Merge pull request #3447 from stangri/19.07-luci-app-vpn-policy-routing

[19.07] luci-app-vpn-policy-routing: initial release

applications/luci-app-vpn-policy-routing/Makefile

@@ -0,0 +1,17 @@
+# Copyright 2017-2019 Stan Grishin (stangri@melmac.net)
+# This is free software, licensed under the GNU General Public License v3.
+
+include $(TOPDIR)/rules.mk
+
+PKG_LICENSE:=GPL-3.0-or-later
+PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
+
+LUCI_TITLE:=VPN Policy-Based Routing Service Web UI
+LUCI_DESCRIPTION:=Provides Web UI for vpn-policy-routing service.
+LUCI_DEPENDS:=+luci-compat +luci-mod-admin-full +vpn-policy-routing
+LUCI_PKGARCH:=all
+PKG_RELEASE:=67
+
+include ../../luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

applications/luci-app-vpn-policy-routing/luasrc/controller/vpn-policy-routing.lua

@@ -0,0 +1,25 @@
+module("luci.controller.vpn-policy-routing", package.seeall)
+function index()
+	if nixio.fs.access("/etc/config/vpn-policy-routing") then
+		entry({"admin", "vpn"}, firstchild(), _("VPN"), 60).dependent=false
+		entry({"admin", "vpn", "vpn-policy-routing"}, cbi("vpn-policy-routing"), _("VPN Policy Routing"))
+		entry({"admin", "vpn", "vpn-policy-routing", "action"}, call("vpn_policy_routing_action"), nil).leaf = true
+	end
+end
+
+function vpn_policy_routing_action(name)
+	local packageName = "vpn-policy-routing"
+	if name == "start" then
+		luci.sys.init.start(packageName)
+	elseif name == "action" then
+		luci.util.exec("/etc/init.d/" .. packageName .. " reload >/dev/null 2>&1")
+	elseif name == "stop" then
+		luci.sys.init.stop(packageName)
+	elseif name == "enable" then
+		luci.util.exec("uci set " .. packageName .. ".config.enabled=1; uci commit " .. packageName)
+	elseif name == "disable" then
+		luci.util.exec("uci set " .. packageName .. ".config.enabled=0; uci commit " .. packageName)
+	end
+	luci.http.prepare_content("text/plain")
+	luci.http.write("0")
+end

