключения
+	iptables -I PREROUTING -w -t mangle -m conntrack --ctstate NEW -m set --match-set unblockvpn dst -j CONNMARK --set-mark 0xd1000
+	iptables -I PREROUTING -w -t mangle -j CONNMARK --restore-mark
+	iptables -t mangle -A OUTPUT -p tcp -m set --match-set unblockvpn dst -j CONNMARK --set-mark 0xd1000
+fi
 
 #script0
 #script1
 #script2
 #script3
-#script4
-#script5
-#script6
-#script7
-#script8
-#script9
-exit 0
+
+exit 0
diff --git a/100-unblock-vpn.sh b/100-unblock-vpn.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# 2023. Keenetic DNS bot /  Проект: bypass_keenetic / Автор: tas_unn
+# GitHub: https://github.com/tas-unn/bypass_keenetic
+# Данный бот предназначен для управления обхода блокировок на роутерах Keenetic
+# Демо-бот: https://t.me/keenetic_dns_bot
+#
+# Файл: 100-unblock-vpn.sh, Версия 2.1.0, последнее изменение: 04.03.2023, 18:54
+# Автор файла: NetworK (https://github.com/ziwork)
+
+check_vpn=$(curl -s localhost:79/rci/show/ip/name-server | grep service | grep -wv Dns | awk '{print $2}' | tr -d \", | sort -u)
+for vpn in $check_vpn ; do
+
+echo "$vpn"
+
+[ "$1" = "hook" ] || exit 0
+[ "$change" = "link" ] || exit 0
+[ "$id" = "$vpn" ] || exit 0
+
+vpn_name=$vpn
+vpn_type=$(curl -s localhost:79/rci/show/ip/name-server | grep -wv 8.8 | grep "$vpn_name" -B5 | grep address | awk '{print $2}' | tr -d \",)
+vpn_ip_route=$(ip route list | grep "$vpn_type" | awk '{print $3}')
+
+IF_NAME=$vpn_ip_route
+IF_GW4=$(ip -4 addr show "$IF_NAME" | grep -Po "(?<=inet ).*(?=/)" | awk '{print $1}')
+
+case ${id}-${change}-${connected}-${link}-${up} in
+     ${id}-link-no-down-down)
+        ip -4 rule del fwmark 0xd1000 lookup 1001 priority 1778 2>/dev/null
+        ip -4 route flush table 1001
+     ;;
+     ${id}-link-yes-up-up)
+        ip -4 route add table 1001 default via "$IF_GW4" dev "$IF_NAME" 2>/dev/null
+        ip -4 route show table main | grep -Ev ^default | while read -r ROUTE; do ip -4 route add table 1001 "$ROUTE" 2>/dev/null; done
+        ip -4 rule add fwmark 0xd1000 lookup 1001 priority 1778 2>/dev/null
+        ip -4 route flush cache
+     ;;
+esac
+
+done
+
+exit 0
diff --git a/README.md b/README.md
@@ -1,8 +1,18 @@
 # bypass_keenetic
 Установка обхода блокировок на роутерах Keenetic с установленной средой OpenWrt
 
-Полное описание:
+## Как обновиться:
+- opkg update
+- opkg install curl python3 python3-pip mc bind-dig cron dnsmasq-full ipset iptables obfs4 tor tor-geoip shadowsocks-libev-ss-redir shadowsocks-libev-config v2ray trojan
+- pip install pathlib
+- mv /opt/etc/bot.py /opt/etc/bot_old.py
+- curl -o /opt/etc/bot.py https://raw.githubusercontent.com/tas-unn/bypass_keenetic/main/bot.py
+- curl -O /opt/etc/bot_config.py https://raw.githubusercontent.com/tas-unn/bypass_keenetic/main/bot_config.py
+- mcedit /opt/etc/bot_config.py # внести свои данные
+- Открыть бота в телеграм -> Установка -> Установка & Переустановка
+- Enjoy. ([@ziwork](https://github.com/ziwork))
 
