You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
227 lines
7.1 KiB
227 lines
7.1 KiB
#!/usr/bin/env bash
|
|
#
|
|
# Description: Add faster tunnel for mainlanders.
|
|
#
|
|
# Copyright (C) 2023 liveJQ <cloud@livejq.fun>
|
|
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[0;33m'
|
|
SKYBLUE='\033[0;36m'
|
|
PLAIN='\033[0m'
|
|
|
|
DIR='/tmp/chntunnel'
|
|
C_DIR="$(dirname $(readlink -f "$0"))"
|
|
FILEPATH=$0
|
|
FILENAME=${FILEPATH#*/}
|
|
URL=ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest
|
|
APNIC=${URL##*/}
|
|
MATCH_IP='\([[:digit:]]\+\.\)\{3\}[[:digit:]]\+'
|
|
MATCH_MASK='[[:digit:]]\+'
|
|
NOW=`date +'%Y-%m-%d %H:%M'`
|
|
WHITELIST="$DIR/whitelist.txt"
|
|
GFWLIST="$DIR/GFWlist.txt"
|
|
RUNPATH="/usr/local/sbin/chntunnel"
|
|
|
|
msg() {
|
|
echo $1
|
|
}
|
|
|
|
msg_pass() {
|
|
echo -e "${GREEN}$1${PLAIN}"
|
|
}
|
|
|
|
msg_err() {
|
|
echo -e "${RED}$1${PLAIN}"
|
|
}
|
|
|
|
help() {
|
|
cat << EOF
|
|
Usage: chntunnel [OPTION...]
|
|
|
|
options:
|
|
-c, --collect genrate route files from apnic.
|
|
-g, --gre-tunnel create a gre tunnel.
|
|
-p, --l2tp-tunnel create a l2tp tunnel.
|
|
-w, --white-list whitelist mode, only manually.[TODO]
|
|
-f, --gfw-list gfwlist mode.
|
|
EOF
|
|
}
|
|
|
|
chkmd5() {
|
|
msg 'Check MD5:'
|
|
md5sum -c $APNIC.md5
|
|
}
|
|
|
|
download() {
|
|
msg "Download $APNIC:"
|
|
curl -O $URL -O $URL.md5
|
|
}
|
|
|
|
cidr() {
|
|
case $1 in 256) echo 24;;
|
|
512) echo 23;;
|
|
1024) echo 22;;
|
|
2048) echo 21;;
|
|
4096) echo 20;;
|
|
8192) echo 19;;
|
|
16384) echo 18;;
|
|
32768) echo 17;;
|
|
65536) echo 16;;
|
|
131072) echo 15;;
|
|
262144) echo 14;;
|
|
524288) echo 13;;
|
|
1048576) echo 12;;
|
|
2097152) echo 11;;
|
|
4194304) echo 10;;
|
|
8388608) echo 9;;
|
|
16777216) echo 8
|
|
esac
|
|
}
|
|
|
|
newGre() {
|
|
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$4
|
|
DEVICE=$4
|
|
BOOTPROTO=none
|
|
ONBOOT=yes
|
|
DEVICETYPE=tunnel
|
|
TYPE=GRE
|
|
PEER_INNER_IPADDR=$2
|
|
PEER_OUTER_IPADDR=$3
|
|
MY_INNER_IPADDR=$1
|
|
EOF
|
|
}
|
|
|
|
newL2tp() {
|
|
# yum install epel-release NetworkManager-l2tp -y
|
|
# nmcli connection add type vpn con-name "l2tp0" ifname "*" vpn-type l2tp vpn.data "gateway=103.116.76.233 username=txecs password=txecs ipsec-enabled=yes ipsec-psk=88889999"
