Mirrors/nekoray
1
0
Fork 0
mirror of https://github.com/MatsuriDayo/nekoray.git synced 2025-12-17 12:34:37 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c991be78a76f65aaec47c1ff907e4837dc66f27e
nekoray/examples/vpn-run-root.sh
arm64v8a 4ed46c10fe fix
2022-08-11 12:37:20 +08:00

85 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
set -x
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
[ -z $PORT ] && echo "Please set env PORT" && exit
[ -z $TABLE_FWMARK ] && echo "Please set env TABLE_FWMARK" && exit
[ -z $TUN_NAME ] && echo "Please set env TUN_NAME" && exit
[ -z $USER_ID ] && echo "Please set env USER_ID" && exit
[ -z $MTU ] && MTU=1500
command -v pkill >/dev/null 2>&1 || exit
BASEDIR=$(dirname "$0")
cd $BASEDIR
start() {
# add tun
ip tuntap add $TUN_NAME mode tun user $USER_ID || return
ip link set dev nekoray-tun mtu $MTU || return
ip link set dev $TUN_NAME up || return
# set ipv4 rule
ip addr add 172.19.0.1/30 dev $TUN_NAME || return
ip rule add table $TABLE_FWMARK || return
ip route add table $TABLE_FWMARK default dev $TUN_NAME || return
# set ipv6 rule
ip -6 rule add table $TABLE_FWMARK || return
if [ -z $ENABLE_IPV6 ]; then
ip -6 route add table $TABLE_FWMARK unreachable default || return
else
ip -6 addr add fdfe:dcba:9876::1/126 dev $TUN_NAME || return
ip -6 route add table $TABLE_FWMARK default dev $TUN_NAME || return
fi
# set bypass: fwmark
ip rule add fwmark $TABLE_FWMARK table main || return
ip -6 rule add fwmark $TABLE_FWMARK table main || return
# set bypass: LAN
for local in $BYPASS_IPS; do
ip rule add to $local table main
done
# for Tun2Socket
iptables -I INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
ip6tables -I INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
if [ ! -z $USE_NEKORAY ]; then
"./nekoray_core" tool protect --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
else
if [ -z "$PROTECT_LISTEN_PATH" ]; then
"./tun2socks" -device $TUN_NAME -proxy socks5://127.0.0.1:$PORT -interface lo
else
"./tun2socks" -device $TUN_NAME -proxy socks5://127.0.0.1:$PORT -interface lo --protect-listen-path "$PROTECT_LISTEN_PATH" --protect-fwmark $TABLE_FWMARK
rm "$PROTECT_LISTEN_PATH"
fi
fi
}
stop() {
for local in $BYPASS_IPS; do
ip rule del to $local table main
done
iptables -D INPUT -s 172.19.0.2 -d 172.19.0.1 -p tcp -j ACCEPT
ip6tables -D INPUT -s fdfe:dcba:9876::2 -d fdfe:dcba:9876::1 -p tcp -j ACCEPT
ip rule del table $TABLE_FWMARK
ip rule del fwmark $TABLE_FWMARK
ip route del table $TABLE_FWMARK default
ip -6 rule del table $TABLE_FWMARK
ip -6 rule del fwmark $TABLE_FWMARK
ip -6 route del table $TABLE_FWMARK default
ip link del $TUN_NAME
}
if [ "$1" != "stop" ]; then
start || true
fi
stop || true
Reference in New Issue View Git Blame Copy Permalink