Merge pull request #4146 from stangri/vpnbypass

vpnbypass: updated service enable/start logic.

net/vpnbypass/Makefile

@@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vpnbypass
 PKG_VERSION:=1.3.0
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0+
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
 

net/vpnbypass/files/README.md

@@ -26,7 +26,26 @@ opkg install ip-full ipset iptables dnsmasq-full
 opkg update
 opkg install vpnbypass luci-app-vpnbypass
 ```
-Default install routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you.
+
+Until the packages are in the official feed/repo for your version, you can install them with:
+- OpenWrt
+```sh
+opkg update; opkg install wget libopenssl
+wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
+wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
+opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk
+```
+
+- LEDE Project
+```sh
+opkg update; opkg install uclient-fetch libustream-mbedtls
+wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
+wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
+opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk
+```
+
+### Default Settings
+Default configuration has service disabled (use Web UI to enable/start service or run ```uci set vpnbypass.config.enabled=1```) and routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you.
 
 ## Documentation / Discussion
 Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) for discussions of this service.
@@ -40,7 +59,7 @@ Domain lists should be in following format/syntax: ```/domain1.com/domain2.com/v
 - Table ID, IPSET name and FW_MARK as well as FW_MASK can be defined in config file.
 - Uses iptables, not ip rules for handling local IPs/ranges.
 - More reliable creation/destruction of VPNBYPASS iptables chain.
-- Updated Web UI enables/start and stops/disables service.
+- Updated Web UI enables/start and stops service.
 - Beautified output.
 
 1.2.0

net/vpnbypass/files/vpnbypass.conf

@@ -1,4 +1,5 @@
 config vpnbypass 'config'
-	list localport '32400'
-	list localsubnet '192.168.1.81/29'
-	list remotesubnet '25.0.0.0/8'
+	option enabled		'0'
+	list localport		'32400'
+	list localsubnet	'192.168.1.81/29'
+	list remotesubnet	'25.0.0.0/8'

net/vpnbypass/files/vpnbypass.init

@@ -13,14 +13,25 @@ output() { local msg=$(echo -n "${1/$p_name /service }" | sed 's|\\033\[[0-9]\?;
 PKG_NAME="${PKG_NAME:-vpnbypass}"; p_name="${PKG_NAME} ${PKG_VERSION}"
 
 is_enabled() {
+	local c=1 enabled
 	config_load $PKG_NAME
+	config_get_bool enabled 'config' 'enabled' 1
 	config_get verbosity    'config' 'verbosity' '2'
 	config_get TID          'config' 'table_number' '200'
 	config_get IPSET        'config' 'ipset'  'vpnbypass'
 	config_get FW_MARK      'config' 'fw_mark' '0x010000'
 	config_get FW_MASK      'config' 'fw_mask' '0xff0000'
 	source /lib/functions/network.sh
-	return 0
+	[ "$enabled" -gt 0 ] || { output "$__error__: $p_name is not enabled.\n"; return 1; }
+	source 	/lib/functions/network.sh
+	while : ; do
+		network_find_wan wan_if4
+		[ -n "$wan_if4" ] && network_get_gateway wan_gw $wan_if4
+		[ "$c" -ge 25 -o -n "$wan_gw" ] && break
+		output "$p_name waiting for wan gateway...\n"
+		sleep 2; network_flush_cache; let "c+=1";
+	done
+	[ -n "$wan_gw" ] && return 0 || { output "$__error__: $p_name failed to discover WAN gateway.\n"; return 1; }
 }
 
 ipt() {
@@ -36,11 +47,8 @@ ipt() {
 		iptables $* >/dev/null 2>&1
 }
 
-#boot() { ubus -t 30 wait_for network.interface.wan && { rc_procd start_service; rc_procd service_triggers; } || output "ERROR: $p_name failed to settle network interface!\n"; }
-
 start_service() {
-	local ll c=1
-  config_load vpnbypass
+	local ll
   is_enabled || return 1
   config_get lports   'config' 'localport'
   config_get rports   'config' 'remoteport'
@@ -53,13 +61,6 @@ start_service() {
 	procd_set_param stderr 1
 	procd_close_instance
 
-	while : ; do
-		network_find_wan wan_if4; [ -n "wan_if4" ] && network_get_gateway wan_gw $wan_if4;
-		[ $c -ge 25 -o -n "$wan_gw" ] && break
-		output "$p_name waiting for wan gateway...\n"; sleep 2; network_flush_cache; let "c+=1";
-	done
-	[ -z "$wan_gw" ] && output "$__error__: $p_name could not discover wan gateway IP!\n" && exit 1
-
 	ipt -t mangle -N VPNBYPASS; ipt -t mangle -A PREROUTING -m mark --mark 0x00/${FW_MASK} -g VPNBYPASS;
 	ipt -t mangle -A VPNBYPASS -m set --match-set $IPSET dst -j MARK --set-mark ${FW_MARK}/${FW_MASK}
 	ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET";
@@ -76,7 +77,6 @@ start_service() {
 }
 
 stop_service() {
-	local ll
   is_enabled || return 1
 
 	ip rule del fwmark "$FW_MARK" table "$TID" >/dev/null 2>&1; ipset -q flush "$IPSET"; ipset -q destroy "$IPSET";