|
|
# nmcli connection up "l2tp0"
|
|
wget https://get.vpnsetup.net -O vpn.sh && sudo sh vpn.sh && rm -f vpn.sh
|
|
}
|
|
|
|
addRoutes() {
|
|
cat << EOF > /etc/rc.local
|
|
#!/bin/bash
|
|
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
|
|
#
|
|
# It is highly advisable to create own systemd services or udev rules
|
|
# to run scripts during boot instead of using this file.
|
|
#
|
|
# In contrast to previous versions due to parallel execution during boot
|
|
# this script will NOT be run after all other services.
|
|
#
|
|
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
|
|
# that this script will be executed during boot.
|
|
touch /var/lock/subsys/local
|
|
|
|
ip route flush table $1
|
|
ip route add default via $2 dev $3 src $4 table $1
|
|
ip rule add from $4 table $1
|
|
EOF
|
|
}
|
|
|
|
collecting() {
|
|
i=0
|
|
while [ $i -le 25 ]
|
|
do
|
|
for j in '\\' '|' '/' '-'
|
|
do
|
|
printf "Collecting %c%c%c%c%c\r" \
|
|
"$j" "$j" "$j" "$j" "$j"
|
|
sleep 0.1
|
|
done
|
|
let i=i+4
|
|
done
|
|
}
|
|
|
|
source /etc/os-release || source /usr/lib/os-release
|
|
[[ $ID = 'centos' ]] || error=1
|
|
[[ $error -eq 1 ]] && msg_err "Sorry! current system is not supported." && exit 1
|
|
[[ -f $RUNPATH ]] && rm -f $RUNPATH
|
|
cp $C_DIR/$FILENAME $RUNPATH && chmod 755 $RUNPATH
|
|
if [ $# != 0 ]; then
|
|
for param in {$1,$2,$3}
|
|
do
|
|
if [[ $param = '-c' || $param = '--collect' ]]; then
|
|
mkdir -p $DIR && cd $_
|
|
if [[ ! -f $APNIC || ! -f $APNIC.md5 || `find $APNIC -mtime +0` ]]; then
|
|
download && chkmd5 || exit
|
|
else
|
|
chkmd5 || { download && chkmd5; } || exit
|
|
fi
|
|
collecting
|
|
grep "apnic|CN|ipv4|" $APNIC | awk -F'|' '{print $4"/"32-log($5)/log(2)}' >$WHITELIST
|
|
grep '|ipv4|' $APNIC | grep -v '|CN|' | grep -v 'summary' | awk -F'|' '{print $4"/"32-log($5)/log(2)}' >$GFWLIST
|
|
msg_pass "Collection complete!"
|
|
# grep '^apnic|CN|ipv4|' $APNIC | grep -o "$MATCH_IP|$MATCH_MASK" | while read line
|
|
# do
|
|
# IPADDR=${line%|*}
|
|
# CIDR=`cidr ${line#*|}`
|
|
# echo $IPADDR/$CIDR >> $WHITELIST || exit
|
|
# done
|
|
# grep '|ipv4|' $APNIC | grep -v '|CN|' | grep -o "$MATCH_IP|$MATCH_MASK" | while read line
|
|
# do
|
|
# IPADDR=${line%|*}
|
|
# CIDR=`cidr ${line#*|}`
|
|
# echo $IPADDR/$CIDR >> $GFWLIST || exit
|
|
# done
|
|
elif [[ $param = '-g' || $param = '--gre-tunnel' ]]; then
|
|
lsmod | grep ip_gre >/dev/null && result=$? && [[ $result != '0' ]] && modprobe ip_gre
|
|
lsmod | grep ip_gre >/dev/null && result=$? && [[ $result != '0' ]] && msg_err "The current system does not support GRE tunnel." && exit 1
|
|
msg "Prepare to establish a gre tunnel"
|
|
read -rp "TUNNEL_NAME (default: tun0)" TUNNEL_NAME
|
|