applications/luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua

@@ -0,0 +1,379 @@
+local readmeURL = "https://github.com/openwrt/packages/tree/master/net/vpn-policy-routing/files/README.md"
+-- local readmeURL = "https://github.com/stangri/openwrt_packages/tree/master/vpn-policy-routing/files/README.md"
+
+-- function log(obj)
+-- 	if obj ~= nil then if type(obj) == "table" then luci.util.dumptable(obj) else luci.util.perror(obj) end else luci.util.perror("Empty object") end
+-- end
+
+local packageName = "vpn-policy-routing"
+local uci = require "luci.model.uci".cursor()
+local sys = require "luci.sys"
+local util = require "luci.util"
+local ip = require "luci.ip"
+local fs = require "nixio.fs"
+local jsonc = require "luci.jsonc"
+local http = require "luci.http"
+local nutil = require "nixio.util"
+local dispatcher = require "luci.dispatcher"
+local enabledFlag = uci:get(packageName, "config", "enabled")
+local enc
+
+local ubusStatus = util.ubus("service", "list", { name = packageName })
+if ubusStatus and ubusStatus[packageName] and 
+	 ubusStatus[packageName]["instances"] and 
+	 ubusStatus[packageName]["instances"]["main"] and 
+	 ubusStatus[packageName]["instances"]["main"]["data"] and
+	 ubusStatus[packageName]["instances"]["main"]["data"]["status"] and 
+	 ubusStatus[packageName]["instances"]["main"]["data"]["status"][1] then
+	pkgGateways = ubusStatus[packageName]["instances"]["main"]["data"]["status"][1]["gateway"]
+	pkgGateways = pkgGateways and pkgGateways:gsub('\\n', '\n')
+	pkgGateways = pkgGateways and pkgGateways:gsub('\\033%[0;32m%[\\xe2\\x9c\\x93%]\\033%[0m', '✓')
+	pkgErrors = ubusStatus[packageName]["instances"]["main"]["data"]["status"][1]["error"]
+	pkgErrors = pkgErrors and pkgErrors:gsub('\\n', '\n')
+	pkgErrors = pkgErrors and pkgErrors:gsub('\\033%[0;31mERROR\\033%[0m: ', '')
+	pkgWarnings = ubusStatus[packageName]["instances"]["main"]["data"]["status"][1]["warning"]
+	pkgWarnings = pkgWarnings and pkgWarnings:gsub('\\n', '\n')
+	pkgWarnings = pkgWarnings and pkgWarnings:gsub('\\033%[0;33mWARNING\\033%[0m: ', '')
+	pkgMode = ubusStatus[packageName]["instances"]["main"]["data"]["status"][1]["mode"]
+end
+
+local pkgVersion = tostring(util.trim(sys.exec("opkg list-installed " .. packageName .. " | awk '{print $3}'")))
+if not pkgVersion or pkgVersion == "" then
+	pkgVersion = ""
+	pkgStatus, pkgStatusLabel = "NotFound", packageName .. " " .. translate("is not installed or not found")
+else  
+	pkgVersion = " [" .. packageName .. " " .. pkgVersion .. "]"
+end
+local pkgStatus, pkgStatusLabel = "Stopped", translate("Stopped")
+if sys.call("iptables -t mangle -L | grep -q VPR_PREROUTING") == 0 then
+	pkgStatus, pkgStatusLabel = "Running", translate("Running")
+	if pkgMode and pkgMode == "strict" then
+		pkgStatusLabel = pkgStatusLabel .. " " .. translate("(strict mode)")
+	end
+end
+
+local t = uci:get("vpn-policy-routing", "config", "supported_interface")
+if not t then
+	supportedIfaces = ""
+elseif type(t) == "table" then
+	for key,value in pairs(t) do supportedIfaces = supportedIfaces and supportedIfaces .. ' ' .. value or value end
+elseif type(t) == "string" then
+	supportedIfaces = t
+end
+
+t = uci:get("vpn-policy-routing", "config", "ignored_interface")
+if not t then
+	ignoredIfaces = ""
+elseif type(t) == "table" then
+	for key,value in pairs(t) do ignoredIfaces = ignoredIfaces and ignoredIfaces .. ' ' .. value or value end
+elseif type(t) == "string" then
+	ignoredIfaces = t
+end
+
+local lanIPAddr = uci:get("network", "lan", "ipaddr")
+local lanNetmask = uci:get("network", "lan", "netmask")
+-- if multiple ip addresses on lan interface, will be return as table of CIDR notations i.e. {"10.0.0.1/24","10.0.0.2/24"}
+if (type(lanIPAddr) == "table") then                                                                                   
+				first = true                                                                                             
+				for i,line in ipairs(lanIPAddr) do                                                                  
+								lanIPAddr = lanIPAddr[i]                                                                    
+								break                                           
+				end                                                     
+				lanIPAddr = string.match(lanIPAddr,"[0-9.]+")                                                            
+end          
+if lanIPAddr and lanNetmask then
+	laPlaceholder = ip.new(lanIPAddr .. "/" .. lanNetmask )
+end
+
+function is_wan(name)
+	return name:sub(1,3) == "wan" or name:sub(-3) == "wan"
+end
+
+function is_supported_interface(arg)
+	local name=arg['.name']
+	local proto=arg['proto']
+	local ifname=arg['ifname']
+
+	if name and is_wan(name) then return true end
+	if name and supportedIfaces:match('%f[%w]' .. name .. '%f[%W]') then return true end
+	if name and not ignoredIfaces:match('%f[%w]' .. name .. '%f[%W]') then
+		if type(ifname) == "table" then
+			for key,value in pairs(ifname) do
+				if value and value:sub(1,3) == "tun" then return true end
+				if value and value:sub(1,3) == "tap" then return true end
+				if value and value:sub(1,3) == "tor" then return true end
+				if value and fs.access("/sys/devices/virtual/net/" .. value .. "/tun_flags") then return true end
+			end
+		elseif type(ifname) == "string" then
+			if ifname and ifname:sub(1,3) == "tun" then return true end
+			if ifname and ifname:sub(1,3) == "tap" then return true end
+			if ifname and ifname:sub(1,3) == "tor" then return true end
+			if ifname and fs.access("/sys/devices/virtual/net/" .. ifname .. "/tun_flags") then return true end
+		end
+		if proto and proto:sub(1,11) == "openconnect" then return true end
+		if proto and proto:sub(1,4) == "pptp" then return true end
+		if proto and proto:sub(1,4) == "l2tp" then return true end
+		if proto and proto:sub(1,9) == "wireguard" then return true end
+	end
+end
+
+m = Map("vpn-policy-routing", translate("VPN and WAN Policy-Based Routing"))
+
+h = m:section(NamedSection, "config", packageName, translate("Service Status") .. pkgVersion)
+status = h:option(DummyValue, "_dummy", translate("Service Status"))
+status.template = "vpn-policy-routing/status"
+status.value = pkgStatusLabel
+if pkgStatus:match("Running") and pkgGateways and pkgGateways ~= "" then
+	gateways = h:option(DummyValue, "_dummy", translate("Service Gateways"))
+	gateways.template = packageName .. "/status-textarea"
+	gateways.value = pkgGateways
+end
+if pkgErrors and pkgErrors ~= "" then
+	errors = h:option(DummyValue, "_dummy", translate("Service Errors"))
+	errors.template = packageName .. "/status-textarea"
+	errors.value = pkgErrors
+end
+if pkgWarnings and pkgWarnings ~= "" then
+	warnings = h:option(DummyValue, "_dummy", translate("Service Warnings"))
+	warnings.template = packageName .. "/status-textarea"
+	warnings.value = pkgWarnings
+end
+buttons = h:option(DummyValue, "_dummy")
+buttons.template = packageName .. "/buttons"
+
+-- General Options
+config = m:section(NamedSection, "config", "vpn-policy-routing", translate("Configuration"))
+config.override_values = true
+config.override_depends = true
+
+-- Basic Options
+config:tab("basic", translate("Basic Configuration"))
+
+verb = config:taboption("basic", ListValue, "verbosity", translate("Output verbosity"),translate("Controls both system log and console output verbosity."))
+verb:value("0", translate("Suppress/No output"))
+verb:value("1", translate("Condensed output"))
+verb:value("2", translate("Verbose output"))
+verb.default = 2
+
+se = config:taboption("basic", ListValue, "strict_enforcement", translate("Strict enforcement"),translate("See the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#strict-enforcement" target="_blank">]]
+	.. translate("README") .. [[</a>]] .. " " .. translate("for details."))
+se:value("0", translate("Do not enforce policies when their gateway is down"))
+se:value("1", translate("Strictly enforce policies when their gateway is down"))
+se.default = 1
+
+dest_ipset = config:taboption("basic", ListValue, "dest_ipset", translate("The ipset option for remote policies"),
+	translate("Please check the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#additional-settings" target="_blank">]]
+	.. translate("README") .. [[</a>]] .. " " .. translate("before changing this option."))
+dest_ipset:value("", translate("Disabled"))
+dest_ipset:value("ipset", translate("Use ipset command"))
+dest_ipset:value("dnsmasq.ipset", translate("Use DNSMASQ ipset"))
+dest_ipset.default = ""
+dest_ipset.rmempty = true
+
+src_ipset = config:taboption("basic", ListValue, "src_ipset", translate("The ipset option for local policies"),
+	translate("Please check the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#additional-settings" target="_blank">]]
+	.. translate("README") .. [[</a>]] .. " " .. translate("before changing this option."))
+src_ipset:value("0", translate("Disabled"))
+src_ipset:value("1", translate("Use ipset command"))
+
+ipv6 = config:taboption("basic", ListValue, "ipv6_enabled", translate("IPv6 Support"))
+ipv6:value("0", translate("Disabled"))
+ipv6:value("1", translate("Enabled"))
+
+-- Advanced Options
+config:tab("advanced", translate("Advanced Configuration"),
+	"<br/>&nbsp;&nbsp;&nbsp;&nbsp;<b>" .. translate("WARNING:") .. "</b>" .. " " .. translate("Please make sure to check the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#additional-settings" target="_blank">]] .. translate("README") .. [[</a>]] .. " "
