Created
May 12, 2018 06:00
-
-
Save pagxir/5e6ca100ef2c54153c6a01249f341650 to your computer and use it in GitHub Desktop.
toyvpn setup script for lede
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PATH=/usr/sbin:$PATH | |
| tun_dev=tun0 | |
| ip address add 10.24.0.1/24 dev ${tun_dev} | |
| ip link set dev ${tun_dev} up | |
| ip -6 addr add 2001:c0a8:2b01:3576::1/64 dev ${tun_dev} | |
| ip -6 route add default dev ${tun_dev} metric 256 proto static | |
| ip route flush table 30 | |
| ip route show|grep -v -e wlan1 -e tun|sed 's/dev/table 30 dev/g' |tr '\n' '\0'|xargs -n 1 -0 -r echo ip route add|sh | |
| ip route add default dev ${tun_dev} table 30 | |
| ip rule del fwmark 0x2010 pref 2010 goto main | |
| ip rule add fwmark 0x2010 pref 2010 goto main | |
| ip rule del fwmark 0x2010 pref 2010 lookup main | |
| ip rule add fwmark 0x2010 pref 2010 lookup main | |
| ip rule del oif wlan1 pref 2010 lookup main | |
| ip rule add oif wlan1 pref 2010 lookup main | |
| ip rule del iif ${tun_dev} pref 2010 lookup main | |
| ip rule add iif ${tun_dev} pref 2010 lookup main | |
| ip rule del to 192.168.0.0/16 pref 2010 lookup main | |
| ip rule add to 192.168.0.0/16 pref 2010 lookup main | |
| ip rule del lookup 30 pref 2030 | |
| ip rule add lookup 30 pref 2030 | |
| iptables -t raw -N delegate_notrack && iptables -t raw -A PREROUTING -j delegate_notrack | |
| iptables -t raw -F delegate_notrack | |
| iptables -t raw -A delegate_notrack -p udp --dport 138 -j RETURN | |
| iptables -t raw -A delegate_notrack -p icmp -j RETURN | |
| iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.1.0/24 -j RETURN | |
| iptables -t raw -A delegate_notrack -i ${tun_dev} -d 192.168.0.0/16 -j CT --notrack | |
| iptables -t raw -A delegate_notrack -i br-lan -d 192.168.1.0/24 -j RETURN | |
| iptables -t raw -A delegate_notrack -i br-lan -j CT --notrack | |
| iptables -t mangle -N VPNTAG | |
| iptables -t mangle -F VPNTAG | |
| iptables -t mangle -A VPNTAG -d 8.8.0.0/16 -j RETURN | |
| iptables -t mangle -A VPNTAG -p icmp -j MARK --set-mark 0x2010 | |
| iptables -t mangle -A VPNTAG -p udp --dport 53 -j MARK --set-mark 0x2010 | |
| iptables -t mangle -A VPNTAG -p udp --dport 138 -j MARK --set-mark 0x2010 | |
| iptables -t mangle -A VPNTAG -d 1.1.1.1 -j MARK --set-mark 0x2010 | |
| #iptables -D OUTPUT -t mangle -j VPNTAG | |
| #iptables -A OUTPUT -t mangle -j VPNTAG | |
| iptables -F POSTROUTING -t mangle | |
| iptables -A POSTROUTING -t mangle -m mark --mark 0x2010 -j MARK --set-mark 0 | |
| iptables -D PREROUTING -t mangle -i br-lan -j VPNTAG | |
| iptables -A PREROUTING -t mangle -i br-lan -j VPNTAG |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment