v0.3.43

Issue #91 , Issue #94

README.md

@@ -39,9 +39,9 @@ sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/mai
 Скачать пакеты `podkop_*.ipk` и `luci-app-podkop_*.ipk` из релиза. `opkg install` сначала первый, потом второй.
 
 # Обновление
-Та же самая команда, что для установки. Скрипт обнаружит уже установленный podkop и предложит обновиться.
+Та же самая команда, что для установки. Но с флагом **upgrade** сразу передёт к обновлению.
 ```
-sh <(wget -O - https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh)
+sh <(wget -qO- https://raw.githubusercontent.com/itdoginfo/podkop/refs/heads/main/install.sh) --upgrade
 ```
 
 # Удаление
@@ -73,22 +73,10 @@ Luci: Services/podkop
 
 **Custom subnets enable** - Добавить подсети или IP-адреса. Для подсетей задать маску.
 
-# Известные баги
-- [x] Не отрабатывает service podkop stop, если podkop запущен и не может, к пример, зарезолвить домен с сломанным DNS
-- [x] Update list из remote url domain не удаляет старые домены. А добавляет новые. Для подсетей тоже самое скорее всего. Пересоздавать ruleset?
-
 # ToDo
 Этот раздел не означает задачи, которые нужно брать и делать. Это общий список хотелок. Если вы хотите помочь, пожалуйста, спросите сначала в телеграмме.
 
-- [ ] Interface trigger
+Основные задачи в issues.
-- [ ] Управление sing-box с помощью podkop. sing-box disable
-- [ ] Сделать галку запрещающую подкопу редачить dhcp. Допилить в исключение вместе с пустыми полями proxy и vpn (нужно wiki)
-- [ ] Рестарт сервиса без рестарта dnsmasq
-- [ ] `ash: can't kill pid 9848: No such process` при обновлении
-- [ ] Luci: Добавить валидацию "Proxy Configuration URL". Если пустое, то ошибка. Как с интерфейсом.
-- [ ] После выключения и включения может быть: `Dnsmasq save config error: server=127.0.0.42`
-- [ ] Не грузится диагностика полностью при одной нерабочей комманде. Подумать как это можно дебажить легко. https://t.me/itdogchat/142500/378956
-- [ ] DoH возможность добавлять сервера c path. Взять пример из NextDNS
 
 Низкий приоритет
 - [ ] Галочка, которая режет доступ к doh серверам
@@ -111,6 +99,22 @@ Luci: Services/podkop
 ```
 Без этого podkop работать не будет.
 
+Если нужно до определённых доменов ходить через определённый DNS-сервер, то конфиг выглядит так
+```
+	option noresolv '1'
+	option cachesize '0'
+	list server '/itdog.info/1.1.1.1'
+	list server '127.0.0.42'
+```
+
+В этом случае домен и все субдомены ресурса itdog.info будут резолвится через DNS-сервер 1.1.1.1
+
+# Bad WAN
+При использовании опции **Interface monitoring** необходимо рестартовать podkop, чтоб init.d подхватил это
+```
+service podkop restart
+```
+
 # Разработка
 Есть два варианта:
 - Просто поставить пакет на роутер или виртуалку и прям редактировать через SFTP (opkg install openssh-sftp-server)

install.sh

@@ -5,10 +5,17 @@ REPO="https://api.github.com/repos/itdoginfo/podkop/releases/latest"
 IS_SHOULD_RESTART_NETWORK=
 DOWNLOAD_DIR="/tmp/podkop"
 COUNT=3
+UPGRADE=0
 
 rm -rf "$DOWNLOAD_DIR"
 mkdir -p "$DOWNLOAD_DIR"
 
+for arg in "$@"; do
+    if [ "$arg" = "--upgrade" ]; then
+        UPGRADE=1
+    fi
+done
+
 main() {
     check_system
     sing_box
@@ -16,28 +23,34 @@ main() {
     opkg update
   
     if [ -f "/etc/init.d/podkop" ]; then
-        printf "\033[32;1mPodkop is already installed. Just upgrade it? (y/n)\033[0m\n"
+        if [ "$UPGRADE" -eq 1 ]; then
-        printf "\033[32;1my - Only upgrade podkop\033[0m\n"
+            echo "Upgraded podkop with flag..."
-        printf "\033[32;1mn - Upgrade and install tunnels (WG, AWG, OpenVPN, OC)\033[0m\n"
+            break
+        else
+            printf "\033[32;1mPodkop is already installed. Just upgrade it?\033[0m\n"
+            printf "\033[32;1my - Only upgrade podkop\033[0m\n"
+            printf "\033[32;1mn - Upgrade and install tunnels (WG, AWG, OpenVPN, OC)\033[0m\n"
 
-        while true; do
+            while true; do
-            read -r -p '' UPDATE
+                printf "\033[32;1mEnter (y/n): \033[0m"
-            case $UPDATE in
+                read -r -p '' UPDATE
-            y)
+                case $UPDATE in
-                echo "Upgraded podkop..."
+                y)
-                break
+                    echo "Upgraded podkop..."
-                ;;
+                    break
+                    ;;
 
-            n)
+                n)
-                add_tunnel
+                    add_tunnel
-                break
+                    break
-                ;;
+                    ;;
 
-            *)
+                *)
-                echo "Please enter y or n"
+                    echo "Please enter y or n"
-                ;;
+                    ;;
-            esac
+                esac
-        done
+            done
+        fi
     else
         echo "Installed podkop..."