+	.. translate("before changing anything in this section! Change any of the settings below with extreme caution!") .. "<br/><br/>")
+
+supportedIface = config:taboption("advanced", DynamicList, "supported_interface", translate("Supported Interfaces"), translate("Allows to specify the list of interface names (in lower case) to be explicitly supported by the service. Can be useful if your OpenVPN tunnels have dev option other than tun* or tap*."))
+supportedIface.optional = false
+
+ignoredIface = config:taboption("advanced", DynamicList, "ignored_interface", translate("Ignored Interfaces"), translate("Allows to specify the list of interface names (in lower case) to be ignored by the service. Can be useful if running both VPN server and VPN client on the router."))
+ignoredIface.optional = false
+
+timeout = config:taboption("advanced", Value, "boot_timeout", translate("Boot Time-out"), translate("Time (in seconds) for service to wait for WAN gateway discovery on boot."))
+timeout.optional = false
+timeout.rmempty = true
+
+insert = config:taboption("advanced", ListValue, "iptables_rule_option", translate("IPTables rule option"), translate("Select Append for -A and Insert for -I."))
+insert:value("append", translate("Append"))
+insert:value("insert", translate("Insert"))
+insert.default = "append"
+
+iprule = config:taboption("advanced", ListValue, "iprule_enabled", translate("IP Rules Support"), translate("Add an ip rule, not an iptables entry for policies with just the local address. Use with caution to manipulte policies priorities."))
+iprule:value("0", translate("Disabled"))
+iprule:value("1", translate("Enabled"))
+
+icmp = config:taboption("advanced", ListValue, "icmp_interface", translate("Default ICMP Interface"), translate("Force the ICMP protocol interface."))
+icmp:value("", translate("No Change"))
+icmp:value("wan", translate("WAN"))
+uci:foreach("network", "interface", function(s)
+	local name=s['.name']
+	if is_supported_interface(s) then icmp:value(name, string.upper(name)) end
+end)
+icmp.rmempty = true
+
+append_local = config:taboption("advanced", Value, "append_src_rules", translate("Append local IP Tables rules"), translate("Special instructions to append iptables rules for local IPs/netmasks/devices."))
+append_local.rmempty = true
+
+append_remote = config:taboption("advanced", Value, "append_dest_rules", translate("Append remote IP Tables rules"), translate("Special instructions to append iptables rules for remote IPs/netmasks."))
+append_remote.rmempty = true
+
+wantid = config:taboption("advanced", Value, "wan_tid", translate("WAN Table ID"), translate("Starting (WAN) Table ID number for tables created by the service."))
+wantid.rmempty = true
+wantid.placeholder = "201"
+wantid.datatype    = 'and(uinteger, min(201))'
+
+wanmark = config:taboption("advanced", Value, "wan_mark", translate("WAN Table FW Mark"), translate("Starting (WAN) FW Mark for marks used by the service. High starting mark is used to avoid conflict with SQM/QoS. Change with caution together with") .. " " .. translate("Service FW Mask") .. ".")
+wanmark.rmempty = true
+wanmark.placeholder = "0x010000"
+wanmark.datatype    = "hex(8)"
+
+fwmask = config:taboption("advanced", Value, "fw_mask", translate("Service FW Mask"), translate("FW Mask used by the service. High mask is used to avoid conflict with SQM/QoS. Change with caution together with") .. " " .. translate("WAN Table FW Mark") .. ".")
+fwmask.rmempty = true
+fwmask.placeholder = "0xff0000"
+fwmask.datatype    = "hex(8)"
+
+config:tab("webui", translate("Web UI Configuration"))
+
+webui_enable_column = config:taboption("webui", ListValue, "webui_enable_column", translate("Show Enable Column"), translate("Shows the enable checkbox column for policies, allowing you to quickly enable/disable specific policy without deleting it."))
+webui_enable_column:value("0", translate("Disabled"))
+webui_enable_column:value("1", translate("Enabled"))
+
+webui_protocol_column = config:taboption("webui", ListValue, "webui_protocol_column", translate("Show Protocol Column"), translate("Shows the protocol column for policies, allowing you to assign a specific protocol to a policy."))
+webui_protocol_column:value("0", translate("Disabled"))
+webui_protocol_column:value("1", translate("Enabled"))
+
+webui_supported_protocol = config:taboption("webui", DynamicList, "webui_supported_protocol", translate("Supported Protocols"), translate("Display these protocols in protocol column in Web UI."))
+webui_supported_protocol.optional = false
+
+webui_chain_column = config:taboption("webui", ListValue, "webui_chain_column", translate("Show Chain Column"), translate("Shows the chain column for policies, allowing you to assign a PREROUTING, FORWARD, INPUT or OUTPUT chain to a policy."))
+webui_chain_column:value("0", translate("Disabled"))
+webui_chain_column:value("1", translate("Enabled"))
+
+webui_sorting = config:taboption("webui", ListValue, "webui_sorting", translate("Show Up/Down Buttons"), translate("Shows the Up/Down buttons for policies, allowing you to move a policy up or down in the list."))
+webui_sorting:value("0", translate("Disabled"))
+webui_sorting:value("1", translate("Enabled"))
+webui_sorting.default = "1"
+
+
+-- Policies
+p = m:section(TypedSection, "policy", translate("Policies"), translate("Comment, interface and at least one other field are required. Multiple local and remote addresses/devices/domains and ports can be space separated. Placeholders below represent just the format/syntax and will not be used if fields are left blank."))
+p.template = "cbi/tblsection"
+enc = tonumber(uci:get("vpn-policy-routing", "config", "webui_sorting"))
+if not enc or enc ~= 0 then
+	p.sortable  = true
+end
+p.anonymous = true
+p.addremove = true
+
+enc = tonumber(uci:get("vpn-policy-routing", "config", "webui_enable_column"))
+if enc and enc ~= 0 then
+	le = p:option(Flag, "enabled", translate("Enabled"))
+	le.default = "1"
+end
+
+local comment = uci:get_first("vpn-policy-routing", "policy", "comment")
+if comment then
+	p:option(Value, "comment", translate("Comment"))
+else
+	p:option(Value, "name", translate("Name"))
+end
+
+la = p:option(Value, "src_addr", translate("Local addresses / devices"))
+if laPlaceholder then
+	la.placeholder = laPlaceholder
+end
+la.rmempty = true
+la.datatype    = 'list(neg(or(host,network,macaddr)))'
+
+lp = p:option(Value, "src_port", translate("Local ports"))
+lp.datatype    = 'list(neg(or(portrange, string)))'
+lp.placeholder = "0-65535"
+lp.rmempty = true
+
+ra = p:option(Value, "dest_addr", translate("Remote addresses / domains"))
+ra.datatype    = 'list(neg(host))'
+ra.placeholder = "0.0.0.0/0"
+ra.rmempty = true
+
+rp = p:option(Value, "dest_port", translate("Remote ports"))
+rp.datatype    = 'list(neg(or(portrange, string)))'
+rp.placeholder = "0-65535"
+rp.rmempty = true
+
+enc = tonumber(uci:get("vpn-policy-routing", "config", "webui_protocol_column"))
+if enc and enc ~= 0 then
+	proto = p:option(ListValue, "proto", translate("Protocol"))
+	proto:value("", "AUTO")
+	proto.default = ""
+	proto.rmempty = true
+	enc = uci:get_list("vpn-policy-routing", "config", "webui_supported_protocol")
+	local count = 0
+	for key, value in pairs(enc) do
+		count = count + 1
+		proto:value(value:lower(), value:gsub(" ", "/"):upper())
+	end
+	if count == 0 then
+		enc = { "tcp", "udp", "tcp udp", "icmp", "all" }
+		for key,value in pairs(enc) do
+			proto:value(value:lower(), value:gsub(" ", "/"):upper())
+		end
+	end
+end
+
+enc = tonumber(uci:get("vpn-policy-routing", "config", "webui_chain_column"))
+if enc and enc ~= 0 then
+	chain = p:option(ListValue, "chain", translate("Chain"))
+	chain:value("", "PREROUTING")
+	chain:value("FORWARD", "FORWARD")
+	chain:value("INPUT", "INPUT")
+	chain:value("OUTPUT", "OUTPUT")
+	chain.default = ""
+	chain.rmempty = true
+end
+
+gw = p:option(ListValue, "interface", translate("Interface"))
+gw.datatype = "network"
+gw.rmempty = false
+uci:foreach("network", "interface", function(s)
+	local name=s['.name']
+	if is_wan(name) then
+		gw:value(name, string.upper(name))
+		if not gw.default then gw.default = name end
+	elseif is_supported_interface(s) then 
+		gw:value(name, string.upper(name)) 
+	end
+end)
+
+dscp = m:section(NamedSection, "config", "vpn-policy-routing", translate("DSCP Tagging"), translate("Set DSCP tags (in range between 1 and 63) for specific interfaces. See the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#dscp-tag-based-policies" target="_blank">]]
+	.. translate("README") .. [[</a>]] .. " " .. translate("for details."))
+uci:foreach("network", "interface", function(s)
+	local name=s['.name']
+	if is_supported_interface(s) then 
+		local x = dscp:option(Value, name .. "_dscp", string.upper(name) .. " " .. translate("DSCP Tag"))
+		x.rmempty = true
+		x.datatype = "range(1,63)"
+	end
+end)
+
+-- Includes
+inc = m:section(TypedSection, "include", translate("Custom User File Includes"), translate("Run the following user files after setting up but before restarting DNSMASQ. See the") .. " "
+	.. [[<a href="]] .. readmeURL .. [[#custom-user-files" target="_blank">]]
+	.. translate("README") .. [[</a>]] .. " " .. translate("for details."))
+inc.template = "cbi/tblsection"
+inc.sortable  = true
+inc.anonymous = true
+inc.addremove = true
+
+finc = inc:option(Flag, "enabled", translate("Enabled"))
+finc.optional = false
+finc.default = "1"
+inc:option(Value, "path", translate("Path")).optional = false
+
+return m