+Полное описание:
 https://habr.com/ru/post/669314/
 
 Поддержать проект:

diff --git a/S99unblock b/S99unblock
@@ -2,4 +2,4 @@
 [ "$1" != "start" ] && exit 0
 # cd /opt/etc
 /opt/bin/unblock_ipset.sh &
-python /opt/etc/bot.py &
+python3 /opt/etc/bot.py &
diff --git a/add100redirect.sh b/add100redirect.sh
@@ -1,13 +1,14 @@
-if [ -z "$(iptables-save 2>/dev/null | grep unblockvpn)" ]; then
-    ipset create unblockvpn hash:net -exist
-    iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-    iptables -I PREROUTING -w -t nat -i br0 -p udp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-    iptables -t nat -A PREROUTING -i br0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-    iptables -t nat -A OUTPUT -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-
-    iptables -I PREROUTING -w -t nat -i sstp0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-    iptables -I PREROUTING -w -t nat -i sstp0 -p udp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-    iptables -t nat -A PREROUTING -i sstp0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
-
-fi
-exit 0
+# не актуальное
+#if [ -z "$(iptables-save 2>/dev/null | grep unblockvpn)" ]; then
+#    ipset create unblockvpn hash:net -exist
+#    iptables -I PREROUTING -w -t nat -i br0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#    iptables -I PREROUTING -w -t nat -i br0 -p udp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#    iptables -t nat -A PREROUTING -i br0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#    iptables -t nat -A OUTPUT -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#
+#    iptables -I PREROUTING -w -t nat -i sstp0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#    iptables -I PREROUTING -w -t nat -i sstp0 -p udp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#    iptables -t nat -A PREROUTING -i sstp0 -p tcp -m set --match-set unblockvpn dst -j MASQUERADE -o ppp1
+#
+#fi
+#exit 0
diff --git a/add_unblock_dnsmasq b/add_unblock_dnsmasq
diff --git a/add_unblock_dnsmasq.sh b/add_unblock_dnsmasq.sh
@@ -0,0 +1,13 @@
+#не актуальное
+##vpn1 и unblockvpn меняем
+#while read -r line || [ -n "$line" ]; do
+#
+#  [ -z "$line" ] && continue
+#  #[ "${line:0:1}" = "#" ] && continue
+#  [ "${line#?}" = "#" ] && continue
+#
+#  echo $line | grep -Eq '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' && continue
+#
+#  echo "ipset=/$line/unblockvpn" >> /opt/etc/unblock.dnsmasq
+#  echo "server=/$line/127.0.0.1#40500" >> /opt/etc/unblock.dnsmasq
+#done < /opt/etc/unblock/vpn1.txt
diff --git a/add_unblock_ipset.sh b/add_unblock_ipset.sh
@@ -1,34 +1,35 @@
-# unblockvpn - множество
-# vpn1.txt - название файла со списком обхода
-
-while read -r line || [ -n "$line" ]; do
-
-  [ -z "$line" ] && continue
-  #[ "${line:0:1}" = "#" ] && continue
-  [ "${line#?}" = "#" ] && continue
-
-  cidr=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}')
-
-  if [ -n "$cidr" ]; then
-    ipset -exist add unblockvpn "$cidr"
-    continue
-  fi
-
-  range=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}-[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
-
-  if [ -n "$range" ]; then
-    ipset -exist add unblockvpn "$range"
-    continue
-  fi
-
-  addr=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
-
-  if [ -n "$addr" ]; then
-    ipset -exist add unblockvpn "$addr"
-    continue
-  fi
-
-  dig +short "$line" @localhost -p 40500 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("ipset -exist add unblockvpn "$1)}'
-
-
-done < /opt/etc/unblock/vpn1.txt
+# не актуальное
+## unblockvpn - множество
+## vpn1.txt - название файла со списком обхода
+#
+#while read -r line || [ -n "$line" ]; do
+#
+#  [ -z "$line" ] && continue
+#  #[ "${line:0:1}" = "#" ] && continue
+#  [ "${line#?}" = "#" ] && continue
+#
+#  cidr=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}')
+#
+#  if [ -n "$cidr" ]; then
+#    ipset -exist add unblockvpn "$cidr"
+#    continue
+#  fi
+#
+#  range=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}-[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
+#
+#  if [ -n "$range" ]; then
+#    ipset -exist add unblockvpn "$range"
+#    continue
+#  fi
+#
+#  addr=$(echo "$line" | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
+#
+#  if [ -n "$addr" ]; then
+#    ipset -exist add unblockvpn "$addr"
+#    continue
+#  fi
+#
+#  dig +short "$line" @localhost -p 40500 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '{system("ipset -exist add unblockvpn "$1)}'
+#
+#
+#done < /opt/etc/unblock/vpn1.txt