         add_tunnel
@@ -425,6 +438,25 @@ check_system() {
         exit 1
     fi
 
+    if opkg list-installed | grep -q https-dns-proxy; then
+        printf "\033[31;1mСonflicting package detected: https-dns-proxy. Remove? yes/no\033[0m\n"
+
+        while true; do
+                read -r -p '' DNSPROXY
+                case $DNSPROXY in
+
+                yes|y|Y|yes)
+                    opkg remove --force-depends luci-app-https-dns-proxy https-dns-proxy luci-i18n-https-dns-proxy*
+                    break
+                    ;;
+                *)
+                    echo "Exit"
+                    exit 1
+                    ;;
+        esac
+    done
+    fi
+
     if opkg list-installed | grep -qE "iptables|kmod-iptab"; then
         printf "\033[31;1mFound incompatible iptables packages. If you're using FriendlyWrt: https://t.me/itdogchat/44512/181082\033[0m\n"
     fi

luci-app-podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-podkop
-PKG_VERSION:=0.3.36
+PKG_VERSION:=0.3.43
 PKG_RELEASE:=1
 
 LUCI_TITLE:=LuCI podkop app

luci-app-podkop/htdocs/luci-static/resources/view/podkop/podkop.js

@@ -63,20 +63,20 @@ function getNetworkInterfaces(o, section_id, excludeInterfaces = []) {
 }
 
 function getNetworkNetworks(o, section_id, excludeInterfaces = []) {
-	return network.getNetworks().then(networks => {
+    return network.getNetworks().then(networks => {
-		o.keylist = [];
+        o.keylist = [];
-		o.vallist = [];
+        o.vallist = [];
 
-		networks.forEach(net => {
+        networks.forEach(net => {
-			const name = net.getName();
+            const name = net.getName();
-			const ifname = net.getIfname();
+            const ifname = net.getIfname();
-			if (name && !excludeInterfaces.includes(name)) {
+            if (name && !excludeInterfaces.includes(name)) {
-				o.value(name, ifname ? `${name} (${ifname})` : name);
+                o.value(name, ifname ? `${name} (${ifname})` : name);
-			}
+            }
-		});
+        });
-	}).catch(error => {
+    }).catch(error => {
-		console.error('Failed to get networks:', error);
+        console.error('Failed to get networks:', error);
-	});
+    });
 }
 
 function createConfigSection(section, map, network) {
@@ -99,6 +99,7 @@ function createConfigSection(section, map, network) {
     o = s.taboption('basic', form.TextValue, 'proxy_string', _('Proxy Configuration URL'), _(''));
     o.depends('proxy_config_type', 'url');
     o.rows = 5;
+    o.rmempty = false;
     o.ucisection = s.section;
     o.sectionDescriptions = new Map();
     o.placeholder = 'vless://uuid@server:port?type=tcp&security=tls#main\n// backup ss://method:pass@server:port\n// backup2 vless://uuid@server:port?type=grpc&security=reality#alt';
@@ -223,9 +224,9 @@ function createConfigSection(section, map, network) {
 
                 let params = new URLSearchParams(queryString.split('#')[0]);
                 let type = params.get('type');
-                const validTypes = ['tcp', 'udp', 'grpc', 'http'];
+                const validTypes = ['tcp', 'raw', 'udp', 'grpc', 'http', 'ws'];
                 if (!type || !validTypes.includes(type)) {
-                    return _('Invalid VLESS URL: type must be one of tcp, udp, grpc, http');
+                    return _('Invalid VLESS URL: type must be one of tcp, raw, udp, grpc, http, ws');
                 }
 
                 let security = params.get('security');
@@ -278,7 +279,7 @@ function createConfigSection(section, map, network) {
     o.depends('mode', 'vpn');
     o.ucisection = s.section;
     o.load = function (section_id) {
-        return getNetworkInterfaces(this, section_id, ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan']).then(() => {
+        return getNetworkInterfaces(this, section_id, ['br-lan', 'eth0', 'eth1', 'wan', 'phy0-ap0', 'phy1-ap0', 'pppoe-wan', 'lan']).then(() => {
             return this.super('load', section_id);
         });
     };
@@ -305,6 +306,7 @@ function createConfigSection(section, map, network) {
     o.value('hdrezka', 'HDRezka');
     o.value('tiktok', 'Tik-Tok');
     o.value('telegram', 'Telegram');
+    o.value('cloudflare', 'Cloudflare');
     o.depends('domain_list_enabled', '1');
     o.rmempty = false;
     o.ucisection = s.section;
@@ -336,13 +338,13 @@ function createConfigSection(section, map, network) {
             }
 
             if (newValues.includes('russia_inside')) {
-                const allowedWithRussiaInside = ['russia_inside', 'meta', 'twitter', 'discord', 'telegram'];
+                const allowedWithRussiaInside = ['russia_inside', 'meta', 'twitter', 'discord', 'telegram', 'cloudflare'];
                 const removedServices = newValues.filter(v => !allowedWithRussiaInside.includes(v));
                 if (removedServices.length > 0) {
                     newValues = newValues.filter(v => allowedWithRussiaInside.includes(v));
                     notifications.push(E('p', { class: 'alert-message warning' }, [
                         E('strong', {}, _('Russia inside restrictions')), E('br'),
-                        _('Warning: Russia inside can only be used with Meta, Twitter, Discord, and Telegram. %s already in Russia inside and have been removed from selection.')
+                        _('Warning: Russia inside can only be used with Meta, Twitter, Discord, Cloudflare and Telegram. %s already in Russia inside and have been removed from selection.')
                             .format(removedServices.join(', '))
                     ]));
                 }
@@ -619,9 +621,61 @@ const createModalContent = (title, content) => {
     ];
 };
 
+// Add IP masking function before showConfigModal
+const maskIP = (ip) => {
+    if (!ip) return '';
+    const parts = ip.split('.');
+    if (parts.length !== 4) return ip;
+    return ['XX', 'XX', 'XX', parts[3]].join('.');
+};
+
 const showConfigModal = async (command, title) => {
     const res = await safeExec('/usr/bin/podkop', [command]);
-    const formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+    let formattedOutput = formatDiagnosticOutput(res.stdout || _('No output'));
+
+    if (command === 'global_check') {
+        try {
+            const controller = new AbortController();
+            const timeoutId = setTimeout(() => controller.abort(), 10000);
+
+            const response = await fetch('https://fakeip.tech-domain.club/check', { signal: controller.signal });
+            const data = await response.json();
+            clearTimeout(timeoutId);
+
+
+            if (data.fakeip === true) {
+                formattedOutput += '\n✅ ' + _('FakeIP is working in browser!') + '\n';
+            } else {
+                formattedOutput += '❌ ' + _('FakeIP is not working in browser') + '\n';
+                formattedOutput += _('Check DNS server on current device (PC, phone)') + '\n';
+                formattedOutput += _('Its must be router!') + '\n';
+            }
+
+            // Bypass check
+            const bypassResponse = await fetch('https://fakeip.tech-domain.club/check', { signal: controller.signal });
+            const bypassData = await bypassResponse.json();
+            const bypassResponse2 = await fetch('https://ip.tech-domain.club/check', { signal: controller.signal });
+            const bypassData2 = await bypassResponse2.json();
+
+            formattedOutput += '━━━━━━━━━━━━━━━━━━━━━━━━━━━\n';
+
+            if (bypassData.IP && bypassData2.IP && bypassData.IP !== bypassData2.IP) {
+                formattedOutput += '✅ ' + _('Proxy working correctly') + '\n';
+                formattedOutput += _('Direct IP: ') + maskIP(bypassData.IP) + '\n';
+                formattedOutput += _('Proxy IP: ') + maskIP(bypassData2.IP) + '\n';
+            } else if (bypassData.IP === bypassData2.IP) {
+                formattedOutput += '❌ ' + _('Proxy is not working - same IP for both domains') + '\n';
+                formattedOutput += _('IP: ') + maskIP(bypassData.IP) + '\n';
+            } else {
+                formattedOutput += '❌ ' + _('Proxy check failed') + '\n';
+            }
+
+
+        } catch (error) {
+            formattedOutput += '\n❌ ' + _('Check failed: ') + (error.name === 'AbortError' ? _('timeout') : error.message) + '\n';
+        }
+    }
+
     ui.showModal(_(title), createModalContent(_(title), formattedOutput));
 };
 
@@ -665,16 +719,23 @@ const ButtonFactory = {
 };
 
 // Status Panel Factory
-const createStatusPanel = (title, status, buttons) => {
+const createStatusPanel = (title, status, buttons, extraData = {}) => {
     const headerContent = [
         E('strong', {}, _(title)),
         status && E('br'),
         status && E('span', {
-            'style': `color: ${status.running ? STATUS_COLORS.SUCCESS : STATUS_COLORS.ERROR}`
+            'style': `color: ${title === 'Sing-box Status' ?
+                (status.running && !status.enabled ? STATUS_COLORS.SUCCESS : STATUS_COLORS.ERROR) :
+                title === 'Podkop Status' ?
+                    (status.enabled ? STATUS_COLORS.SUCCESS : STATUS_COLORS.ERROR) :
+                    (status.running ? STATUS_COLORS.SUCCESS : STATUS_COLORS.ERROR)
+                }`
         }, [
-            status.running ? '✔' : '✘',
+            title === 'Sing-box Status' ?
-            ' ',
+                (status.running && !status.enabled ? '✔ running' : '✘ ' + status.status) :
-            status.status
+                title === 'Podkop Status' ?
+                    (status.enabled ? '✔ enabled' : '✘ disabled') :
+                    (status.running ? '✔' : '✘') + ' ' + status.status
         ])
     ].filter(Boolean);
 
@@ -686,7 +747,80 @@ const createStatusPanel = (title, status, buttons) => {
         E('div', {
             'class': 'panel-body',
             'style': 'display: flex; flex-direction: column; gap: 8px;'
-        }, buttons)
+        }, title === 'Podkop Status' ? [
+            ButtonFactory.createActionButton({
+                label: 'Restart Podkop',
+                type: 'apply',
+                action: 'restart',
+                reload: true
+            }),
+            ButtonFactory.createInitActionButton({
+                label: status.enabled ? 'Disable Podkop' : 'Enable Podkop',
+                type: status.enabled ? 'remove' : 'apply',
+                action: status.enabled ? 'disable' : 'enable',
+                reload: true
+            }),
+            ButtonFactory.createModalButton({
+                label: _('Global check'),
+                command: 'global_check',
+                title: _('Click here for all the info')
+            }),
+            ButtonFactory.createModalButton({
+                label: 'View Logs',
+                command: 'check_logs',
+                title: 'Podkop Logs'
+            }),
+            ButtonFactory.createModalButton({
+                label: _('Update Lists'),
+                command: 'list_update',
+                title: _('Lists Update Results')
+            })
+        ] : title === _('FakeIP Status') ? [
+            E('div', { style: 'margin-bottom: 10px;' }, [
+                E('div', { style: 'margin-bottom: 5px;' }, [
+                    E('span', { style: `color: ${extraData.fakeipStatus?.color}` }, [
+                        extraData.fakeipStatus?.state === 'working' ? '✔' : extraData.fakeipStatus?.state === 'not_working' ? '✘' : '!',
+                        ' ',
+                        extraData.fakeipStatus?.state === 'working' ? _('works in browser') : _('not works in browser')
+                    ])
+                ]),
+                E('div', {}, [
+                    E('span', { style: `color: ${extraData.fakeipCLIStatus?.color}` }, [
+                        extraData.fakeipCLIStatus?.state === 'working' ? '✔' : extraData.fakeipCLIStatus?.state === 'not_working' ? '✘' : '!',
+                        ' ',
+                        extraData.fakeipCLIStatus?.state === 'working' ? _('works on router') : _('not works on router')
+                    ])
+                ])
+            ]),
+            E('div', { style: 'margin-bottom: 10px;' }, [
+                E('div', { style: 'margin-bottom: 5px;' }, [
+                    E('strong', {}, _('DNS Status')),
+                    E('br'),
+                    E('span', { style: `color: ${extraData.dnsStatus?.remote?.color}` }, [
+                        extraData.dnsStatus?.remote?.state === 'available' ? '✔' : extraData.dnsStatus?.remote?.state === 'unavailable' ? '✘' : '!',
+                        ' ',
+                        extraData.dnsStatus?.remote?.message
+                    ]),
+                    E('br'),
+                    E('span', { style: `color: ${extraData.dnsStatus?.local?.color}` }, [
+                        extraData.dnsStatus?.local?.state === 'available' ? '✔' : extraData.dnsStatus?.local?.state === 'unavailable' ? '✘' : '!',
+                        ' ',
+                        extraData.dnsStatus?.local?.message
+                    ])
+                ])
+            ]),
+            E('div', { style: 'margin-bottom: 10px;' }, [
+                E('div', { style: 'margin-bottom: 5px;' }, [
+                    E('strong', {}, extraData.configName),
+                    E('br'),
+                    E('span', { style: `color: ${extraData.bypassStatus?.color}` }, [
+                        extraData.bypassStatus?.state === 'working' ? '✔' : extraData.bypassStatus?.state === 'not_working' ? '✘' : '!',
+                        ' ',
+                        extraData.bypassStatus?.message
+                    ])
+                ])
+            ])
+        ] : buttons)
     ]);
 };
 
@@ -696,12 +830,6 @@ let createStatusSection = function (podkopStatus, singboxStatus, podkop, luci, s
         E('div', { 'class': 'table', style: 'display: flex; gap: 20px;' }, [
             // Podkop Status Panel
             createStatusPanel('Podkop Status', podkopStatus, [
-                ButtonFactory.createActionButton({
-                    label: podkopStatus.running ? 'Stop Podkop' : 'Start Podkop',
-                    type: podkopStatus.running ? 'remove' : 'apply',
-                    action: podkopStatus.running ? 'stop' : 'start',
-                    reload: true
-                }),
                 ButtonFactory.createActionButton({
                     label: 'Restart Podkop',
                     type: 'apply',
@@ -715,9 +843,9 @@ let createStatusSection = function (podkopStatus, singboxStatus, podkop, luci, s
                     reload: true
                 }),
                 ButtonFactory.createModalButton({
-                    label: 'Show Config',
+                    label: _('Global check'),
-                    command: 'show_config',
+                    command: 'global_check',
-                    title: 'Podkop Configuration'
+                    title: _('Click here for all the info')
                 }),
                 ButtonFactory.createModalButton({
                     label: 'View Logs',
@@ -760,53 +888,14 @@ let createStatusSection = function (podkopStatus, singboxStatus, podkop, luci, s
                 })
             ]),
 
-            // FakeIP Status Panel with both browser and router checks
+            // FakeIP Status Panel
-            createStatusPanel(_('FakeIP Status'), null, [
+            createStatusPanel(_('FakeIP Status'), null, null, {
-                E('div', { style: 'margin-bottom: 10px;' }, [
+                fakeipStatus,
-                    E('div', { style: 'margin-bottom: 5px;' }, [
+                fakeipCLIStatus,
-                        E('span', { style: `color: ${fakeipStatus.color}` }, [
+                dnsStatus,
-                            fakeipStatus.state === 'working' ? '✔' : fakeipStatus.state === 'not_working' ? '✘' : '!',
+                bypassStatus,
-                            ' ',
+                configName
-                            fakeipStatus.state === 'working' ? _('works in browser') : _('not works in browser')
+            }),
-                        ])
-                    ]),
-                    E('div', {}, [
-                        E('span', { style: `color: ${fakeipCLIStatus.color}` }, [
-                            fakeipCLIStatus.state === 'working' ? '✔' : fakeipCLIStatus.state === 'not_working' ? '✘' : '!',
-                            ' ',
-                            fakeipCLIStatus.state === 'working' ? _('works on router') : _('not works on router')
-                        ])
-                    ])
-                ]),
-                E('div', { style: 'margin-bottom: 10px;' }, [
-                    E('div', { style: 'margin-bottom: 5px;' }, [
-                        E('strong', {}, _('DNS Status')),
-                        E('br'),
-                        E('span', { style: `color: ${dnsStatus.remote.color}` }, [
-                            dnsStatus.remote.state === 'available' ? '✔' : dnsStatus.remote.state === 'unavailable' ? '✘' : '!',
-                            ' ',
-                            dnsStatus.remote.message
-                        ]),
-                        E('br'),
-                        E('span', { style: `color: ${dnsStatus.local.color}` }, [
-                            dnsStatus.local.state === 'available' ? '✔' : dnsStatus.local.state === 'unavailable' ? '✘' : '!',
-                            ' ',
-                            dnsStatus.local.message
-                        ])
-                    ])
-                ]),
-                E('div', { style: 'margin-bottom: 10px;' }, [
-                    E('div', { style: 'margin-bottom: 5px;' }, [
-                        E('strong', {}, configName),
-                        E('br'),
-                        E('span', { style: `color: ${bypassStatus.color}` }, [
-                            bypassStatus.state === 'working' ? '✔' : bypassStatus.state === 'not_working' ? '✘' : '!',
-                            ' ',
-                            bypassStatus.message
-                        ])
-                    ])
-                ])
-            ]),
 
             // Version Information Panel
             createStatusPanel(_('Version Information'), null, [
@@ -1043,9 +1132,9 @@ return view.extend({
                 return true;
             }
 
-            const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$/;
+            const domainRegex = /^([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}(\/[^\s]*)?$/;
             if (!domainRegex.test(value)) {
-                return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com');
+                return _('Invalid DNS server format. Examples: 8.8.8.8 or dns.example.com or dns.example.com/nicedns for DoH');
             }
 
             return true;
@@ -1104,9 +1193,14 @@ return view.extend({
             });
         };
 
+        o = mainSection.taboption('additional', form.Flag, 'mon_restart_ifaces', _('Interface monitoring'), _('Interface monitoring for bad WAN'));
+        o.default = '0';
+        o.rmempty = false;
+        o.ucisection = 'main';
+
         o = mainSection.taboption('additional', form.MultiValue, 'restart_ifaces', _('Interface for monitoring'), _('Select the WAN interfaces to be monitored'));
         o.ucisection = 'main';
-        o.default = 'wan';
+        o.depends('mon_restart_ifaces', '1');
         o.load = function (section_id) {
             return getNetworkNetworks(this, section_id, ['lan', 'loopback']).then(() => {
                 return this.super('load', section_id);
@@ -1338,32 +1432,67 @@ return view.extend({
 
         async function updateDiagnostics() {
             try {
-                const [
+                const results = {
-                    podkopStatus,
+                    podkopStatus: null,
-                    singboxStatus,
+                    singboxStatus: null,
-                    podkop,
+                    podkop: null,
-                    luci,
+                    luci: null,
-                    singbox,
+                    singbox: null,
-                    system,
+                    system: null,
-                    fakeipStatus,
+                    fakeipStatus: null,
-                    fakeipCLIStatus,
+                    fakeipCLIStatus: null,
-                    dnsStatus,
+                    dnsStatus: null,
-                    bypassStatus
+                    bypassStatus: null
-                ] = await Promise.all([
+                };
-                    safeExec('/usr/bin/podkop', ['get_status']),
-                    safeExec('/usr/bin/podkop', ['get_sing_box_status']),
-                    safeExec('/usr/bin/podkop', ['show_version']),
-                    safeExec('/usr/bin/podkop', ['show_luci_version']),
-                    safeExec('/usr/bin/podkop', ['show_sing_box_version']),
-                    safeExec('/usr/bin/podkop', ['show_system_info']),
-                    checkFakeIP(),
-                    checkFakeIPCLI(),
-                    checkDNSAvailability(),
-                    checkBypass()
-                ]);
 
-                const parsedPodkopStatus = JSON.parse(podkopStatus.stdout || '{"running":0,"enabled":0,"status":"unknown"}');
+                // Perform all checks independently of each other
-                const parsedSingboxStatus = JSON.parse(singboxStatus.stdout || '{"running":0,"enabled":0,"status":"unknown"}');
+                const checks = [
+                    safeExec('/usr/bin/podkop', ['get_status'])
+                        .then(result => results.podkopStatus = result)
+                        .catch(() => results.podkopStatus = { stdout: '{"enabled":0,"status":"error"}' }),
+
+                    safeExec('/usr/bin/podkop', ['get_sing_box_status'])
+                        .then(result => results.singboxStatus = result)
+                        .catch(() => results.singboxStatus = { stdout: '{"running":0,"enabled":0,"status":"error"}' }),
+
+                    safeExec('/usr/bin/podkop', ['show_version'])
+                        .then(result => results.podkop = result)
+                        .catch(() => results.podkop = { stdout: 'error' }),
+
+                    safeExec('/usr/bin/podkop', ['show_luci_version'])
+                        .then(result => results.luci = result)
+                        .catch(() => results.luci = { stdout: 'error' }),
+
+                    safeExec('/usr/bin/podkop', ['show_sing_box_version'])
+                        .then(result => results.singbox = result)
+                        .catch(() => results.singbox = { stdout: 'error' }),
+
+                    safeExec('/usr/bin/podkop', ['show_system_info'])
+                        .then(result => results.system = result)
+                        .catch(() => results.system = { stdout: 'error' }),
+
+                    checkFakeIP()
+                        .then(result => results.fakeipStatus = result)
+                        .catch(() => results.fakeipStatus = { state: 'error', message: 'check error', color: STATUS_COLORS.WARNING }),
+
+                    checkFakeIPCLI()
+                        .then(result => results.fakeipCLIStatus = result)
+                        .catch(() => results.fakeipCLIStatus = { state: 'error', message: 'check error', color: STATUS_COLORS.WARNING }),
+
+                    checkDNSAvailability()
