diff --git a/README.md b/README.md new file mode 100644 index 0000000..70ba061 --- /dev/null +++ b/README.md @@ -0,0 +1,28 @@ +# RouterichAX3000_configs + +Протестировано на роутере Routerich AX 3000 прошивка OpenWrt 23.05.5 r24106-10cc5fcd00 + +### Разблокировка сайтов с помощью youtubeUnblock + https-dns-proxy +Разблокировка сайтов с помощью подмены **Hello пакетов DPI** (приложение **youtubeUnblock**) + точечное перенаправление доменов, которые находятся в **геоблоке на ComssDNS** (через перенаправление dnsmasq и пакет **https-dns-proxy**) + добавление правил для **блокировки протокола QUIC** на уровне роутера + +Для корректной работы скрипта нужны установленные пакеты **youtubeUnblock** и **https-dns-proxy** + +**Установка** +```sh +wget -O - https://raw.githubusercontent.com/CodeRoK7/RouterichAX3000_configs/refs/heads/main/configure_zaprets.sh | sh +``` +**Откат** +```sh +wget -O - https://raw.githubusercontent.com/CodeRoK7/RouterichAX3000_configs/refs/heads/main/off_configure_zaprets.sh | sh +``` + +### Разблокировка сайтов с помощью WARP от CloudFlare + +**Установка** +```sh +wget --no-check-certificate -O /tmp/awg_config.sh https://raw.githubusercontent.com/CodeRoK7/RouterichAX3000_configs/refs/heads/main/awg_config.sh && chmod +x /tmp/awg_config.sh && /tmp/awg_config.sh +``` +**Откат** +```sh +wget -O - https://raw.githubusercontent.com/CodeRoK7/RouterichAX3000_configs/refs/heads/main/off_awg_config.sh | sh +``` diff --git a/awg_config.sh b/awg_config.sh index 50cab3e..5e73e37 100644 --- a/awg_config.sh +++ b/awg_config.sh @@ -88,6 +88,38 @@ install_awg_packages() { rm -rf "$AWG_DIR" } +manage_package() { + local name="$1" + local autostart="$2" + local process="$3" + + # Проверка, установлен ли пакет + if opkg list-installed | grep -q "^$name"; then + + # Проверка, включен ли автозапуск + if /etc/init.d/$name enabled; then + if [ "$autostart" = "disable" ]; then + /etc/init.d/$name disable + fi + else + if [ "$autostart" = "enable" ]; then + /etc/init.d/$name enable + fi + fi + + # Проверка, запущен ли процесс + if pidof $name > /dev/null; then + if [ "$process" = "stop" ]; then + /etc/init.d/$name stop + fi + else + if [ "$process" = "start" ]; then + /etc/init.d/$name start + fi + fi + fi +} + echo "opkg update" opkg update @@ -133,6 +165,20 @@ else fi fi +DIR="/etc/config" +DIR_BACKUP="/root/backup2" +config_files="network +firewall" + +if [ ! -d "$DIR_BACKUP" ] +then + echo "Backup files..." + mkdir -p $DIR_BACKUP + for file in $config_files + do + cp -f "$DIR/$file" "$DIR_BACKUP/$file" + done +fi #запрос конфигурации WARP result=$(curl 'https://warp.llimonix.pw/api/warp' \ @@ -174,19 +220,22 @@ AllowedIPs=$(echo "$AllowedIPs" | cut -d',' -f1) EndpointIP=$(echo "$Endpoint" | cut -d':' -f1) EndpointPort=$(echo "$Endpoint" | cut -d':' -f2) -echo "Create and configure tunnel AmneziaWG WARP..." +printf "\033[32;1mCreate and configure tunnel AmneziaWG WARP...\033[0m\n" #задаём имя интерфейса -INTERFACE_NAME="awg_route0" -CONFIG_NAME="amnezia_route0" +INTERFACE_NAME="awg10" +CONFIG_NAME="amneziawg_awg10" PROTO="amneziawg" ZONE_NAME="awg" uci set network.${INTERFACE_NAME}=interface uci set network.${INTERFACE_NAME}.proto=$PROTO +if ! uci show network | grep -q ${CONFIG_NAME}; then + uci add network ${CONFIG_NAME} +fi uci set network.${INTERFACE_NAME}.private_key=$PrivateKey -uci set network.${INTERFACE_NAME}.listen_port='51821' -uci set network.${INTERFACE_NAME}.addresses=$Address +uci add_list network.${INTERFACE_NAME}.addresses=$Address +uci set network.${INTERFACE_NAME}.mtu=$MTU uci set network.