Mirrors/nekoray
1
0
Fork 0
mirror of https://github.com/MatsuriDayo/nekoray.git synced 2025-12-18 04:54:38 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

vpn settings

Browse Source
This commit is contained in:
arm64v8a
2022-08-05 17:07:32 +08:00
parent 77d354874e
commit efdac7fa6f
11 changed files with 320 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
examples/vpn-run-root.sh
View File

@@ -11,6 +11,7 @@ fi
[ -z $TABLE_FWMARK ] && echo "Please set env TABLE_FWMARK" && exit
[ -z $TUN_NAME ] && echo "Please set env TUN_NAME" && exit
[ -z $USER_ID ] && echo "Please set env USER_ID" && exit
[ -z $MTU ] && MTU=1500
command -v pkill >/dev/null 2>&1 || exit
BASEDIR=$(dirname "$0")
@@ -19,16 +20,22 @@ cd $BASEDIR
start() {
# add tun (TODO the ip must be the same as matsuri)
ip tuntap add $TUN_NAME mode tun user $USER_ID || return
ip addr add 172.19.0.1/30 dev $TUN_NAME || return
ip link set dev nekoray-tun mtu $MTU || return
ip link set dev $TUN_NAME up || return
# set ipv4 rule
ip addr add 172.19.0.1/30 dev $TUN_NAME || return
ip rule add table $TABLE_FWMARK || return
ip route add table $TABLE_FWMARK default dev $TUN_NAME || return
# set ipv6 unreachable
# set ipv6 rule
ip -6 rule add table $TABLE_FWMARK || return
ip -6 route add table $TABLE_FWMARK unreachable default || return
if [ -z $ENABLE_IPV6 ]; then
ip -6 route add table $TABLE_FWMARK unreachable default || return
else
ip -6 addr add fdfe:dcba:9876::1/126 dev $TUN_NAME || return
ip -6 route add table $TABLE_FWMARK default dev $TUN_NAME || return
fi
# set bypass: fwmark
ip rule add fwmark $TABLE_FWMARK table main || return
@@ -39,6 +46,10 @@ start() {
ip rule add to $local table main
done
# for Tun2Socket
iptables -I INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
ip6tables -I INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
if [ ! -z $USE_NEKORAY ]; then
"./nekoray_core" tool protect --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
else
@@ -55,6 +66,8 @@ stop() {
for local in $BYPASS_IPS; do
ip rule del to $local table main
done
iptables -D INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
ip6tables -D INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
ip rule del table $TABLE_FWMARK
ip rule del fwmark $TABLE_FWMARK
ip route del table $TABLE_FWMARK default