+                        .then(result => results.dnsStatus = result)
+                        .catch(() => results.dnsStatus = {
+                            remote: { state: 'error', message: 'check error', color: STATUS_COLORS.WARNING },
+                            local: { state: 'error', message: 'check error', color: STATUS_COLORS.WARNING }
+                        }),
+
+                    checkBypass()
+                        .then(result => results.bypassStatus = result)
+                        .catch(() => results.bypassStatus = { state: 'error', message: 'check error', color: STATUS_COLORS.WARNING })
+                ];
+
+                // Waiting for all the checks to be completed
+                await Promise.allSettled(checks);
 
                 const container = document.getElementById('diagnostics-status');
                 if (!container) return;
@@ -1383,11 +1512,7 @@ return view.extend({
                                 const label = activeConfig.split('#').pop();
                                 if (label && label.trim()) {
                                     configName = _('Config: ') + decodeURIComponent(label);
-                                } else {
-                                    configName = _('Main config');
                                 }
-                            } else {
-                                configName = _('Main config');
                             }
                         }
                     }
@@ -1395,42 +1520,62 @@ return view.extend({
                     console.error('Error getting config name from UCI:', e);
                 }
 
-                // Create a modified statusSection function with the configName
+                const parsedPodkopStatus = JSON.parse(results.podkopStatus.stdout || '{"enabled":0,"status":"error"}');
-                const statusSection = createStatusSection(parsedPodkopStatus, parsedSingboxStatus, podkop, luci, singbox, system, fakeipStatus, fakeipCLIStatus, dnsStatus, bypassStatus, configName);
+                const parsedSingboxStatus = JSON.parse(results.singboxStatus.stdout || '{"running":0,"enabled":0,"status":"error"}');
+
+                const statusSection = createStatusSection(
+                    parsedPodkopStatus,
+                    parsedSingboxStatus,
+                    results.podkop,
+                    results.luci,
+                    results.singbox,
+                    results.system,
+                    results.fakeipStatus,
+                    results.fakeipCLIStatus,
+                    results.dnsStatus,
+                    results.bypassStatus,
+                    configName
+                );
+
                 container.innerHTML = '';
                 container.appendChild(statusSection);
 
-                const fakeipElement = document.getElementById('fakeip-status');
+                // Updating individual status items
-                if (fakeipElement) {
+                const updateStatusElement = (elementId, status, template) => {
-                    fakeipElement.innerHTML = E('span', { 'style': `color: ${fakeipStatus.color}` }, [
+                    const element = document.getElementById(elementId);
-                        fakeipStatus.state === 'working' ? '✔ ' : fakeipStatus.state === 'not_working' ? '✘ ' : '! ',
+                    if (element) {
-                        fakeipStatus.message
+                        element.innerHTML = template(status);
-                    ]).outerHTML;
+                    }
-                }
+                };
 
-                const fakeipCLIElement = document.getElementById('fakeip-cli-status');
+                updateStatusElement('fakeip-status', results.fakeipStatus,
-                if (fakeipCLIElement) {
+                    status => E('span', { 'style': `color: ${status.color}` }, [
-                    fakeipCLIElement.innerHTML = E('span', { 'style': `color: ${fakeipCLIStatus.color}` }, [
+                        status.state === 'working' ? '✔ ' : status.state === 'not_working' ? '✘ ' : '! ',
-                        fakeipCLIStatus.state === 'working' ? '✔ ' : fakeipCLIStatus.state === 'not_working' ? '✘ ' : '! ',
+                        status.message
-                        fakeipCLIStatus.message
+                    ]).outerHTML
-                    ]).outerHTML;
+                );
-                }
 
-                const dnsRemoteElement = document.getElementById('dns-remote-status');
+                updateStatusElement('fakeip-cli-status', results.fakeipCLIStatus,
-                if (dnsRemoteElement) {
+                    status => E('span', { 'style': `color: ${status.color}` }, [
-                    dnsRemoteElement.innerHTML = E('span', { 'style': `color: ${dnsStatus.remote.color}` }, [
+                        status.state === 'working' ? '✔ ' : status.state === 'not_working' ? '✘ ' : '! ',
-                        dnsStatus.remote.state === 'available' ? '✔ ' : dnsStatus.remote.state === 'unavailable' ? '✘ ' : '! ',
+                        status.message
-                        dnsStatus.remote.message
+                    ]).outerHTML
-                    ]).outerHTML;
+                );
-                }
+
+                updateStatusElement('dns-remote-status', results.dnsStatus.remote,
+                    status => E('span', { 'style': `color: ${status.color}` }, [
+                        status.state === 'available' ? '✔ ' : status.state === 'unavailable' ? '✘ ' : '! ',
+                        status.message
+                    ]).outerHTML
+                );
+
+                updateStatusElement('dns-local-status', results.dnsStatus.local,
+                    status => E('span', { 'style': `color: ${status.color}` }, [
+                        status.state === 'available' ? '✔ ' : status.state === 'unavailable' ? '✘ ' : '! ',
+                        status.message
+                    ]).outerHTML
+                );
 
-                const dnsLocalElement = document.getElementById('dns-local-status');
-                if (dnsLocalElement) {
-                    dnsLocalElement.innerHTML = E('span', { 'style': `color: ${dnsStatus.local.color}` }, [
-                        dnsStatus.local.state === 'available' ? '✔ ' : dnsStatus.local.state === 'unavailable' ? '✘ ' : '! ',
-                        dnsStatus.local.message
-                    ]).outerHTML;
-                }
             } catch (e) {
                 const container = document.getElementById('diagnostics-status');
                 if (container) {

luci-app-podkop/po/ru/podkop.po

@@ -819,3 +819,27 @@ msgstr "недоступен"
 
 msgid "Apply for SS2022"
 msgstr "Применить для SS2022"
+
+msgid "PODKOP CONFIGURATION"
+msgstr "КОНФИГУРАЦИЯ PODKOP"
+
+msgid "FAKEIP ROUTER TEST"
+msgstr "ПРОВЕРКА FAKEIP НА РОУТЕРЕ"
+
+msgid "FAKEIP BROWSER TEST"
+msgstr "ПРОВЕРКА FAKEIP В БРАУЗЕРЕ"
+
+msgid "FakeIP is working correctly on router (198.18.x.x)"
+msgstr "FakeIP работает корректно на роутере (198.18.x.x)"
+
+msgid "Click here for all the info"
+msgstr "Нажмите для просмотра всей информации"
+
+msgid "Check DNS server on current device (PC, phone)"
+msgstr "Проверьте DNS сервер на текущем устройстве (ПК, телефон)"
+
+msgid "Its must be router!"