${INTERFACE_NAME}.awg_jc=$Jc uci set network.${INTERFACE_NAME}.awg_jmin=$Jmin uci set network.${INTERFACE_NAME}.awg_jmax=$Jmax @@ -196,21 +245,13 @@ uci set network.${INTERFACE_NAME}.awg_h1=$H1 uci set network.${INTERFACE_NAME}.awg_h2=$H2 uci set network.${INTERFACE_NAME}.awg_h3=$H3 uci set network.${INTERFACE_NAME}.awg_h4=$H4 -uci set network.${INTERFACE_NAME}.mtu=$MTU - -if ! uci show network | grep -q ${CONFIG_NAME}; then - uci add network ${CONFIG_NAME} - echo "add $INTERFACE_NAME" -fi - -uci set network.@${CONFIG_NAME}[0]=$CONFIG_NAME -uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client" -uci set network.@${CONFIG_NAME}[0].public_key=$PublicKey -uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0' -uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25' -uci set network.@${CONFIG_NAME}[0].endpoint_host=$EndpointIP -uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0' -uci set network.@${CONFIG_NAME}[0].endpoint_port=$EndpointPort +uci set network.@${CONFIG_NAME}[-1].description="${INTERFACE_NAME}_peer" +uci set network.@${CONFIG_NAME}[-1].public_key=$PublicKey +uci set network.@${CONFIG_NAME}[-1].endpoint_host=$EndpointIP +uci set network.@${CONFIG_NAME}[-1].endpoint_port=$EndpointPort +uci set network.@${CONFIG_NAME}[-1].persistent_keepalive='25' +uci set network.@${CONFIG_NAME}[-1].allowed_ips='0.0.0.0/0' +uci set network.@${CONFIG_NAME}[-1].route_allowed_ips='0' uci commit network if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then @@ -231,63 +272,84 @@ if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then printf "\033[32;1mConfigured forwarding\033[0m\n" uci add firewall forwarding uci set firewall.@forwarding[-1]=forwarding - uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan" + uci set firewall.@forwarding[-1].name="${ZONE_NAME}" uci set firewall.@forwarding[-1].dest=${ZONE_NAME} uci set firewall.@forwarding[-1].src='lan' uci set firewall.@forwarding[-1].family='ipv4' uci commit firewall fi +# Получаем список всех зон +ZONES=$(uci show firewall | grep "zone$" | cut -d'=' -f1) +#echo $ZONES +# Циклически проходим по всем зонам +for zone in $ZONES; do + # Получаем имя зоны + CURR_ZONE_NAME=$(uci get $zone.name) + #echo $CURR_ZONE_NAME + # Проверяем, является ли это зона с именем "$ZONE_NAME" + if [ "$CURR_ZONE_NAME" = "$ZONE_NAME" ]; then + # Проверяем, существует ли интерфейс в зоне + if ! uci get $zone.network | grep -q "$INTERFACE_NAME"; then + # Добавляем интерфейс в зону + uci add_list $zone.network="$INTERFACE_NAME" + uci commit firewall + #echo "Интерфейс '$INTERFACE_NAME' добавлен в зону '$ZONE_NAME'" + fi + fi +done + +path_podkop_config="/etc/config/podkop" +path_podkop_config_backup="/root/podkop" +URL="https://raw.githubusercontent.com/routerich/RouterichAX3000_configs/refs/heads/main" + if [ -f "/etc/init.d/podkop" ]; then - path_podkop_config="/etc/config/podkop" - path_podkop_config_backup="/root/podkop" - URL="https://raw.githubusercontent.com/routerich/RouterichAX3000_configs/refs/heads/main" printf "Podkop installed. Reconfigured on AWG WARP? (y/n): \n" + is_reconfig_podkop="y" read is_reconfig_podkop if [ "$is_reconfig_podkop" = "y" ] || [ "$is_reconfig_podkop" = "Y" ]; then cp -f "$path_podkop_config" "$path_podkop_config_backup" - wget -O "$path_podkop_config" "$URL/podkop" + wget -O "$path_podkop_config" "$URL/config_files/podkop" echo "Backup of your config in path '$path_podkop_config_backup'" echo "Podkop reconfigured..." - echo "Service Podkop restart..." - service podkop restart fi else printf "\033[32;1mInstall and configure PODKOP (a tool for point routing of