applications/luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm

@@ -0,0 +1,55 @@
+<%#
+	Copyright 2019 Stan Grishin <stangri@melmac.net>
+-%>
+
+<%-
+	local packageName = "vpn-policy-routing"
+	local enabledFlag = luci.model.uci.cursor():get(packageName, "config", "enabled")
+	if nixio.fs.access("/var/run/" .. packageName .. ".json") then
+		tmpfs = luci.jsonc.parse(luci.util.trim(luci.sys.exec("cat /var/run/" .. packageName .. ".json")))
+	end
+	local pkgStatus, pkgStatusLabel = "Stopped", translate("Stopped")
+	if luci.sys.call("iptables -t mangle -L | grep -q VPR_PREROUTING") == 0 then
+		pkgStatus, pkgStatusLabel = "Running", translate("Running")
+	end
+	if pkgStatus == "Stopped" then
+		btn_start_style = "cbi-button cbi-button-apply important"
+		btn_action_style = "cbi-button cbi-button-apply important"
+		btn_stop_style = "cbi-button cbi-button-reset -disabled"
+	else
+		btn_start_style = "cbi-button cbi-button-apply -disabled"
+		btn_action_style = "cbi-button cbi-button-apply important"
+		btn_stop_style = "cbi-button cbi-button-reset important"
+	end
+	if enabledFlag ~= "1" then
+		btn_start_style = "cbi-button cbi-button-apply -disabled"
+		btn_action_style = "cbi-button cbi-button-apply -disabled"
+		btn_enable_style = "cbi-button cbi-button-apply important"
+		btn_disable_style = "cbi-button cbi-button-reset -disabled"
+	else
+		btn_enable_style = "cbi-button cbi-button-apply -disabled"
+		btn_disable_style = "cbi-button cbi-button-reset important"
+	end
+-%>
+
+<%+vpn-policy-routing/css%>
+<%+vpn-policy-routing/js%>
+
+<div class="cbi-value"><label class="cbi-value-title">Service Control</label>
+	<div class="cbi-value-field">
+		<input type="button" class="<%=btn_start_style%>" id="btn_start" name="start" value="<%:Start%>" onclick="button_action(this)" />
+		<span id="btn_start_spinner" class="btn_spinner"></span>
+		<input type="button" class="<%=btn_action_style%>" id="btn_action" name="action" value="<%:Reload%>" onclick="button_action(this)" />
+		<span id="btn_action_spinner" class="btn_spinner"></span>
+		<input type="button" class="<%=btn_stop_style%>" id="btn_stop" name="stop" value="<%:Stop%>" onclick="button_action(this)"  />
+		<span id="btn_stop_spinner" class="btn_spinner"></span>
+		&nbsp;
+		&nbsp;
+		&nbsp;
+		&nbsp;
+		<input type="button" class="<%=btn_enable_style%>" id="btn_enable" name="enable" value="<%:Enable%>" onclick="button_action(this)"  />
+		<span id="btn_enable_spinner" class="btn_spinner"></span>
+		<input type="button" class="<%=btn_disable_style%>" id="btn_disable" name="disable" value="<%:Disable%>" onclick="button_action(this)"  />
+		<span id="btn_disable_spinner" class="btn_spinner"></span>
+	</div>
+</div>

applications/luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/css.htm

@@ -0,0 +1,9 @@
+<style type="text/css">
+	.btn_spinner
+	{
+		display: inline-block;
+		width: 0px;
+		height: 16px;
+		margin: 0 0px;
+	}
+</style>

applications/luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/js.htm

@@ -0,0 +1,59 @@
+<script type="text/javascript">
+//<![CDATA[
+ function button_action(action) {
+	var xhr = new XHR(false);
+	var btn_start = document.getElementById("btn_start");
+	var btn_action = document.getElementById("btn_action");
+	var btn_stop = document.getElementById("btn_stop");
+	var btn_enable = document.getElementById("btn_enable");
+	var btn_disable = document.getElementById("btn_disable");
+	var btn_spinner;
+	switch (action.name) {
+		case "start":
+			btn_spinner = document.getElementById("btn_start_spinner");
+			break;
+		case "action":
+			btn_spinner = document.getElementById("btn_action_spinner");
+			break;
+		case "stop":
+			btn_spinner = document.getElementById("btn_stop_spinner");
+			break;
+		case "enable":
+			btn_spinner = document.getElementById("btn_enable_spinner");
+			break;
+		case "disable":
+			btn_spinner = document.getElementById("btn_disable_spinner");
+			break;
+	}
+	btn_start.disabled = true;
+	btn_action.disabled = true;
+	btn_stop.disabled = true;
+	btn_enable.disabled = true;
+	btn_disable.disabled = true;
+	spinner(btn_spinner, 1);
+	xhr.get('<%=luci.dispatcher.build_url("admin", "vpn", "vpn-policy-routing", "action")%>/' + action.name, null,
+		function (x) {
+			if (!x) {
+				return;
+			}
+			btn_start.disabled = false;
+			btn_action.disabled = false;
+			btn_stop.disabled = false;
+			btn_enable.disabled = false;
+			btn_disable.disabled = false;
+			spinner(btn_spinner, 0);
+			location.reload();
+		 });
+}
+function spinner(element, state) {
+	if (state === 1) {
+		element.style.width = "16px";
+		element.innerHTML = '<img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" width="16" height="16" style="vertical-align:middle" />';
+	}
+	else {
+		element.style.width = "0px";
+		element.innerHTML = '';
+	}
+}
+//]]>
+</script>

applications/luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/status-textarea.htm

@@ -0,0 +1,13 @@
+<%#
+Copyright 2017-2019 Stan Grishin (stangri@melmac.net)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%+cbi/valueheader%>
+
+<textarea rows="<%=select(2, self:cfgvalue(section):gsub('\n', '\n'))%>"
+	style="outline:none;border:none;box-shadow:none;background:transparent;font-weight:bold;line-height:20px;width:50em;padding:none;margin:6px;resize:none;overflow:hidden;"
+	disabled="disabled"><%=self:cfgvalue(section):gsub('\n', '\n')%>
+</textarea>
+
+<%+cbi/valuefooter%>

applications/luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/status.htm

@@ -0,0 +1,10 @@
+<%#
+Copyright 2017-2018 Dirk Brenken (dev@brenken.org)
+This is free software, licensed under the Apache License, Version 2.0
+-%>
+
+<%+cbi/valueheader%>
+
+<input name="status" id="status" type="text" class="cbi-input-text" style="outline:none;border:none;box-shadow:none;background:transparent;font-weight:bold;line-height:30px;height:30px;width:50em;" value="<%=self:cfgvalue(section)%>" disabled="disabled" />
+
+<%+cbi/valuefooter%>