+msgstr "Это должен быть роутер!"
+
+msgid "Global check"
+msgstr "Глобальная проверка"

luci-app-podkop/po/templates/podkop.pot

@@ -1170,3 +1170,27 @@ msgstr ""
 
 msgid "unavailable"
 msgstr ""
+
+msgid "PODKOP CONFIGURATION"
+msgstr ""
+
+msgid "FAKEIP ROUTER TEST"
+msgstr ""
+
+msgid "FAKEIP BROWSER TEST"
+msgstr ""
+
+msgid "FakeIP is working correctly on router (198.18.x.x)"
+msgstr ""
+
+msgid "Click here for all the info"
+msgstr ""
+
+msgid "Check DNS server on current device (PC, phone)"
+msgstr ""
+
+msgid "Its must be router!"
+msgstr ""
+
+msgid "Global check"
+msgstr ""

podkop/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=podkop
-PKG_VERSION:=0.3.36
+PKG_VERSION:=0.3.43
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=ITDog <podkop@itdog.info>
@@ -13,6 +13,7 @@ define Package/podkop
 	SECTION:=net
 	CATEGORY:=Network
 	DEPENDS:=+sing-box +curl +jq +kmod-nft-tproxy +coreutils-base64
+	CONFLICTS:=https-dns-proxy
 	TITLE:=Domain routing app
 	URL:=https://itdog.info
 	PKGARCH:=all

podkop/files/etc/config/podkop

@@ -36,5 +36,6 @@ config main 'main'
 	option dns_rewrite_ttl '60'
 	option cache_file '/tmp/cache.db'
 	list iface 'br-lan'
-	list restart_ifaces 'wan'
+	option mon_restart_ifaces '0'
+	#list restart_ifaces 'wan'
 	option ss_uot '0'

podkop/files/etc/init.d/podkop

@@ -10,11 +10,12 @@ config_load "$NAME"
 start_service() {
     echo "Start podkop"
 
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
 	config_get restart_ifaces "main" "restart_ifaces"
 
 	procd_open_instance
 	procd_set_param command /usr/bin/podkop start
-	[ -z "$restart_ifaces" ] || procd_set_param netdev $restart_ifaces
+	[ "$mon_restart_ifaces" = "1" ] && [ -n "$restart_ifaces" ] && procd_set_param netdev $restart_ifaces
 	procd_set_param stdout 1
 	procd_set_param stderr 1
 	procd_close_instance
@@ -31,12 +32,16 @@ reload_service() {
 service_triggers() {
     echo "service_triggers start"
 
-    config_get restart_ifaces "main" "restart_ifaces"
+	config_get mon_restart_ifaces "main" "mon_restart_ifaces"
-	procd_open_trigger
+	config_get restart_ifaces "main" "restart_ifaces"
-		procd_add_config_trigger "config.change" "$NAME" "$initscript" reload 'on_config_change'
 
-		for iface in $restart_ifaces; do
+	procd_open_trigger
-			procd_add_reload_interface_trigger $iface
+		procd_add_config_trigger "config.change" "$NAME" "$initscript" restart 'on_config_change'
-		done
+
+        if [ "$mon_restart_ifaces" = "1" ]; then
+			for iface in $restart_ifaces; do
+				procd_add_reload_interface_trigger $iface
+			done
+		fi
 	procd_close_trigger
 }

podkop/files/usr/bin/podkop

@@ -15,14 +15,16 @@ SUBNETS_TWITTER="${GITHUB_RAW_URL}/Subnets/IPv4/twitter.lst"
 SUBNETS_META="${GITHUB_RAW_URL}/Subnets/IPv4/meta.lst"
 SUBNETS_DISCORD="${GITHUB_RAW_URL}/Subnets/IPv4/discord.lst"
 SUBNETS_TELERAM="${GITHUB_RAW_URL}/Subnets/IPv4/telegram.lst"
+SUBNETS_CLOUDFLARE="${GITHUB_RAW_URL}/Subnets/IPv4/cloudflare.lst"
 SING_BOX_CONFIG="/etc/sing-box/config.json"
 FAKEIP="198.18.0.0/15"
-VALID_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube discord meta twitter hdrezka tiktok telegram"
+VALID_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube discord meta twitter hdrezka tiktok telegram cloudflare"
 DNS_RESOLVERS="1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 9.9.9.9 9.9.9.11 94.140.14.14 94.140.15.15 208.67.220.220 208.67.222.222 77.88.8.1 77.88.8.8"
 TEST_DOMAIN="fakeip.tech-domain.club"
 INTERFACES_LIST=""
 SRC_INTERFACE=""
 RESOLV_CONF="/etc/resolv.conf"
+CLOUDFLARE_OCTETS="103.21 103.22 103.31 104.16 104.17 104.18 104.19 104.20 104.21 104.22 104.23 104.24 104.25 104.26 104.27 104.28 108.162 131.0 141.101 162.158 162.159 172.64 172.65 172.66 172.67 172.68 172.69 172.70 172.71 173.245 188.114 190.93 197.234 198.41"
 
 log() {
     local message="$1"
@@ -62,11 +64,7 @@ start_main() {
     fi
 
     if grep -qE 'doh_backup_noresolv|doh_backup_server|doh_server' /etc/config/dhcp; then
-        log "[critical] Detected https-dns-proxy. Disable or uninstall it for correct functionality."
+        log "[critical] Detected https-dns-proxy in dhcp config. Edit /etc/config/dhcp"
-    fi
-
-    if grep -E "^nameserver\s+([0-9]{1,3}\.){3}[0-9]{1,3}" "$RESOLV_CONF" | grep -vqE "127\.0\.0\.1|0\.0\.0\.0"; then
-        log "[critical] /etc/resolv.conf contains an external nameserver"
     fi
 
     migration
@@ -161,7 +159,7 @@ stop_main() {
     if [ -f /var/run/podkop_list_update.pid ]; then
         pid=$(cat /var/run/podkop_list_update.pid)
         if kill -0 "$pid"; then
-            kill "$pid"
+            kill "$pid" 2>/dev/null
             log "Stopped list_update"
         fi
         rm -f /var/run/podkop_list_update.pid
@@ -375,7 +373,8 @@ dnsmasq_add_resolver() {
     uci -q delete dhcp.@dnsmasq[0].podkop_server
     for server in $(uci get dhcp.@dnsmasq[0].server 2>/dev/null); do
         if [[ "$server" == "127.0.0.42" ]]; then
-            log "Dnsmasq save config error: server=127.0.0.42"
+            log "Dnsmasq save config error: server=127.0.0.42 is already configured. Skip editing DHCP"
+            return
         else
             uci add_list dhcp.@dnsmasq[0].podkop_server="$server"
         fi
@@ -1401,6 +1400,9 @@ list_subnets_download() {
         "telegram")
             URL=$SUBNETS_TELERAM
             ;;
+        "cloudflare")
+            URL=$SUBNETS_CLOUDFLARE
+            ;;
         "discord")
             URL=$SUBNETS_DISCORD
             nft add set inet $table podkop_discord_subnets { type ipv4_addr\; flags interval\; auto-merge\; }
@@ -1830,6 +1832,7 @@ check_sing_box_logs() {
 }
 
 check_fakeip() {
+    # Not used
     nolog "Checking fakeip functionality..."
     
     if ! command -v nslookup >/dev/null 2>&1; then
@@ -1952,8 +1955,6 @@ show_sing_box_config() {
 }
 
 show_config() {    
-    nolog "Current podkop configuration:"
-    
     if [ ! -f /etc/config/podkop ]; then
         nolog "Configuration file not found"
         return 1
@@ -1971,6 +1972,7 @@ show_config() {
         -e 's/\(pbk=[^&]*\)/pbk=MASKED/g' \
         -e 's/\(sid=[^&]*\)/sid=MASKED/g' \
         -e 's/\(option dns_server '\''[^'\'']*\.dns\.nextdns\.io'\''\)/option dns_server '\''MASKED.dns.nextdns.io'\''/g' \
+        -e "s|\(option dns_server 'dns\.nextdns\.io\)/[^']*|\1/MASKED|"
         > "$tmp_config"
 
     cat "$tmp_config"
@@ -1978,17 +1980,17 @@ show_config() {
 }
 
 show_version() {
-    local version=$(opkg info podkop | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(opkg list-installed podkop | awk '{print $3}')
     echo "$version"
 }
 
 show_luci_version() {
-    local version=$(opkg info luci-app-podkop | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(opkg list-installed luci-app-podkop | awk '{print $3}')
     echo "$version"
 }
 
 show_sing_box_version() {
-    local version=$(opkg info sing-box | grep -m 1 "Version:" | cut -d' ' -f2)
+    local version=$(sing-box version | head -n 1 | awk '{print $3}')
     echo "$version"
 }
 
@@ -2043,36 +2045,18 @@ get_sing_box_status() {
 }
 
 get_status() {
-    local running=0
     local enabled=0
     local status=""
 
     # Check if service is enabled
     if [ -x /etc/rc.d/S99podkop ]; then
         enabled=1
-    fi
+        status="enabled"
-
-    # Check if service is running
-    if pgrep -f "sing-box" >/dev/null; then
-        running=1
-    fi
-
-    # Format status message
-    if [ $running -eq 1 ]; then
-        if [ $enabled -eq 1 ]; then
-            status="running & enabled"
-        else
-            status="running but disabled"
-        fi
     else
-        if [ $enabled -eq 1 ]; then
+        status="disabled"
-            status="stopped but enabled"
-        else
-            status="stopped & disabled"
-        fi
     fi
 
-    echo "{\"running\":$running,\"enabled\":$enabled,\"status\":\"$status\"}"
+    echo "{\"enabled\":$enabled,\"status\":\"$status\"}"
 }
 
 check_dns_available() {
@@ -2088,6 +2072,9 @@ check_dns_available() {
     if echo "$dns_server" | grep -q "\.dns\.nextdns\.io$"; then
         local nextdns_id=$(echo "$dns_server" | cut -d'.' -f1)
         display_dns_server="$(echo "$nextdns_id" | sed 's/./*/g').dns.nextdns.io"
+    elif echo "$dns_server" | grep -q "^dns\.nextdns\.io/"; then
+        local masked_path=$(echo "$dns_server" | cut -d'/' -f2- | sed 's/./*/g')
+        display_dns_server="dns.nextdns.io/$masked_path"
     fi
 
     if [ "$dns_type" = "doh" ]; then
@@ -2165,6 +2152,154 @@ sing_box_add_secure_dns_probe_domain() {
     log "DNS probe domain ${domain} configured with override to port ${override_port}"
 }
 
+print_global() {
+    local message="$1"
+    echo "$message"
+}
+
+global_check() {
+    print_global "📡 Global check run!"
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "🛠️ System info"
+    print_global "🕳️ Podkop:     $(opkg list-installed podkop | awk '{print $3}')"
+    print_global "🕳️ LuCI App:   $(opkg list-installed luci-app-podkop | awk '{print $3}')"
+    print_global "📦 Sing-box:   $(sing-box version | head -n 1 | awk '{print $3}')"
+    print_global "🛜 OpenWrt:    $(grep OPENWRT_RELEASE /etc/os-release | cut -d'"' -f2)"
+    print_global "🛜 Device:     $(cat /tmp/sysinfo/model)"
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "📄 Podkop config"
+    show_config
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "🔧 System check"
+
+    if grep -E "^nameserver\s+([0-9]{1,3}\.){3}[0-9]{1,3}" "$RESOLV_CONF" | grep -vqE "127\.0\.0\.1|0\.0\.0\.0"; then
+        print_global "❌ /etc/resolv.conf contains external nameserver:"
+        cat /etc/resolv.conf
+        echo ""
+    else
+        print_global "✅ /etc/resolv.conf"
+    fi
+
+    cachesize="$(uci get dhcp.@dnsmasq[0].cachesize 2>/dev/null)"
+    noresolv="$(uci get dhcp.@dnsmasq[0].noresolv 2>/dev/null)"
+    server="$(uci get dhcp.@dnsmasq[0].server 2>/dev/null)"
+
+    if [ "$cachesize" != "0" ] || [ "$noresolv" != "1" ] || [ "$server" != "127.0.0.42" ]; then
+        print_global "❌ DHCP configuration differs from template. 📄 DHCP config:"
+        awk '/^config /{p=($2=="dnsmasq")} p' /etc/config/dhcp
+    elif [ "$(uci get podkop.main.dont_touch_dhcp 2>/dev/null)" = "1" ]; then
+        print_global "⚠️ dont_touch_dhcp is enabled. 📄 DHCP config:"
+        awk '/^config /{p=($2=="dnsmasq")} p' /etc/config/dhcp
+    else
+        print_global "✅ /etc/config/dhcp"
+    fi
+
+    if ! pgrep -f "sing-box" >/dev/null; then
+        print_global "❌ sing-box is not running"
+    else
+        print_global "✅ sing-box is running"
+    fi
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "🧱 NFT table"
+    if ! nft list table inet PodkopTable >/dev/null 2>&1; then
+        print_global "❌ PodkopTable not found"
+    else
+        nft list table inet PodkopTable
+    fi
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "📄 WAN config"
+    if uci show network.wan >/dev/null 2>&1; then
+        awk '
+            /^config / {
+                p = ($2 == "interface" && $3 == "'\''wan'\''")
+                proto = ""
+            }
+            p {
+                if ($1 == "option" && $2 == "proto") {
+                    proto = $3
+                    print
+                } else if (proto == "'\''static'\''" && $1 == "option" && ($2 == "ipaddr" || $2 == "netmask" || $2 == "gateway")) {
+                    print "        option", $2, "'\''******'\''"
+                } else if (proto == "'\''pppoe'\''" && $1 == "option" && ($2 == "username" || $2 == "password")) {
+                    print "        option", $2, "'\''******'\''"
+                } else {
+                    print
+                }
+            }
+        ' /etc/config/network
+    else
+        print_global "❌ WAN configuration not found"
+    fi
+
+    if uci show network | grep -q endpoint_host; then
+        uci show network | grep endpoint_host | cut -d'=' -f2 | tr -d "'\" " | while read -r host; do
+            if [ "$host" = "engage.cloudflareclient.com" ]; then
+                print_global "⚠️ WARP detected: $host"
+                continue
+            fi
+
+            ip_prefix=$(echo "$host" | cut -d'.' -f1,2)
+            if echo "$CLOUDFLARE_OCTETS" | grep -wq "$ip_prefix"; then
+                print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+                print_global "⚠️ WARP detected: $host"
+            fi
+        done
+    fi
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "➡️ DNS status"
+    dns_info=$(check_dns_available)
+    dns_type=$(echo "$dns_info" | jq -r '.dns_type')
+    dns_server=$(echo "$dns_info" | jq -r '.dns_server')
+    status=$(echo "$dns_info" | jq -r '.status')
+    print_global "$dns_type ($dns_server) is $status"
+
+    print_global "━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    print_global "🔁 FakeIP"
+        
+    print_global "➡️ DNS resolution: system DNS server"
+    nslookup -timeout=2 $TEST_DOMAIN
+    
+    local working_resolver=$(find_working_resolver)
+    if [ -z "$working_resolver" ]; then
+        print_global "❌ No working external resolver found"
+    else      
+        print_global "➡️ DNS resolution: external resolver ($working_resolver)"
+        nslookup -timeout=2 $TEST_DOMAIN $working_resolver
+    fi
+    
+    print_global "➡️ DNS resolution: sing-box DNS server (127.0.0.42)"
+    local result=$(nslookup -timeout=2 $TEST_DOMAIN 127.0.0.42 2>&1)
+    echo "$result"
+    
+    if echo "$result" | grep -q "198.18"; then
+        print_global "✅ FakeIP is working correctly on router (198.18.x.x)"
+    else
+        print_global "❌ FakeIP test failed: Domain did not resolve to FakeIP range"
+        if ! pgrep -f "sing-box" >/dev/null; then
+            print_global " ❌ sing-box is not running"
+        else
+            print_global " 🤔 sing-box is running, checking configuration"
+            
+            if [ -f "$SING_BOX_CONFIG" ]; then
+                local fakeip_enabled=$(jq -r '.dns.fakeip.enabled' "$SING_BOX_CONFIG")
+                local fakeip_range=$(jq -r '.dns.fakeip.inet4_range' "$SING_BOX_CONFIG")
+                local dns_rules=$(jq -r '.dns.rules[] | select(.server == "fakeip-server") | .domain' "$SING_BOX_CONFIG")
+                
+                print_global "    📦 FakeIP enabled: $fakeip_enabled"
+                print_global "    📦 FakeIP range: $fakeip_range"
+                print_global "    📦 FakeIP domain: $dns_rules"
+            else
+                print_global "    ⛔ sing-box config file not found"
+            fi
+        fi
+    fi
+}
+
 case "$1" in
     start)
         start
@@ -2232,8 +2367,11 @@ case "$1" in
     check_dns_available)
         check_dns_available
         ;;
+    global_check)
+        global_check
+        ;;
     *)
-        echo "Usage: $0 {start|stop|reload|enable|disable|main|list_update|check_proxy|check_nft|check_github|check_logs|check_sing_box_connections|check_sing_box_logs|check_fakeip|check_dnsmasq|show_config|show_version|show_sing_box_config|show_luci_version|show_sing_box_version|show_system_info|get_status|get_sing_box_status|check_dns_available}"
+        echo "Usage: $0 {start|stop|reload|enable|disable|main|list_update|check_proxy|check_nft|check_github|check_logs|check_sing_box_connections|check_sing_box_logs|check_fakeip|check_dnsmasq|show_config|show_version|show_sing_box_config|show_luci_version|show_sing_box_version|show_system_info|get_status|get_sing_box_status|check_dns_available|global_check}"
         exit 1
         ;;
 esac