traffic)?? (y/n): \033[0m\n" + is_install_podkop="y" read is_install_podkop if [ "$is_install_podkop" = "y" ] || [ "$is_install_podkop" = "Y" ]; then DOWNLOAD_DIR="/tmp/podkop" mkdir -p "$DOWNLOAD_DIR" - REPO="https://api.github.com/repos/itdoginfo/podkop/releases/tags/v0.2.5" - wget -qO- "$REPO" | grep -o 'https://[^"]*\.ipk' | while read -r url; do - filename=$(basename "$url") - echo "Download $filename..." - wget -q -O "$DOWNLOAD_DIR/$filename" "$url" + podkop_files="podkop_0.2.5-1_all.ipk + luci-app-podkop_0.2.5_all.ipk + luci-i18n-podkop-ru_0.2.5.ipk" + for file in $podkop_files + do + echo "Download $file..." + wget -q -O "$DOWNLOAD_DIR/$file" "$URL/podkop_packets/$file" done opkg install $DOWNLOAD_DIR/podkop*.ipk opkg install $DOWNLOAD_DIR/luci-app-podkop*.ipk opkg install $DOWNLOAD_DIR/luci-i18n-podkop-ru*.ipk rm -f $DOWNLOAD_DIR/podkop*.ipk $DOWNLOAD_DIR/luci-app-podkop*.ipk $DOWNLOAD_DIR/luci-i18n-podkop-ru*.ipk - - uci set podkop.main.mode='vpn' - uci set podkop.main.interface="$INTERFACE_NAME" - uci set podkop.main.domain_list_enabled='1' - uci set podkop.main.domain_list='ru_inside' - uci set podkop.main.delist_domains_enabled='0' - uci add_list podkop.main.subnets='meta' - uci add_list podkop.main.subnets='twitter' - uci add_list podkop.main.subnets='discord' - uci commit podkop - echo "Service Podkop restart..." - service podkop restart + wget -O "$path_podkop_config" "$URL/config_files/podkop" + echo "Podkop installed.." fi fi -printf "\033[32;1mStop and disabled service 'youtubeUnblock'...\033[0m" -service youtubeUnblock stop -service youtubeUnblock disable +printf "\033[32;1mStop and disabled service 'youtubeUnblock' and 'ruantiblock'...\033[0m\n" +manage_package "youtubeUnblock" "disable" "stop" +manage_package "ruantiblock" "disable" "stop" -printf "Configured completed...\n\033[32;1mRestart network...\033[0m\n" +printf "\033[32;1mRestart firewall and network...\033[0m\n" service firewall restart service network restart + +second=15 +echo "Please wait $second seconds for reboot network..." +sleep $second +printf "\033[32;1mService Podkop restart...\033[0m\n" +service podkop restart + +printf "\033[32;1mConfigured completed...\033[0m" diff --git a/dhcp b/config_files/dhcp similarity index 100% rename from dhcp rename to config_files/dhcp diff --git a/https-dns-proxy b/config_files/https-dns-proxy similarity index 100% rename from https-dns-proxy rename to config_files/https-dns-proxy diff --git a/podkop b/config_files/podkop similarity index 86% rename from podkop rename to config_files/podkop index 1baa571..4860422 100644 --- a/podkop +++ b/config_files/podkop @@ -3,7 +3,7 @@ config main 'main' option mode 'vpn' option domain_list_enabled '1' option subnets_list_enabled '1' - option custom_domains_list_enabled 'disabled' + option custom_domains_list_enabled 'dynamic' option custom_subnets_list_enabled 'disabled' option all_traffic_from_ip_enabled '0' option custom_download_domains_list_enabled '0' @@ -12,12 +12,13 @@ config main 'main' option exclude_ntp '1' option update_interval '0 4 * * *' option custom_local_domains_list_enabled '0' - option interface 'awg_route0' + option interface 'awg10' option domain_list 'ru_inside' option delist_domains_enabled '0' list subnets 'meta' list subnets 'twitter' list subnets 'discord' + list custom_domains '2ip.ru' config second 'second' option second_enable '0' diff --git a/youtubeUnblock b/config_files/youtubeUnblock similarity index 100% rename from youtubeUnblock rename to config_files/youtubeUnblock diff --git a/configure_zaprets.sh b/configure_zaprets.sh index c6cebd5..d382d7f 