applications/luci-app-vpn-policy-routing/po/templates/vpn-policy-routing.pot

@@ -0,0 +1,450 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:51
+msgid "(strict mode)"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:207
+msgid ""
+"Add an ip rule, not an iptables entry for policies with just the local "
+"address. Use with caution to manipulte policies priorities."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:187
+msgid "Advanced Configuration"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:192
+msgid ""
+"Allows to specify the list of interface names (in lower case) to be "
+"explicitly supported by the service. Can be useful if your OpenVPN tunnels "
+"have dev option other than tun* or tap*."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:195
+msgid ""
+"Allows to specify the list of interface names (in lower case) to be ignored "
+"by the service. Can be useful if running both VPN server and VPN client on "
+"the router."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:203
+msgid "Append"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:220
+msgid "Append local IP Tables rules"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:223
+msgid "Append remote IP Tables rules"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:150
+msgid "Basic Configuration"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:198
+msgid "Boot Time-out"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:331
+msgid "Chain"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:282
+msgid "Comment"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:265
+msgid ""
+"Comment, interface and at least one other field are required. Multiple local "
+"and remote addresses/devices/domains and ports can be space separated. "
+"Placeholders below represent just the format/syntax and will not be used if "
+"fields are left blank."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:154
+msgid "Condensed output"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:145
+msgid "Configuration"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:152
+msgid "Controls both system log and console output verbosity."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:366
+msgid "Custom User File Includes"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:359
+msgid "DSCP Tag"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:353
+msgid "DSCP Tagging"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:211
+msgid "Default ICMP Interface"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:52
+msgid "Disable"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:169
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:179
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:183
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:208
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:244
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:248
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:255
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:259
+msgid "Disabled"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:251
+msgid "Display these protocols in protocol column in Web UI."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:161
+msgid "Do not enforce policies when their gateway is down"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:50
+msgid "Enable"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:184
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:209
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:245
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:249
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:256
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:260
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:276
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:374
+msgid "Enabled"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:236
+msgid ""
+"FW Mask used by the service. High mask is used to avoid conflict with SQM/"
+"QoS. Change with caution together with"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:211
+msgid "Force the ICMP protocol interface."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:207
+msgid "IP Rules Support"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:202
+msgid "IPTables rule option"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:182
+msgid "IPv6 Support"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:195
+msgid "Ignored Interfaces"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:204
+msgid "Insert"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:340
+msgid "Interface"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/js.htm:51
+msgid "Loading"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:287
+msgid "Local addresses / devices"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:294
+msgid "Local ports"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:284
+msgid "Name"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:212
+msgid "No Change"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:152
+msgid "Output verbosity"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:377
+msgid "Path"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:166
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:176
+msgid "Please check the"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:188
+msgid "Please make sure to check the"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:265
+msgid "Policies"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:311
+msgid "Protocol"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:160
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:168
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:178
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:189
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:355
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:368
+msgid "README"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:42
+msgid "Reload"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:299
+msgid "Remote addresses / domains"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:304
+msgid "Remote ports"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:366
+msgid ""
+"Run the following user files after setting up but before restarting DNSMASQ. "
+"See the"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:49
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:13
+msgid "Running"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:158
+msgid "See the"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:202
+msgid "Select Append for -A and Insert for -I."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:132
+msgid "Service Errors"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:231
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:236
+msgid "Service FW Mask"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:127
+msgid "Service Gateways"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:122
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:123
+msgid "Service Status"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:137
+msgid "Service Warnings"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:353
+msgid ""
+"Set DSCP tags (in range between 1 and 63) for specific interfaces. See the"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:254
+msgid "Show Chain Column"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:243
+msgid "Show Enable Column"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:247
+msgid "Show Protocol Column"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:258
+msgid "Show Up/Down Buttons"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:258
+msgid ""
+"Shows the Up/Down buttons for policies, allowing you to move a policy up or "
+"down in the list."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:254
+msgid ""
+"Shows the chain column for policies, allowing you to assign a PREROUTING, "
+"FORWARD, INPUT or OUTPUT chain to a policy."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:243
+msgid ""
+"Shows the enable checkbox column for policies, allowing you to quickly "
+"enable/disable specific policy without deleting it."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:247
+msgid ""
+"Shows the protocol column for policies, allowing you to assign a specific "
+"protocol to a policy."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:220
+msgid ""
+"Special instructions to append iptables rules for local IPs/netmasks/devices."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:223
+msgid "Special instructions to append iptables rules for remote IPs/netmasks."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:40
+msgid "Start"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:231
+msgid ""
+"Starting (WAN) FW Mark for marks used by the service. High starting mark is "
+"used to avoid conflict with SQM/QoS. Change with caution together with"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:226
+msgid "Starting (WAN) Table ID number for tables created by the service."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:44
+msgid "Stop"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:47
+#: luci-app-vpn-policy-routing/luasrc/view/vpn-policy-routing/buttons.htm:11
+msgid "Stopped"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:158
+msgid "Strict enforcement"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:162
+msgid "Strictly enforce policies when their gateway is down"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:192
+msgid "Supported Interfaces"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:251
+msgid "Supported Protocols"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:153
+msgid "Suppress/No output"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:175
+msgid "The ipset option for local policies"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:165
+msgid "The ipset option for remote policies"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:198
+msgid ""
+"Time (in seconds) for service to wait for WAN gateway discovery on boot."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:171
+msgid "Use DNSMASQ ipset"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:170
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:180
+msgid "Use ipset command"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/controller/vpn-policy-routing.lua:4
+msgid "VPN"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/controller/vpn-policy-routing.lua:5
+msgid "VPN Policy Routing"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:120
+msgid "VPN and WAN Policy-Based Routing"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:155
+msgid "Verbose output"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:213
+msgid "WAN"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:231
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:236
+msgid "WAN Table FW Mark"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:226
+msgid "WAN Table ID"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:188
+msgid "WARNING:"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:241
+msgid "Web UI Configuration"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:190
+msgid ""
+"before changing anything in this section! Change any of the settings below "
+"with extreme caution!"
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:168
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:178
+msgid "before changing this option."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:160
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:355
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:368
+msgid "for details."
+msgstr ""
+
+#: luci-app-vpn-policy-routing/luasrc/model/cbi/vpn-policy-routing.lua:43
+msgid "is not installed or not found"
+msgstr ""

applications/luci-app-vpn-policy-routing/root/etc/uci-defaults/40_luci-vpn-policy-routing

@@ -0,0 +1,3 @@
+#!/bin/sh
+rm -rf /var/luci-modulecache/; rm -f /var/luci-indexcache;
+exit 0