[[ -f "/etc/sysconfig/network-scripts/ifcfg-${TUNNEL_NAME:-tun0}" ]] && msg_err "This tunnel already exists, please do not create it again." && exit 1
|
|
read -rp "MY_INNER_IPADDR: " MY_INNER_IPADDR
|
|
read -rp "PEER_INNER_IPADDR: " PEER_INNER_IPADDR
|
|
read -rp "PEER_OUTER_IPADDR: " PEER_OUTER_IPADDR
|
|
newGre $MY_INNER_IPADDR $PEER_INNER_IPADDR $PEER_OUTER_IPADDR ${TUNNEL_NAME:-tun0}
|
|
ifup ${TUNNEL_NAME:-tun0}
|
|
ping -c 3 $PEER_INNER_IPADDR >/dev/null && result=$? && [[ $result -eq 0 ]] && msg_pass "Tunnel created successfully!" && exit 0
|
|
msg_err "Connection failed, please contact the administrator." && exit 1
|
|
elif [[ $param = '-p' || $param = '--l2tp-tunnel' ]]; then
|
|
peer=$(ip addr | grep ppp0 | grep inet | awk -F ' ' {'print $2'})
|
|
[[ -n $peer ]] && msg_err "This tunnel already exists, please do not create it again." && exit 1
|
|
newL2tp
|
|
MY_INNER_IPADDR=${peer%%/*}
|
|
ping -c 3 $MY_INNER_IPADDR >/dev/null && result=$? && [[ $result -eq 0 ]] && msg_pass "Tunnel created successfully!" && exit 0
|
|
elif [[ $param = '-f' || $param = '--gfw-list' ]]; then
|
|
peer=$(ip addr | grep peer | grep inet | awk -F ' ' {'print $4'})
|
|
PEER_INNER_IPADDR=${peer%%/*}
|
|
:>/etc/sysconfig/static-routes
|
|
[[ ! -f $GFWLIST ]] && msg_err "Please run 'chntunnel -c' command first." && exit 1
|
|
msg "Generating, wait a while..."
|
|
cat $GFWLIST | while read line
|
|
do
|
|
ip route add $line via $PEER_INNER_IPADDR
|
|
echo "any net $line gw $PEER_INNER_IPADDR" >>/etc/sysconfig/static-routes || exit
|
|
done
|
|
msg_pass "GFWlist is active, enjoy~"
|
|
elif [[ $param = '-w' || $param = '--white-list' ]]; then
|
|
#msg_err "TODO: not yet implemented, only manually." && exit 1
|
|
local_gw=$(ip route | grep default | awk -F ' ' {'print $3'})
|
|
#local_dev=$(ip route | grep src | awk -F ' ' {'print $3'})
|
|
#local_addr=$(ip route | grep src | awk -F ' ' {'print $9'})
|
|
local_table='cn'
|
|
peer=$(ip addr | grep peer | grep inet | awk -F ' ' {'print $4'})
|
|
PEER_INNER_IPADDR=${peer%%/*}
|
|
:>/etc/sysconfig/static-routes
|
|
grep $local_table /etc/iproute2/rt_tables >/dev/null && result=$?
|
|
[[ $result != '0' ]] && echo "200 $local_table" >>/etc/iproute2/rt_tables
|
|
#grep $local_table /etc/rc.local && result=$?
|
|
#[[ $result != '0' ]] && addRoutes $local_table $local_gw $local_dev $local_addr && chmod +x /etc/rc.local && /etc/rc.local
|
|
msg "Generating, wait a while..."
|
|
cat $WHITELIST | while read line
|
|
do
|
|
#ip route add $line via $local_gw
|
|
echo "any net $line gw $local_gw" >>/etc/sysconfig/static-routes || exit
|
|
done
|
|
#ip route del default via $local_gw
|
|
#ip route add default via $PEER_INNER_IPADDR
|
|
msg_pass "Whitelist is active, enjoy~"
|
|
else
|
|
help
|
|
fi
|
|
done
|
|
else
|
|
help
|
|
fi
|
|
|