100644 --- a/configure_zaprets.sh +++ b/configure_zaprets.sh @@ -30,7 +30,7 @@ opkg upgrade luci-app-youtubeUnblock if [ ! -d "$DIR_BACKUP" ] then echo "Backup files..." - mkdir $DIR_BACKUP + mkdir -p $DIR_BACKUP for file in $config_files do cp -f "$DIR/$file" "$DIR_BACKUP/$file" @@ -42,7 +42,7 @@ then do if [ "$file" != "dhcp" ] then - wget -O "$DIR/$file" "$URL/$file" + wget -O "$DIR/$file" "$URL/config_files/$file" fi done fi @@ -154,4 +154,4 @@ service https-dns-proxy restart service dnsmasq restart service odhcpd restart -echo "Configure complete..." +printf "\033[32;1mConfigured completed...\033[0m" diff --git a/off_awg_config.sh b/off_awg_config.sh new file mode 100644 index 0000000..9ee07d5 --- /dev/null +++ b/off_awg_config.sh @@ -0,0 +1,62 @@ +#!/bin/sh + +DIR="/etc/config" +DIR_BACKUP="/root/backup2" +config_files="network +firewall" + +manage_package() { + local name="$1" + local autostart="$2" + local process="$3" + + # Проверка, установлен ли пакет + if opkg list-installed | grep -q "^$name"; then + + # Проверка, включен ли автозапуск + if /etc/init.d/$name enabled; then + if [ "$autostart" = "disable" ]; then + /etc/init.d/$name disable + fi + else + if [ "$autostart" = "enable" ]; then + /etc/init.d/$name enable + fi + fi + + # Проверка, запущен ли процесс + if pidof $name > /dev/null; then + if [ "$process" = "stop" ]; then + /etc/init.d/$name stop + fi + else + if [ "$process" = "start" ]; then + /etc/init.d/$name start + fi + fi + fi +} + +if [ -d "$DIR_BACKUP" ] +then + echo "Restore configs..." + for file in $config_files + do + cp -f "$DIR_BACKUP/$file" "$DIR/$file" + done + + rm -rf "$DIR_BACKUP" +fi + +echo "Stop and disabled autostart Podkop..." +manage_package "podkop" "disable" "stop" + +echo "Run and enabled autostart youtubeUnblock and ruantiblock..." +manage_package "youtubeUnblock" "enable" "start" +manage_package "ruantiblock" "enable" "start" + +printf "\033[32;1mRestart firewall and network...\033[0m\n" +service firewall restart +service network restart + +printf "\033[32;1mOff configured completed...\033[0m" \ No newline at end of file diff --git a/off_configure_zaprets.sh b/off_configure_zaprets.sh index 2b6b8c5..a827626 100644 --- a/off_configure_zaprets.sh +++ b/off_configure_zaprets.sh @@ -7,14 +7,16 @@ config_files="dhcp youtubeUnblock https-dns-proxy" -echo "Restore configs..." +if [ -d "$DIR_BACKUP" ] +then + echo "Restore configs..." + for file in $config_files + do + cp -f "$DIR_BACKUP/$file" "$DIR/$file" + done -for file in $config_files -do - cp -f "$DIR_BACKUP/$file" "$DIR/$file" -done - -rm -rf "$DIR_BACKUP" + rm -rf "$DIR_BACKUP" +fi echo "Restart service..." @@ -29,4 +31,4 @@ grep -v "0 4 \* \* \* wget -O - $URL/configure_zaprets.sh | sh" /etc/crontabs/ro cp -f "/etc/crontabs/temp" "/etc/crontabs/root" rm -f "/etc/crontabs/temp" -echo "Off configure complete..." +printf "\033[32;1mOff configured completed...\033[0m" diff --git a/podkop_packets/luci-app-podkop_0.2.5_all.ipk b/podkop_packets/luci-app-podkop_0.2.5_all.ipk new file mode 100644 index 0000000..499ad73 Binary files /dev/null and b/podkop_packets/luci-app-podkop_0.2.5_all.ipk differ diff --git a/podkop_packets/luci-i18n-podkop-ru_0.2.5.ipk b/podkop_packets/luci-i18n-podkop-ru_0.2.5.ipk new file mode 100644 index 0000000..7c96b2e Binary files /dev/null and b/podkop_packets/luci-i18n-podkop-ru_0.2.5.ipk differ diff --git a/podkop_packets/podkop_0.2.5-1_all.ipk b/podkop_packets/podkop_0.2.5-1_all.ipk new file mode 100644 index 0000000..4e7f1b2 Binary files /dev/null and b/podkop_packets/podkop_0.2.5-1_all.ipk differ